what it means when we say Encryption Key is unique for User and Machine

This topic contains 6 replies, has 3 voices, and was last updated by Profile photo of Kiran Chilledout Kiran Chilledout 4 months, 2 weeks ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #38981
    Profile photo of Kiran Chilledout
    Kiran Chilledout
    Participant

    I am following the book "PowerShell In Depth" and in Credentials topic I found this Line

    "When PowerShell performs that encryption, it does so using a locally
    stored encryption key. Move the script and password file to another machine and it
    won't work, because the local encryption key will be different"

    But when I tried to import the encrypted Password from another server but using the same file(Which was stored on my roaming profile) I can still decrypt the Password.

    So is the encryption key user dependent?

    #38983
    Profile photo of Alex
    Alex
    Participant

    Hi Kiran,

    When using a encryption key it will work between machines. If you don't specify an encryption key it will not work between machines

    TechNet Convertto-SecuretString

    Let me know if that helps, I can go into more detail if you want 🙂

    Cheers.

    #38987
    Profile photo of Kiran Chilledout
    Kiran Chilledout
    Participant

    Thank You Alex.I did not use -Key parameter but still was able to reproduce the Password in plain text that was in encrypted text format(Output of ConvertFrom-SecureString) between machines on same domain.
    However the file was stored in my Roaming Profile.

    #38989
    Profile photo of Alex
    Alex
    Participant

    Hmm that is interesting.

    I wonder if it thinks its the same machines because its stored in your roaming profile.

    Would be one to test (I don't have a roaming profile setup here). Let me see if I can test by putting it in a share.

    #38991
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    The encryption keys are stored in your user profile, so roaming profiles should be fine cross-machine. There's also an AD feature called Credential Roaming which can make this work without needing to use roaming profiles.

    #38992
    Profile photo of Alex
    Alex
    Participant

    Thank you Dave, that is interesting. Something to keep a note of 🙂

    #38993
    Profile photo of Kiran Chilledout
    Kiran Chilledout
    Participant

    Thank You Dave It makes sense to me know.
    Thank You Alex

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.