Unprotect-Data Cmdlet
Parameters Output Objects Config Settings
The Unprotect-Data cmdlet supports decrypting data with various symmetric algorithms including AES, 3DES, and more.
Syntax
Unprotect-Data [parameters]
Remarks
The Unprotect-Data cmdlet provides a simple way to decrypt data or files. The following algorithms are supported:
- AES (default)
- Blowfish
- CAST
- DES
- IDEA
- RC2
- RC4
- TEA
- TripleDES
- Twofish
- Rijndael
To begin, specify the input data through either InputMessage or InputFile. If OutputFile is set the decrypted data will be written to the specified file, otherwise it will be returned in the OutputMessage object.
Next, set KeyPassword, and specify the Algorithm if required. Additional parameters that affect the algorithm include CipherMode and PaddingMode.
If the input is hex encoded set UseHex to hex decode the input before decrypting.
Additional options include specifying Key and InitializationVector instead of KeyPassword, decrypting block-by-block via InputBlockB, specifying KeySize, KeyPasswordAlgorithm, and more.
Encrypt Examples
#Encrypt a string with AES and default options
$encryptedData = Protect-Data -InputMessage test -KeyPassword password
#Encrypt a string to file with 3DES
Protect-Data -InputMessage test -KeyPassword password -OutputFile C:\encrypted.dat -Algorithm tripledes
#Encrypt a file to string and hex encode it
Protect-Data -InputFile C:\test.txt -KeyPassword password -UseHex
Decrypt Examples
#Decrypt a string with AES
Unprotect-Data -InputMessageB $encryptedData.DataB -KeyPassword password
#Decrypt a file to string with 3DES
Unprotect-Data -InputFile C:\encrypted.dat -KeyPassword password -Algorithm tripledes
#Decrypt a string to file and hex decode it
Unprotect-Data -InputMessage ADE51B29E36B2C1FCB4C9A1BEB8884AE -KeyPassword password -UseHex -OutputFile C:\test.decrypted.txt
Parameter List
The following is the full list of the parameters of the cmdlet with short descriptions. Click on the links for further details.
LogFile | The location of a file to which debug information is written. |
Algorithm | The encryption algorithm. |
Charset | The character set of the data. |
CipherMode | The cipher mode of operation. |
Config | Specifies one or more configuration settings. |
InitializationVector | The initialization vector (IV). |
InputBlockB | A block of data to decrypt. |
InputFile | The file to process. |
InputMessage | The message to process. |
InputMessageB | The message to process. |
IVB | The initialization vector (IV). |
Key | The secret key for the symmetric algorithm. |
KeyB | The secret key for the symmetric algorithm. |
KeyPassword | A password to generate the Key and InitializationVector . |
LastBlock | Whether the input block is the last block. |
LogFile | The location of a file to which debug information is written. |
OutputFile | Specifies the output file. |
Overwrite | Whether to overwrite the output file. |
PaddingMode | The padding mode. |
UseHex | Whether input or output is hex encoded. |
Output Objects
The following is the full list of the output objects returned by the cmdlet with short descriptions. Click on the links for further details.
OutputBlock | The decrypted block. |
OutputMessage | The output message. |
Config Settings
The following is a list of config settings for the cmdlet with short descriptions. Click on the links for further details.
BlockSize | The block size, in bits, of the cryptographic operation. |
IncludeIV | Whether to prepend the IV to the output data and read the IV from the input data. |
KeyPasswordAlgorithm | The hash algorithm used to derive the Key and IV from the KeyPassword property. |
KeyPasswordSalt | The salt value used in conjunction with the KeyPassword to derive the Key and IV. |
KeySize | The size, in bits, of secret key for the symmetric algorithm. |
BuildInfo | Information about the product's build. |
CodePage | The system code page used for Unicode to Multibyte translations. |
LicenseInfo | Information about the current license. |
MaskSensitive | Whether sensitive data is masked in log messages. |
UseInternalSecurityAPI | Tells the component whether or not to use the system security libraries or an internal implementation. |
LogFile Parameter (Unprotect-Data Cmdlet)
The location of a file to which debug information is written.
Syntax
Unprotect-Data -LogFile string
Remarks
When specified, the cmdlet will log debug information to the file. If the file exists, the information will be appended.Default Value
null
Algorithm Property (Unprotect-Data Cmdlet)
The encryption algorithm.
Syntax
Unprotect-Data -Algorithm string
Remarks
This parameter specifies the encryption algorithm. Possible values are:
- AES (default)
- Blowfish
- CAST
- DES
- IDEA
- RC2
- RC4
- TEA
- TripleDES
- Twofish
- Rijndael
Default Value
0
Charset Property (Unprotect-Data Cmdlet)
The character set of the data.
Syntax
Unprotect-Data -Charset string
Remarks
Allows you to specify the character set of the data. By default, the parameter is an empty string ("") and will use the platform's current character set.
Default Value
""
CipherMode Property (Unprotect-Data Cmdlet)
The cipher mode of operation.
Syntax
Unprotect-Data -CipherMode string
Remarks
The cipher mode of operation. Possible values are:
CBC (default) | The Cipher Block Chaining (CBC) is a mode of operation for a block cipher, one in which a sequence of bits is encrypted as a single unit or block with a cipher key applied to the entire block. |
ECB | The Electronic Codebook (ECB) mode encrypts each block separately. Important: It is not recommend to use this model when encrypting more than one block because it may introduce security risks. |
OFB | The Output Feedback (n-bit, NOFB) mode makes a block cipher into a synchronous stream cipher. It has some similarities to CFB mode in that it permits encryption of differing block sizes, but has the key difference that the output of the encryption block function is the feedback (instead of the ciphertext). |
CFB | The Cipher Feedback (CFB) mode processes a small amount of incremental text into ciphertext, rather than processing a whole block at one time. |
CTS | The Cipher Text Stealing (CTS) mode handles any length of plain text and produces cipher text whose length matches the plain text length. This mode behaves like the CBC mode for all but the last two blocks of the plain text. |
8OFB | 8-bit Output Feedback (OFB) cipher mode. |
Default Value
0
Config Property (Unprotect-Data Cmdlet)
Specifies one or more configuration settings.
Syntax
Unprotect-Data -Config string[]
Remarks
The Config parameter takes one or more name-value pairs that represent the name of the configuration setting and value, i.e.: -config "Name=Value"
Default Value
null
InitializationVector Property (Unprotect-Data Cmdlet)
The initialization vector (IV).
Syntax
Unprotect-Data -InitializationVector string
Remarks
This parameter specifies the initialization vector (IV). By default this parameter is empty and the cmdlet will automatically generate a new IV value if KeyPassword is set. The size of the IV parameter must be equal to the BlockSize divided by 8.
Default Value
""
InputBlockB Property (Unprotect-Data Cmdlet)
A block of data to decrypt.
Syntax
Unprotect-Data -InputBlockB byte[]
Remarks
This setting specifies a block of encrypted data to decrypt. This may be used as an alternative to InputMessage or InputFile and allows decrypting block by block. This parameter accepts a byte array. The decrypted block is provided in the OutputBlock object.
Input and Output Parameters
The cmdlet will determine the source and destination of the input and output based on which parameters are set.
The order in which the input parameters are checked is as follows:
- InputBlockB
- InputFile
- InputMessageB
- InputMessage
Default Value
null
InputFile Property (Unprotect-Data Cmdlet)
The file to process.
Syntax
Unprotect-Data -InputFile string
Remarks
This parameter specifies the file to be processed. Set this parameter to the full or relative path to the file which will be processed.
Input and Output Parameters
The cmdlet will determine the source and destination of the input and output based on which parameters are set.
The order in which the input parameters are checked is as follows:
- InputBlockB
- InputFile
- InputMessageB
- InputMessage
Default Value
""
InputMessage Property (Unprotect-Data Cmdlet)
The message to process.
Syntax
Unprotect-Data -InputMessage string
Remarks
This parameter specifies the message to be processed.
Input and Output Parameters
The cmdlet will determine the source and destination of the input and output based on which parameters are set.
The order in which the input parameters are checked is as follows:
- InputBlockB
- InputFile
- InputMessageB
- InputMessage
Default Value
""
InputMessageB Property (Unprotect-Data Cmdlet)
The message to process.
Syntax
Unprotect-Data -InputMessageB byte[]
Remarks
This parameter specifies the message to be processed. This parameter accepts a byte array.
Input and Output Parameters
The cmdlet will determine the source and destination of the input and output based on which parameters are set.
The order in which the input parameters are checked is as follows:
- InputBlockB
- InputFile
- InputMessageB
- InputMessage
Default Value
null
IVB Property (Unprotect-Data Cmdlet)
The initialization vector (IV).
Syntax
Unprotect-Data -IVB byte[]
Remarks
This parameter specifies the initialization vector (IV). By default this parameter is empty and the cmdlet will automatically generate a new IV value if KeyPassword is set. The size of the IV parameter must be equal to the BlockSize divided by 8. This parameter accept a byte array.
Default Value
null
Key Property (Unprotect-Data Cmdlet)
The secret key for the symmetric algorithm.
Syntax
Unprotect-Data -Key string
Remarks
This secret key is used both for encryption and decryption. The secret key should be known only to the sender and the receiver. The legal key size varies depending on the algorithm.
If this parameter is left empty and KeyPassword is specified, a Key value will be generated by the cmdlet as necessary.
Legal Key and Block Sizes (in bits)
AES | Rijndael | CAST | DES | IDEA | RC2 | RC4 | TripleDES | Blowfish | Twofish | TEA | |
Minimum Key Size | 128 | 128 | 112 | 64 | 128 | 112 | 112 | 128 | 112 | 128 | 128 |
Maximum Key Size | 256 | 256 | 128 | 64 | 128 | 128 | 2048 | 192 | 448 | 256 | 128 |
Key Size Step | 64 | 64 | 8 | 0 | 0 | 8 | 8 | 64 | 1 | 8 | 0 |
Block Size | 128 | 128/192/256 | 64 | 64 | 64 | 64 | N/A | 64 | 64 | 128 | 64* |
Note: When using TEA if Algorithm is set to XXTEA valid block sizes are 64 + n * 32. Where n is any positive integer.
The default KeySize is the Maximum Key Size.
Default Value
""
KeyB Property (Unprotect-Data Cmdlet)
The secret key for the symmetric algorithm.
Syntax
Unprotect-Data -KeyB byte[]
Remarks
This secret key is used both for encryption and decryption. The secret key should be known only to the sender and the receiver. The legal key size varies depending on the algorithm.
If this parameter is left empty and KeyPassword is specified, a Key value will be generated by the cmdlet as necessary.
Legal Key and Block Sizes (in bits)
AES | Rijndael | CAST | DES | IDEA | RC2 | RC4 | TripleDES | Blowfish | Twofish | TEA | |
Minimum Key Size | 128 | 128 | 112 | 64 | 128 | 112 | 112 | 128 | 112 | 128 | 128 |
Maximum Key Size | 256 | 256 | 128 | 64 | 128 | 128 | 2048 | 192 | 448 | 256 | 128 |
Key Size Step | 64 | 64 | 8 | 0 | 0 | 8 | 8 | 64 | 1 | 8 | 0 |
Block Size | 128 | 128/192/256 | 64 | 64 | 64 | 64 | N/A | 64 | 64 | 128 | 64* |
Note: When using TEA if Algorithm is set to XXTEA valid block sizes are 64 + n * 32. Where n is any positive integer.
The default KeySize is the Maximum Key Size. This parameter accept a byte array.
Default Value
null
KeyPassword Property (Unprotect-Data Cmdlet)
A password to generate the Key and InitializationVector .
Syntax
Unprotect-Data -KeyPassword string
Remarks
When this parameter is set the cmdlet will calculate values for Key and InitializationVector using the PKCS5 password digest algorithm. This provides a simpler alternative to creating and managing Key and InitializationVector values directly.
The size of the Key generated is dependent on the value of KeySize.
Default Value
""
LastBlock Property (Unprotect-Data Cmdlet)
Whether the input block is the last block.
Syntax
Unprotect-Data -LastBlock SwitchParameter
Remarks
This parameter is used in conjunction with InputBlockB to specify whether the current block is the last block.
Default Value
false
LogFile Property (Unprotect-Data Cmdlet)
The location of a file to which debug information is written.
Syntax
Unprotect-Data -LogFile string
Remarks
When specified, the cmdlet will log debug information to the file. If the file exists, the information will be appended.
Default Value
""
OutputFile Property (Unprotect-Data Cmdlet)
Specifies the output file.
Syntax
Unprotect-Data -OutputFile string
Remarks
This parameter specifies the output file where data will be written. If this is not specified the data is returned as a OutputMessage object.
Default Value
""
Overwrite Property (Unprotect-Data Cmdlet)
Whether to overwrite the output file.
Syntax
Unprotect-Data -Overwrite SwitchParameter
Remarks
This parameter indicates whether the cmdlet will overwrite the output file. If Overwrite is False (default), an error will be thrown when OutputFile exists. The default value is False.
Default Value
false
PaddingMode Property (Unprotect-Data Cmdlet)
The padding mode.
Syntax
Unprotect-Data -PaddingMode string
Remarks
PaddingMode is used to pad the final input block to guarantee that it is the correct size required for the selected CipherMode. Each mode pads the data differently. Possible values are:
PKCS7 (default) | The data is padded with a series of bytes that are each equal to the number of bytes used.
For instance, in the example below the data must be padded with 3 additional bytes, so each byte value will be 3.
Raw Data: AA AA AA AA AA
PKCS7 Padded Data: AA AA AA AA AA 03 03 03 |
Zeros | The data is padded with null bytes. |
None | No padding will be performed. |
ANSIX923 | The ANSIX923 padding string consists of a sequence of bytes filled with zeros before the length.
For instance, in the example below the data must be padded with 3 additional bytes, so last byte value will be 3.
Raw Data: AA AA AA AA AA
ANSIX923 padding Data: AA AA AA AA AA 00 00 03 |
ISO10126 | The ISO10126 padding string consists of random data before the length.
For instance, in the example below the data must be padded with 3 additional bytes, so last byte value will be 3.
Raw Data: AA AA AA AA AA
ISO10126 padding Data: AA AA AA AA AA F8 EF 03 |
When calling Decrypt the PaddingMode must match the value used when the data was encrypted.
Note: When using a value of 2 (pmNone), unless the length of input is an exact multiple of the cipher's input BlockSize, the final block of plaintext may be lost.
Default Value
0
UseHex Property (Unprotect-Data Cmdlet)
Whether input or output is hex encoded.
Syntax
Unprotect-Data -UseHex SwitchParameter
Remarks
This parameter specifies whether data is hex encoded.
When encrypting if this is True the output is hex encoded. When decrypting if this is True the input is first hex decoded before processing.
Default Value
false
OutputBlock Output Object (Unprotect-Data Cmdlet)
The decrypted block.
Syntax
Object OutputBlock {string Data;
byte[] DataB;
}
Remarks
This object is returned when InputBlockB is set. This holds the decrypted block. The Data property holds the string representation of the block. The DataB property holds the block as a byte array.
OutputMessage Output Object (Unprotect-Data Cmdlet)
The output message.
Syntax
Object OutputMessage {string Data;
byte[] DataB;
}
Remarks
This holds the output data. The Data property holds the string representation. The DataB property holds the block as a byte array.
Config Settings (Unprotect-Data Cmdlet)
The cmdlet accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the cmdlet, access to these internal properties is provided through the Config method.Unprotect-Data Config Settings
The following algorithms have a fixed block size: AES, CAST, DES, IDEA, RC2, TripleDES, Blowfish, and Twofish.
- "SHA1"
- "MD2"
- "MD5" (default)
- "HMAC-SHA1"
- "HMAC-SHA224"
- "HMAC-SHA256"
- "HMAC-SHA384"
- "HMAC-SHA512"
- "HMAC-MD5"
- "HMAC-RIPEMD160"
This setting is only applicable when KeyPassword is specified.
Note that when using the EzCrypt cmdlet, KeySize should be set after setting the Algorithm property.
Base Config Settings
The following is a list of valid code page identifiers:
Identifier | Name |
037 | IBM EBCDIC - U.S./Canada |
437 | OEM - United States |
500 | IBM EBCDIC - International |
708 | Arabic - ASMO 708 |
709 | Arabic - ASMO 449+, BCON V4 |
710 | Arabic - Transparent Arabic |
720 | Arabic - Transparent ASMO |
737 | OEM - Greek (formerly 437G) |
775 | OEM - Baltic |
850 | OEM - Multilingual Latin I |
852 | OEM - Latin II |
855 | OEM - Cyrillic (primarily Russian) |
857 | OEM - Turkish |
858 | OEM - Multilingual Latin I + Euro symbol |
860 | OEM - Portuguese |
861 | OEM - Icelandic |
862 | OEM - Hebrew |
863 | OEM - Canadian-French |
864 | OEM - Arabic |
865 | OEM - Nordic |
866 | OEM - Russian |
869 | OEM - Modern Greek |
870 | IBM EBCDIC - Multilingual/ROECE (Latin-2) |
874 | ANSI/OEM - Thai (same as 28605, ISO 8859-15) |
875 | IBM EBCDIC - Modern Greek |
932 | ANSI/OEM - Japanese, Shift-JIS |
936 | ANSI/OEM - Simplified Chinese (PRC, Singapore) |
949 | ANSI/OEM - Korean (Unified Hangul Code) |
950 | ANSI/OEM - Traditional Chinese (Taiwan; Hong Kong SAR, PRC) |
1026 | IBM EBCDIC - Turkish (Latin-5) |
1047 | IBM EBCDIC - Latin 1/Open System |
1140 | IBM EBCDIC - U.S./Canada (037 + Euro symbol) |
1141 | IBM EBCDIC - Germany (20273 + Euro symbol) |
1142 | IBM EBCDIC - Denmark/Norway (20277 + Euro symbol) |
1143 | IBM EBCDIC - Finland/Sweden (20278 + Euro symbol) |
1144 | IBM EBCDIC - Italy (20280 + Euro symbol) |
1145 | IBM EBCDIC - Latin America/Spain (20284 + Euro symbol) |
1146 | IBM EBCDIC - United Kingdom (20285 + Euro symbol) |
1147 | IBM EBCDIC - France (20297 + Euro symbol) |
1148 | IBM EBCDIC - International (500 + Euro symbol) |
1149 | IBM EBCDIC - Icelandic (20871 + Euro symbol) |
1200 | Unicode UCS-2 Little-Endian (BMP of ISO 10646) |
1201 | Unicode UCS-2 Big-Endian |
1250 | ANSI - Central European |
1251 | ANSI - Cyrillic |
1252 | ANSI - Latin I |
1253 | ANSI - Greek |
1254 | ANSI - Turkish |
1255 | ANSI - Hebrew |
1256 | ANSI - Arabic |
1257 | ANSI - Baltic |
1258 | ANSI/OEM - Vietnamese |
1361 | Korean (Johab) |
10000 | MAC - Roman |
10001 | MAC - Japanese |
10002 | MAC - Traditional Chinese (Big5) |
10003 | MAC - Korean |
10004 | MAC - Arabic |
10005 | MAC - Hebrew |
10006 | MAC - Greek I |
10007 | MAC - Cyrillic |
10008 | MAC - Simplified Chinese (GB 2312) |
10010 | MAC - Romania |
10017 | MAC - Ukraine |
10021 | MAC - Thai |
10029 | MAC - Latin II |
10079 | MAC - Icelandic |
10081 | MAC - Turkish |
10082 | MAC - Croatia |
12000 | Unicode UCS-4 Little-Endian |
12001 | Unicode UCS-4 Big-Endian |
20000 | CNS - Taiwan |
20001 | TCA - Taiwan |
20002 | Eten - Taiwan |
20003 | IBM5550 - Taiwan |
20004 | TeleText - Taiwan |
20005 | Wang - Taiwan |
20105 | IA5 IRV International Alphabet No. 5 (7-bit) |
20106 | IA5 German (7-bit) |
20107 | IA5 Swedish (7-bit) |
20108 | IA5 Norwegian (7-bit) |
20127 | US-ASCII (7-bit) |
20261 | T.61 |
20269 | ISO 6937 Non-Spacing Accent |
20273 | IBM EBCDIC - Germany |
20277 | IBM EBCDIC - Denmark/Norway |
20278 | IBM EBCDIC - Finland/Sweden |
20280 | IBM EBCDIC - Italy |
20284 | IBM EBCDIC - Latin America/Spain |
20285 | IBM EBCDIC - United Kingdom |
20290 | IBM EBCDIC - Japanese Katakana Extended |
20297 | IBM EBCDIC - France |
20420 | IBM EBCDIC - Arabic |
20423 | IBM EBCDIC - Greek |
20424 | IBM EBCDIC - Hebrew |
20833 | IBM EBCDIC - Korean Extended |
20838 | IBM EBCDIC - Thai |
20866 | Russian - KOI8-R |
20871 | IBM EBCDIC - Icelandic |
20880 | IBM EBCDIC - Cyrillic (Russian) |
20905 | IBM EBCDIC - Turkish |
20924 | IBM EBCDIC - Latin-1/Open System (1047 + Euro symbol) |
20932 | JIS X 0208-1990 & 0121-1990 |
20936 | Simplified Chinese (GB2312) |
21025 | IBM EBCDIC - Cyrillic (Serbian, Bulgarian) |
21027 | Extended Alpha Lowercase |
21866 | Ukrainian (KOI8-U) |
28591 | ISO 8859-1 Latin I |
28592 | ISO 8859-2 Central Europe |
28593 | ISO 8859-3 Latin 3 |
28594 | ISO 8859-4 Baltic |
28595 | ISO 8859-5 Cyrillic |
28596 | ISO 8859-6 Arabic |
28597 | ISO 8859-7 Greek |
28598 | ISO 8859-8 Hebrew |
28599 | ISO 8859-9 Latin 5 |
28605 | ISO 8859-15 Latin 9 |
29001 | Europa 3 |
38598 | ISO 8859-8 Hebrew |
50220 | ISO 2022 Japanese with no halfwidth Katakana |
50221 | ISO 2022 Japanese with halfwidth Katakana |
50222 | ISO 2022 Japanese JIS X 0201-1989 |
50225 | ISO 2022 Korean |
50227 | ISO 2022 Simplified Chinese |
50229 | ISO 2022 Traditional Chinese |
50930 | Japanese (Katakana) Extended |
50931 | US/Canada and Japanese |
50933 | Korean Extended and Korean |
50935 | Simplified Chinese Extended and Simplified Chinese |
50936 | Simplified Chinese |
50937 | US/Canada and Traditional Chinese |
50939 | Japanese (Latin) Extended and Japanese |
51932 | EUC - Japanese |
51936 | EUC - Simplified Chinese |
51949 | EUC - Korean |
51950 | EUC - Traditional Chinese |
52936 | HZ-GB2312 Simplified Chinese |
54936 | Windows XP: GB18030 Simplified Chinese (4 Byte) |
57002 | ISCII Devanagari |
57003 | ISCII Bengali |
57004 | ISCII Tamil |
57005 | ISCII Telugu |
57006 | ISCII Assamese |
57007 | ISCII Oriya |
57008 | ISCII Kannada |
57009 | ISCII Malayalam |
57010 | ISCII Gujarati |
57011 | ISCII Punjabi |
65000 | Unicode UTF-7 |
65001 | Unicode UTF-8 |
Identifier | Name |
1 | ASCII |
2 | NEXTSTEP |
3 | JapaneseEUC |
4 | UTF8 |
5 | ISOLatin1 |
6 | Symbol |
7 | NonLossyASCII |
8 | ShiftJIS |
9 | ISOLatin2 |
10 | Unicode |
11 | WindowsCP1251 |
12 | WindowsCP1252 |
13 | WindowsCP1253 |
14 | WindowsCP1254 |
15 | WindowsCP1250 |
21 | ISO2022JP |
30 | MacOSRoman |
10 | UTF16String |
0x90000100 | UTF16BigEndian |
0x94000100 | UTF16LittleEndian |
0x8c000100 | UTF32String |
0x98000100 | UTF32BigEndian |
0x9c000100 | UTF32LittleEndian |
65536 | Proprietary |
- Product: The product the license is for.
- Product Key: The key the license was generated from.
- License Source: Where the license was found (e.g., RuntimeLicense, License File).
- License Type: The type of license installed (e.g., Royalty Free, Single Server).
- Last Valid Build: The last valid build number for which the license will work.
This setting only works on these cmdlets: AS3Receiver, AS3Sender, Atom, Client(3DS), FTP, FTPServer, IMAP, OFTPClient, SSHClient, SCP, Server(3DS), Sexec, SFTP, SFTPServer, SSHServer, TCPClient, TCPServer.
Setting this configuration setting to true tells the cmdlet to use the internal implementation instead of using the system security libraries.
On Windows, this setting is set to false by default. On Linux/macOS, this setting is set to true by default.
If using the .NET Standard Library, this setting will be true on all platforms. The .NET Standard library does not support using the system security libraries.
Note: This setting is static. The value set is applicable to all cmdlets used in the application.
When this value is set, the product's system dynamic link library (DLL) is no longer required as a reference, as all unmanaged code is stored in that file.