In this guide, you will learn how to encrypt and decrypt files on a Windows computer with the help of PowerShell and PGP (Pretty Good Privacy).

File encryption is commonplace these days. You can encrypt files in many ways with a lot of different tools. One way to do this is through an open-source encryption system called Pretty Good Privacy. PGP has been around a long time, and we can encrypt just about any form of data by using it. For now, we’re going to focus on encryption files using PGP and PowerShell.

To encrypt and decrypt files on Windows with PGP, we must download the GNU Privacy Guard for Windows utility. This free, open-source utility uses the OpenPGP Standard to bring PGP to Windows. We first need to download and install this.

We could go out to the website and do this manually, but we’re using PowerShell! Let’s stick to the command line. We could also figure out how to build a PowerShell tool around GnuPG for Windows ourselves, but why do that when a community module already exists?

Let’s save some time; downloading a PowerShell module from GitHub will expedite this process dramatically. To do that, I’ll reach out to GitHub and download a module called GnuPG and place it in a module path on my system.

$uri = 'https://raw.githubusercontent.com/adbertram/Random-PowerShell-Work/master/Security/GnuPg.psm1'
$moduleFolderPath = 'C:\Program Files\WindowsPowerShell\Modules\GnuPg'
$null = New-Item -Path $moduleFolderPath -Type Directory
Invoke-WebRequest -Uri $uri -OutFile (Join-Path -Path $moduleFolderPath -ChildPath 'GnuPg.psm1')

Once I download the module, I can see I’ve got a few commands available to me.

Get-Command -Module GnuPg | ft -a
Commands in the GnuPG PowerShell module

Commands in the GnuPG PowerShell module

One of those commands is Install-GnuPG. Let’s run that and see what happens.

PS> Install-GnuPG -DownloadFolderPath 'C:\'

Handles  NPM(K)    PM(K)      WS(K)     CPU(s)     Id  SI ProcessName
-------  ------    -----      -----     ------     --  -- -----------
     30       2      476        940       0.00   4460   2 gpg4win-2.2.5

This command went out to the GnuPG website, downloaded the installer, and then silently installed it. That saved some time!

Next, I need to encrypt a bunch of important files in a folder with a password only a few other people and I know. To do that, I can use the Add-Encryption command that comes with this module by simply using the Add-Encryption command specifying the folder of files I’d like to encrypt as well as the password I’d like use to secure them.

You can see below that I have a folder with a single file in it. I’m using the Add-Encryption command, which calls the GnuPG utility under the covers to encrypt this file using the password I’m specifying. It returns a GPG file that is the contents of the file encrypted. At this point, I could just remove the original file if I desired.

 Add-Encryption -FolderPath C:\ImportantFiles\ -Password 'secret'
Encrypting a file with PowerShell

Encrypting a file with PowerShell

Now that the file is encrypted in the GPG file, it can’t be read unless decrypted. This GnuPG utility processes the file by first decrypting it, then creating a file of the same name with the unencrypted contents.

You can see below that I’m using the Remove-Encryption command and passing the path of the folder and the secret. The GnuPG utility is creating a keyring if it doesn’t exist yet, decrypting the file, and the Remove-Encryption function is returning the path to the folder that I passed in.

PS C:\> Remove-Encryption -FolderPath C:\ImportantFiles\ -Password secret
gpg: keyring `C:/Users/adam/AppData/Roaming/gnupg/secring.gpg' created
gpg: CAST5 encrypted data
gpg: encrypted with 1 passphrase
gpg: WARNING: message was not integrity protected


    Directory: C:\ImportantFiles


Mode                LastWriteTime         Length Name
----                -------------         ------ ----
-a----        2/24/2018   9:36 PM              0 NuclearLaunchCode.txt
-a----        2/24/2018   9:33 PM             60 NuclearLaunchCode.txt.gpg

We can now read that original file like normal!

Subscribe to 4sysops newsletter!

By using the GnuPG utility along with the GnuPG PowerShell module, we can quickly create a handy little tool that can apply encryption to any number of files on the fly. This is an excellent solution for times when you don’t need anything fancy but need a quick way to encrypt files securely with a password.

avataravataravatar