PowerShell Logo Small


This is the built-in help made by Microsoft for the command 'Unprotect-CmsMessage', in PowerShell version 5 - as retrieved from Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.


Decrypts content that has been encrypted by using the Cryptographic Message Syntax format.


Unprotect-CmsMessage [-EventLogRecord] <PSObject> [[-To] <CmsMessageRecipient[]>] [-IncludeContext] [<CommonParameters>]
Unprotect-CmsMessage [-Content] <String> [[-To] <CmsMessageRecipient[]>] [-IncludeContext] [<CommonParameters>]
Unprotect-CmsMessage [-LiteralPath] <String> [[-To] <CmsMessageRecipient[]>] [-IncludeContext] [<CommonParameters>]
Unprotect-CmsMessage [-Path] <String> [[-To] <CmsMessageRecipient[]>] [-IncludeContext] [<CommonParameters>]

Search powershellhelp.space


The Cryptographic Message Syntax cmdlets support encryption and decryption of content using the IETF standard format for cryptographically protecting messages, as documented
by RFC5652.

The CMS encryption standard uses public key cryptography, where the keys used to encrypt content (the public key) and the keys used to decrypt content (the private key) are
separate. Your public key can be shared widely, and is not sensitive data. If any content is encrypted with this public key, only your private key can decrypt it. For more
information about Public Key Cryptography, see http://en.wikipedia.org/wiki/Public-key_cryptography.

Unprotect-CmsMessage decrypts content that has been encrypted in CMS format. You can run this cmdlet to decrypt content that you have encrypted by running the
Protect-CmsMessage cmdlet. You can specify content that you want to decrypt as a string, by the encryption event log record ID number, or by path to the encrypted content.
The Unprotect-CmsMessage cmdlet returns the decrypted content.



Online Version: http://go.microsoft.com/fwlink/?LinkId=394374




Example 1: Decrypt a message

PS C:\>C:\Users\gabyk\Documents\PowerShell_ISEUnprotect-CmsMessage –LiteralPath 'C:\Users\Test\Documents\PowerShell ISE\Future_Plans.txt' –To '‎0f 8j b1 ab e0 ce 35 1d 67 d2
f2 6f a2 d2 00 cl 22 z9 m9 85'
Try the new Break All command

In the following example, you decrypt content that is located at the literal path C:\Users\Test\Documents\PowerShell ISE. For the value of the required To parameter, this
example uses the thumbprint of the certificate that was used to perform the encryption. The decrypted message, "Try the new Break All command," is the result.