< Back
Get-KeyEncryptionCertificate
Post
NAME Get-KeyEncryptionCertificate
SYNOPSIS
Finds certificates which can be used by Protect-Data and related commands.
SYNTAX
Get-KeyEncryptionCertificate [[-Path] <String>] [[-CertificateThumbprint] <String>] [-SkipCertificateVerification]
[-RequirePrivateKey] [<CommonParameters>]
DESCRIPTION
Searches the given path, and all child paths, for certificates which can be used by Protect-Data. Such
certificates must support Key Encipherment (for RSA) or Key Agreement (for ECDH) usage, and by default, must not
be expired and must be issued by a trusted authority.
PARAMETERS
-Path <String>
Path which should be searched for the certifictes. Defaults to the entire Cert: drive.
Required? false
Position? 1
Default value Cert:\\
Accept pipeline input? false
Accept wildcard characters? false
-CertificateThumbprint <String>
Thumbprints which should be included in the search. Wildcards are allowed. Defaults to '*'.
Required? false
Position? 2
Default value *
Accept pipeline input? false
Accept wildcard characters? false
-SkipCertificateVerification [<SwitchParameter>]
Deprecated parameter, which will be removed in a future release. Specifying this switch will generate a
warning.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-RequirePrivateKey [<SwitchParameter>]
If this switch is used, the command will only output certificates which have a usable private key on this
computer.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
None.
OUTPUTS
[System.Security.Cryptography.X509Certificates.X509Certificate2]
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Get-KeyEncryptionCertificate -Path Cert:\\CurrentUser -RequirePrivateKey
Searches for certificates which support key encipherment (RSA) or key agreement (ECDH) and have a private key
installed. All matching certificates are returned.
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>Get-KeyEncryptionCertificate -Path Cert:\\CurrentUser\\TrustedPeople
Searches the current user's Trusted People store for certificates that can be used with Protect-Data. Certificates
do not need to have a private key available to the current user.
RELATED LINKS
Protect-Data
Unprotect-Data
Add-ProtectedDataCredential
Remove-ProtectedDataCredential
SYNOPSIS
Finds certificates which can be used by Protect-Data and related commands.
SYNTAX
Get-KeyEncryptionCertificate [[-Path] <String>] [[-CertificateThumbprint] <String>] [-SkipCertificateVerification]
[-RequirePrivateKey] [<CommonParameters>]
DESCRIPTION
Searches the given path, and all child paths, for certificates which can be used by Protect-Data. Such
certificates must support Key Encipherment (for RSA) or Key Agreement (for ECDH) usage, and by default, must not
be expired and must be issued by a trusted authority.
PARAMETERS
-Path <String>
Path which should be searched for the certifictes. Defaults to the entire Cert: drive.
Required? false
Position? 1
Default value Cert:\\
Accept pipeline input? false
Accept wildcard characters? false
-CertificateThumbprint <String>
Thumbprints which should be included in the search. Wildcards are allowed. Defaults to '*'.
Required? false
Position? 2
Default value *
Accept pipeline input? false
Accept wildcard characters? false
-SkipCertificateVerification [<SwitchParameter>]
Deprecated parameter, which will be removed in a future release. Specifying this switch will generate a
warning.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-RequirePrivateKey [<SwitchParameter>]
If this switch is used, the command will only output certificates which have a usable private key on this
computer.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
None.
OUTPUTS
[System.Security.Cryptography.X509Certificates.X509Certificate2]
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Get-KeyEncryptionCertificate -Path Cert:\\CurrentUser -RequirePrivateKey
Searches for certificates which support key encipherment (RSA) or key agreement (ECDH) and have a private key
installed. All matching certificates are returned.
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>Get-KeyEncryptionCertificate -Path Cert:\\CurrentUser\\TrustedPeople
Searches the current user's Trusted People store for certificates that can be used with Protect-Data. Certificates
do not need to have a private key available to the current user.
RELATED LINKS
Protect-Data
Unprotect-Data
Add-ProtectedDataCredential
Remove-ProtectedDataCredential