PowerShell V5 New Feature: Protect/Unprotect-CmsMessage

This interesting article gives some background details on some of the problems I ran into after upgrading my DSC dev machine to WMF 5.0 10586. This is because in WMF5.0 the DSC credential encryption mechanism was converted to use Protect/Unprotect-CMSMessage. It clears up a lot of things for me and is a worthwhile read if you’re using DSC credential encryption on WMF5.0.

Keith Hill's Blog

Windows PowerShell V5, due out sometime in 2015, sports a number of new features: OneGet, PowerShell Get, enhanced DSC, ConvertFrom-String, support for authoring classes in PowerShell script, Compress/Expand-Archive, support for creating symbolic links, hard links and junctions, etc.

One of the more obscure but useful features is the support for cryptographically protecting messages as documented in the IETF standard RFC5652. This involves the creation of a certificate which I will show you how to do. You can then protect and unprotect messages using that certificate. However, where it gets interesting is when you export a public certificate from the original certificate. You can give the public certificate to anybody and they can use that to encrypt (protect) a message. That message cannot not unencrypted (unprotected) by anyone except the individual that holds the original certificate. The original certificate contains both the public and private key. It is the private…

View original post 855 more words

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s