Encrypt and Decrypt with JAMS PowerShell Cmdlets


JAMS V6.5.41 and later ship with PowerShell Key Ring cmdlets that allow users to create, remove, import, export, and query private and public keys, as well as encrypt and decrypt files.

The key ring cmdlets require a gnupg folder with key ring files. If GnuPG was never installed, the folder and files may be created manually. The folder and key ring files may be created in any location, but must be properly referenced within the PowerShell scripts.

To manually create the folders and files, users may navigate to C:\Users\UserProfile\AppData\Roaming and create a folder named gnupg. Inside of the new gnupg folder, create two files named pubring.gpg and secring.gpg. Users can create these files as .txt files, then change their extensions to .gpg.

PGP, Pretty Good Privacy, is a "public key cryptosystem." (Also known as PKC.) In PGP, each person has two "keys": a "public key" that you give to other people, and a "private key" that only you know. You use public keys to encrypt messages and files for others or to add users to PGP Virtual Disk volumes. Use the private key to decrypt files and messages that are encrypted with the public key.

Once the key ring folder and files are created, keys may be added to the key ring and then edited using the examples below.

Create a Key using the JAMS New-JKey Cmdlet

Import-Module JAMS

# Get JAMS Credentials to Pass as Secure String

[System.Management.Automation.PSCredential]$creds = Get-JAMSCredential “JAMS” -Server localhost

# Create a Encryption Key

# Note: This if neither Public Key or Private Key location is supplied, then we will use the default location of C:\Users\%PROFILENAME%\AppData\Roaming\gnupg

New-JKey  -RealName "KevinC" -EmailAddress "Kevin.C@mvpsi.com" -Passphrase $creds.Password -KeyType PGP -PublicKeyRing "C:\Users\KevinC\AppData\Roaming\gnupg\pubring.gpg" -SecretKeyRing "C:\Users\KevinC\AppData\Roaming\gnupg\secring.gpg"

Get-JKey can be used to see what Keys are in the Key Ring

# Get Key



Keys can also be removed from the Key Ring

# Remove a Key

Remove-JKey -Identity "RealName" -Confirm:$false

Keys can be Exported or Imported

# Export Key

Export-JKey -Identity "Realname" -OutputFile "C:\Keys\public.key"

# Import Key

Import-JKey -ImportFile "C:\Keys\public.key" -PublicKeyRing "C:\Users\UserProfile\AppData\Roaming\pubring.gpg"


With keys set up, it is possible to Encrypt and Decrypt files

Import-Module JAMS

# Get JAMS Credentials to Pass as Secure String

[System.Management.Automation.PSCredential]$creds = Get-JAMSCredential “JAMS” -Server localhost

#Specify whether this key is a Secret Key or Public Key with –PublicKeyRing and –SecretKeyRing and provide the path to the Key Ring from Above

# Encrypt a File

Protect-JEncryption -InputFile "C:\Test\TestAbc.txt" -OutputFile "C:\Encrypt\TestAbc.txt.gpg" -Recipient “emailaddressofkey@domain.com” -Verbose

# Decrypt a File

Unprotect-JEncryption -InputFile "C:\Encrypt\TestAbc.txt.gpg" -OutputFile "C:\Decrypt\" -SecretKeyRing "C:\Users\UserProfile\AppData\Roaming\gnupg\secring.gpg" -Passphrase $creds.Password –Verbose


Get Full Help for the JAMS Encrypt\Decrypt Cmdlets

# Get Help

Get-help Get-JKey -Full


Have more questions? Submit a request


  • Avatar
    Aaron Warnke

    For decrypting a file, be sure to specify a filename. it will fail if just a folder is specified (as shown in the example).