JAMS V6.5.41 and later ship with PowerShell Key Ring cmdlets that allow users to create, remove, import, export, and query private and public keys, as well as encrypt and decrypt files.
The key ring cmdlets require a gnupg folder with key ring files. If GnuPG was never installed, the folder and files may be created manually. The folder and key ring files may be created in any location, but must be properly referenced within the PowerShell scripts.
To manually create the folders and files, users may navigate to C:\Users\UserProfile\AppData\Roaming
and create a folder named gnupg. Inside of the new gnupg folder, create two files named pubring.gpg
and secring.gpg
. Users can create these files as .txt
files, then change their extensions to .gpg
.
PGP, Pretty Good Privacy, is a "public key cryptosystem." (Also known as PKC.) In PGP, each person has two "keys": a "public key" that you give to other people, and a "private key" that only you know. You use public keys to encrypt messages and files for others or to add users to PGP Virtual Disk volumes. Use the private key to decrypt files and messages that are encrypted with the public key.
Once the key ring folder and files are created, keys may be added to the key ring and then edited using the examples below.
Create a Key using the JAMS New-JKey Cmdlet
Import-Module JAMS
# Get JAMS Credentials to Pass as Secure String
[System.Management.Automation.PSCredential]$creds = Get-JAMSCredential “JAMS” -Server localhost
# Create a Encryption Key
# Note: This if neither Public Key or Private Key location is supplied, then we will use the default location of C:\Users\%PROFILENAME%\AppData\Roaming\gnupg
New-JKey -RealName "KevinC" -EmailAddress "Kevin.C@mvpsi.com" -Passphrase $creds.Password -KeyType PGP -PublicKeyRing "C:\Users\KevinC\AppData\Roaming\gnupg\pubring.gpg" -SecretKeyRing "C:\Users\KevinC\AppData\Roaming\gnupg\secring.gpg"
Get-JKey can be used to see what Keys are in the Key Ring
# Get Key
Get-JKey
Keys can also be removed from the Key Ring
# Remove a Key
Remove-JKey -Identity "RealName" -Confirm:$false
Keys can be Exported or Imported
# Export Key
Export-JKey -Identity "Realname" -OutputFile "C:\Keys\public.key"
# Import Key
Import-JKey -ImportFile "C:\Keys\public.key" -PublicKeyRing "C:\Users\UserProfile\AppData\Roaming\pubring.gpg"
With keys set up, it is possible to Encrypt and Decrypt files
Import-Module JAMS
# Get JAMS Credentials to Pass as Secure String
[System.Management.Automation.PSCredential]$creds = Get-JAMSCredential “JAMS” -Server localhost
#Specify whether this key is a Secret Key or Public Key with –PublicKeyRing and –SecretKeyRing and provide the path to the Key Ring from Above
# Encrypt a File
Protect-JEncryption -InputFile "C:\Test\TestAbc.txt" -OutputFile "C:\Encrypt\TestAbc.txt.gpg" -Recipient “emailaddressofkey@domain.com” -Verbose
# Decrypt a File
Unprotect-JEncryption -InputFile "C:\Encrypt\TestAbc.txt.gpg" -OutputFile "C:\Decrypt\" -SecretKeyRing "C:\Users\UserProfile\AppData\Roaming\gnupg\secring.gpg" -Passphrase $creds.Password –Verbose
Get Full Help for the JAMS Encrypt\Decrypt Cmdlets
# Get Help
Get-help Get-JKey -Full
For decrypting a file, be sure to specify a filename. it will fail if just a folder is specified (as shown in the example).