< Back
Unprotect-Data
Post
NAME Unprotect-Data
SYNOPSIS
Decrypts an object that was produced by the Protect-Data command.
SYNTAX
Unprotect-Data [-InputObject] <Object> [-Certificate <Object>] [-SkipCertificateVerification] [<CommonParameters>]
Unprotect-Data [-InputObject] <Object> -Password <SecureString> [-SkipCertificateVerification] [<CommonParameters>]
DESCRIPTION
Decrypts an object that was produced by the Protect-Data command. If a Certificate is used to perform the
decryption, it must be installed in either the local computer or current user's certificate stores (with its
private key), and the current user must have permission to use that key.
PARAMETERS
-InputObject <Object>
The ProtectedData object that is to be decrypted.
Required? true
Position? 1
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? false
-Certificate <Object>
An RSA or ECDH certificate that will be used to decrypt the data. You must have the certificate's private
key, and it must be one of the certificates that was used to encrypt the data. You can pass an
X509Certificate2 object to this parameter, or you can pass in a string which contains either a path to a
certificate file on the file system, a path to the certificate in the Certificate provider, or a certificate
thumbprint (in which case the certificate provider will be searched to find the certificate.)
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Password <SecureString>
A SecureString containing a password that will be used to derive an encryption key. One of the InputObject's
KeyData objects must be protected with this password.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-SkipCertificateVerification [<SwitchParameter>]
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
PSObject
The input object should be a copy of an object that was produced by Protect-Data.
OUTPUTS
Object
Object may be any type returned by Get-ProtectedDataSupportedTypes. Specifically, it will be an object of the type
specified in the InputObject's Type property.
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>$decryptedObject = $encryptedObject | Unprotect-Data -Password (Read-Host -AsSecureString -Prompt 'Enter
password to decrypt the data')
Decrypts the contents of $encryptedObject and outputs an object of the same type as what was originally passed to
Protect-Data. Uses a password to decrypt the object instead of a certificate.
RELATED LINKS
Protect-Data
Add-ProtectedDataCredential
Remove-ProtectedDataCredential
Get-ProtectedDataSupportedTypes
SYNOPSIS
Decrypts an object that was produced by the Protect-Data command.
SYNTAX
Unprotect-Data [-InputObject] <Object> [-Certificate <Object>] [-SkipCertificateVerification] [<CommonParameters>]
Unprotect-Data [-InputObject] <Object> -Password <SecureString> [-SkipCertificateVerification] [<CommonParameters>]
DESCRIPTION
Decrypts an object that was produced by the Protect-Data command. If a Certificate is used to perform the
decryption, it must be installed in either the local computer or current user's certificate stores (with its
private key), and the current user must have permission to use that key.
PARAMETERS
-InputObject <Object>
The ProtectedData object that is to be decrypted.
Required? true
Position? 1
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? false
-Certificate <Object>
An RSA or ECDH certificate that will be used to decrypt the data. You must have the certificate's private
key, and it must be one of the certificates that was used to encrypt the data. You can pass an
X509Certificate2 object to this parameter, or you can pass in a string which contains either a path to a
certificate file on the file system, a path to the certificate in the Certificate provider, or a certificate
thumbprint (in which case the certificate provider will be searched to find the certificate.)
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Password <SecureString>
A SecureString containing a password that will be used to derive an encryption key. One of the InputObject's
KeyData objects must be protected with this password.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-SkipCertificateVerification [<SwitchParameter>]
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
PSObject
The input object should be a copy of an object that was produced by Protect-Data.
OUTPUTS
Object
Object may be any type returned by Get-ProtectedDataSupportedTypes. Specifically, it will be an object of the type
specified in the InputObject's Type property.
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>$decryptedObject = $encryptedObject | Unprotect-Data -Password (Read-Host -AsSecureString -Prompt 'Enter
password to decrypt the data')
Decrypts the contents of $encryptedObject and outputs an object of the same type as what was originally passed to
Protect-Data. Uses a password to decrypt the object instead of a certificate.
RELATED LINKS
Protect-Data
Add-ProtectedDataCredential
Remove-ProtectedDataCredential
Get-ProtectedDataSupportedTypes