This topic contains 6 replies, has 3 voices, and was last updated by
May 12, 2016 at 2:31 am #38981
I am following the book "PowerShell In Depth" and in Credentials topic I found this Line
"When PowerShell performs that encryption, it does so using a locally
stored encryption key. Move the script and password file to another machine and it
won't work, because the local encryption key will be different"
But when I tried to import the encrypted Password from another server but using the same file(Which was stored on my roaming profile) I can still decrypt the Password.
So is the encryption key user dependent?
May 12, 2016 at 3:04 am #38983
When using a encryption key it will work between machines. If you don't specify an encryption key it will not work between machines
Let me know if that helps, I can go into more detail if you want 🙂
May 12, 2016 at 3:31 am #38987
Thank You Alex.I did not use -Key parameter but still was able to reproduce the Password in plain text that was in encrypted text format(Output of ConvertFrom-SecureString) between machines on same domain.
However the file was stored in my Roaming Profile.
May 12, 2016 at 3:50 am #38989
Hmm that is interesting.
I wonder if it thinks its the same machines because its stored in your roaming profile.
Would be one to test (I don't have a roaming profile setup here). Let me see if I can test by putting it in a share.
May 12, 2016 at 3:53 am #38991MemberTopics: 9Replies: 2322Points: 0Rank: Member
The encryption keys are stored in your user profile, so roaming profiles should be fine cross-machine. There's also an AD feature called Credential Roaming which can make this work without needing to use roaming profiles.
May 12, 2016 at 3:55 am #38992
Thank you Dave, that is interesting. Something to keep a note of 🙂
May 12, 2016 at 4:00 am #38993
Thank You Dave It makes sense to me know.
Thank You Alex
The topic ‘what it means when we say Encryption Key is unique for User and Machine’ is closed to new replies.