< Back
Add-ProtectedDataHmac
Post
NAME Add-ProtectedDataHmac
SYNOPSIS
Adds an HMAC authentication code to a ProtectedData object which was created with a previous version of the module.
SYNTAX
Add-ProtectedDataHmac [-InputObject] <Object> -Certificate <Object> [-SkipCertificateVerification] [-PassThru]
[<CommonParameters>]
Add-ProtectedDataHmac [-InputObject] <Object> -Password <SecureString> [-SkipCertificateVerification] [-PassThru]
[<CommonParameters>]
DESCRIPTION
Adds an HMAC authentication code to a ProtectedData object which was created with a previous version of the
module. The parameters and requirements are the same as for the Unprotect-Data command, as the data must be
partially decrypted in order to produce the HMAC code.
PARAMETERS
-InputObject <Object>
The ProtectedData object that is to have an HMAC generated.
Required? true
Position? 1
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? false
-Certificate <Object>
An RSA or ECDH certificate that will be used to decrypt the data. You must have the certificate's private
key, and it must be one of the certificates that was used to encrypt the data. You can pass an
X509Certificate2 object to this parameter, or you can pass in a string which contains either a path to a
certificate file on the file system, a path to the certificate in the Certificate provider, or a certificate
thumbprint (in which case the certificate provider will be searched to find the certificate.)
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Password <SecureString>
A SecureString containing a password that will be used to derive an encryption key. One of the InputObject's
KeyData objects must be protected with this password.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-SkipCertificateVerification [<SwitchParameter>]
Deprecated parameter, which will be removed in a future release. Specifying this switch will generate a
warning.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-PassThru [<SwitchParameter>]
If specified, the command outputs the ProtectedData object after adding the HMAC.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
PSObject
The input object should be a copy of an object that was produced by Protect-Data.
OUTPUTS
None, or ProtectedData object if the -PassThru switch is used.
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>$encryptedObject | Add-ProtectedDataHmac -Password (Read-Host -AsSecureString -Prompt 'Enter password to
decrypt the key data')
Adds an HMAC code to the $encryptedObject object.
RELATED LINKS
Protect-Data
Unprotect-Data
Add-ProtectedDataCredential
Remove-ProtectedDataCredential
Get-ProtectedDataSupportedTypes
SYNOPSIS
Adds an HMAC authentication code to a ProtectedData object which was created with a previous version of the module.
SYNTAX
Add-ProtectedDataHmac [-InputObject] <Object> -Certificate <Object> [-SkipCertificateVerification] [-PassThru]
[<CommonParameters>]
Add-ProtectedDataHmac [-InputObject] <Object> -Password <SecureString> [-SkipCertificateVerification] [-PassThru]
[<CommonParameters>]
DESCRIPTION
Adds an HMAC authentication code to a ProtectedData object which was created with a previous version of the
module. The parameters and requirements are the same as for the Unprotect-Data command, as the data must be
partially decrypted in order to produce the HMAC code.
PARAMETERS
-InputObject <Object>
The ProtectedData object that is to have an HMAC generated.
Required? true
Position? 1
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? false
-Certificate <Object>
An RSA or ECDH certificate that will be used to decrypt the data. You must have the certificate's private
key, and it must be one of the certificates that was used to encrypt the data. You can pass an
X509Certificate2 object to this parameter, or you can pass in a string which contains either a path to a
certificate file on the file system, a path to the certificate in the Certificate provider, or a certificate
thumbprint (in which case the certificate provider will be searched to find the certificate.)
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Password <SecureString>
A SecureString containing a password that will be used to derive an encryption key. One of the InputObject's
KeyData objects must be protected with this password.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-SkipCertificateVerification [<SwitchParameter>]
Deprecated parameter, which will be removed in a future release. Specifying this switch will generate a
warning.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-PassThru [<SwitchParameter>]
If specified, the command outputs the ProtectedData object after adding the HMAC.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
PSObject
The input object should be a copy of an object that was produced by Protect-Data.
OUTPUTS
None, or ProtectedData object if the -PassThru switch is used.
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>$encryptedObject | Add-ProtectedDataHmac -Password (Read-Host -AsSecureString -Prompt 'Enter password to
decrypt the key data')
Adds an HMAC code to the $encryptedObject object.
RELATED LINKS
Protect-Data
Unprotect-Data
Add-ProtectedDataCredential
Remove-ProtectedDataCredential
Get-ProtectedDataSupportedTypes