what it means when we say Encryption Key is unique for User and Machine

Welcome Forums General PowerShell Q&A what it means when we say Encryption Key is unique for User and Machine

This topic contains 6 replies, has 3 voices, and was last updated by

 
Participant
2 years, 7 months ago.

  • Author
    Posts
  • #38981

    Participant
    Points: 0
    Rank: Member

    I am following the book "PowerShell In Depth" and in Credentials topic I found this Line

    "When PowerShell performs that encryption, it does so using a locally
    stored encryption key. Move the script and password file to another machine and it
    won't work, because the local encryption key will be different"

    But when I tried to import the encrypted Password from another server but using the same file(Which was stored on my roaming profile) I can still decrypt the Password.

    So is the encryption key user dependent?

  • #38983

    Participant
    Points: 0
    Rank: Member

    Hi Kiran,

    When using a encryption key it will work between machines. If you don't specify an encryption key it will not work between machines

    TechNet Convertto-SecuretString

    Let me know if that helps, I can go into more detail if you want 🙂

    Cheers.

  • #38987

    Participant
    Points: 0
    Rank: Member

    Thank You Alex.I did not use -Key parameter but still was able to reproduce the Password in plain text that was in encrypted text format(Output of ConvertFrom-SecureString) between machines on same domain.
    However the file was stored in my Roaming Profile.

  • #38989

    Participant
    Points: 0
    Rank: Member

    Hmm that is interesting.

    I wonder if it thinks its the same machines because its stored in your roaming profile.

    Would be one to test (I don't have a roaming profile setup here). Let me see if I can test by putting it in a share.

  • #38991

    Member
    Points: 0
    Rank: Member

    The encryption keys are stored in your user profile, so roaming profiles should be fine cross-machine. There's also an AD feature called Credential Roaming which can make this work without needing to use roaming profiles.

  • #38992

    Participant
    Points: 0
    Rank: Member

    Thank you Dave, that is interesting. Something to keep a note of 🙂

  • #38993

    Participant
    Points: 0
    Rank: Member

    Thank You Dave It makes sense to me know.
    Thank You Alex

The topic ‘what it means when we say Encryption Key is unique for User and Machine’ is closed to new replies.