How to Encrypt a File with a Password in PowerShell?

Do you want to know how to encrypt a file in PowerShell using password? In this tutorial, we’ll explore different methods to encrypt a file with a password in PowerShell. This way, you can secure your files with password protection using PowerShell.

To encrypt a file with a password in PowerShell, you can utilize the .NET class System.Security.Cryptography.AesCryptoServiceProvider to implement AES encryption. By generating a key and initialization vector (IV), reading the file’s content, and using the CreateEncryptor method, you can transform the file’s data into an encrypted format. This encrypted content can then be saved to a file, ensuring that the sensitive data is securely protected with a password.

Method 1: Using ConvertTo-SecureString and ConvertFrom-SecureString

PowerShell offers a couple of cmdlets, ConvertTo-SecureString and ConvertFrom-SecureString, which can be used to encrypt and decrypt strings. To encrypt a file, you can convert the content of the file into a secure string and then export it.

Here’s an example of how to encrypt a file:

# Define the password
$password = ConvertTo-SecureString 'YourPasswordHere' -AsPlainText -Force

# Read the content of the file
$content = Get-Content 'C:\MyFolder\myfile.txt' -Raw

# Encrypt the content
$encryptedContent = $content | ConvertTo-SecureString -AsPlainText -Force | ConvertFrom-SecureString -SecureKey $password

# Save the encrypted content to a new file
$encryptedContent | Out-File 'C:\MyFolder\encrypted_file.txt'

To decrypt the file, you would reverse the process:

# Read the encrypted file content
$encryptedContent = Get-Content 'C:\MyFolder\encrypted_file.txt' -Raw

# Decrypt the content
$decryptedContent = $encryptedContent | ConvertTo-SecureString -SecureKey $password | ConvertFrom-SecureString

# Display or use the decrypted content
$decryptedContent

Here, it’s important to note that the ConvertTo-SecureString cmdlet is not intended for encrypting and decrypting files—it’s designed for securing strings. Therefore, this approach might not be the most suitable for file encryption, but it can be used for simple scenarios.

Method 2: Using ProtectedData Class

Another approach is to use the .NET class System.Security.Cryptography.ProtectedData, which provides methods to encrypt and decrypt data. This class uses Windows Data Protection API (DPAPI) to perform encryption and decryption in PowerShell.

Here’s a script that demonstrates how to encrypt a file using the ProtectedData class:

Add-Type -AssemblyName System.Security

# Define the password
$securePassword = ConvertTo-SecureString 'YourPasswordHere' -AsPlainText -Force
$entropy = [Text.Encoding]::UTF8.GetBytes('YourEntropyHere') # Optional entropy

# Read the content of the file
$content = [IO.File]::ReadAllBytes('C:\path\to\your\file.txt')

# Encrypt the content
$encryptedContent = [Security.Cryptography.ProtectedData]::Protect($content, $entropy, [Security.Cryptography.DataProtectionScope]::CurrentUser)

# Save the encrypted content to a new file
[IO.File]::WriteAllBytes('C:\path\to\your\encrypted_file.txt', $encryptedContent)

To decrypt the content, you would use the Unprotect method:

# Read the encrypted file content
$encryptedContent = [IO.File]::ReadAllBytes('C:\path\to\your\encrypted_file.txt')

# Decrypt the content
$decryptedContent = [Security.Cryptography.ProtectedData]::Unprotect($encryptedContent, $entropy, [Security.Cryptography.DataProtectionScope]::CurrentUser)

# Save or use the decrypted content
[IO.File]::WriteAllBytes('C:\path\to\your\decrypted_file.txt', $decryptedContent)

This method is more suitable for file encryption and is fairly secure as it relies on the user’s credentials and optional entropy to encrypt the data.

Method 3: Using AES Encryption

For a more robust encryption solution, you can use the Advanced Encryption Standard (AES) algorithm. PowerShell can leverage .NET’s System.Security.Cryptography.AesCryptoServiceProvider class to perform AES encryption.

Here’s a script that illustrates how to encrypt a file using AES:

Add-Type -AssemblyName System.Security

# Generate an AES key and IV
$aesManaged = New-Object System.Security.Cryptography.AesCryptoServiceProvider
$aesManaged.GenerateKey()
$aesManaged.GenerateIV()

# Save the key and IV for later decryption
$key = $aesManaged.Key
$IV = $aesManaged.IV
[System.IO.File]::WriteAllBytes('C:\path\to\your\key.bin', $key)
[System.IO.File]::WriteAllBytes('C:\path\to\your\IV.bin', $IV)

# Read the content of the file
$content = [IO.File]::ReadAllBytes('C:\path\to\your\file.txt')

# Encrypt the content
$encryptor = $aesManaged.CreateEncryptor($key, $IV)
$encryptedContent = $encryptor.TransformFinalBlock($content, 0, $content.Length)

# Save the encrypted content to a new file
[System.IO.File]::WriteAllBytes('C:\path\to\your\encrypted_file.txt', $encryptedContent)

For decryption, you’ll need to use the same key and IV:

# Read the key and IV
$key = [System.IO.File]::ReadAllBytes('C:\path\to\your\key.bin')
$IV = [System.IO.File]::ReadAllBytes('C:\path\to\your\IV.bin')

# Read the encrypted file content
$encryptedContent = [System.IO.File]::ReadAllBytes('C:\path\to\your\encrypted_file.txt')

# Decrypt the content
$aesManaged = New-Object System.Security.Cryptography.AesCryptoServiceProvider
$decryptor = $aesManaged.CreateDecryptor($key, $IV)
$decryptedContent = $decryptor.TransformFinalBlock($encryptedContent, 0, $encryptedContent.Length)

# Save or use the decrypted content
[System.IO.File]::WriteAllBytes('C:\path\to\your\decrypted_file.txt', $decryptedContent)

AES encryption is highly secure and is widely used across various industries. It’s an excellent choice for protecting sensitive data.

Conclusion

Encrypting files using PowerShell is a very common requirement. PowerShell provides various methods to encrypt a file with a password, like by using the ConvertTo-SecureString and ConvertFrom-SecureString cmdlets, the ProtectedData class, or AES encryption, etc.

Implementing these encryption methods can ensure that your sensitive information remains confidential and protected against unauthorized access. In this tutorial, we learnt different methods to encrypt a file with password in PowerShell.

You may also like: