what it means when we say Encryption Key is unique for User and Machine

This topic contains 6 replies, has 3 voices, and was last updated by  Kiran Chilledout 2 years, 1 month ago.

  • Author
  • #38981

    Kiran Chilledout

    I am following the book "PowerShell In Depth" and in Credentials topic I found this Line

    "When PowerShell performs that encryption, it does so using a locally
    stored encryption key. Move the script and password file to another machine and it
    won't work, because the local encryption key will be different"

    But when I tried to import the encrypted Password from another server but using the same file(Which was stored on my roaming profile) I can still decrypt the Password.

    So is the encryption key user dependent?

  • #38983


    Hi Kiran,

    When using a encryption key it will work between machines. If you don't specify an encryption key it will not work between machines

    TechNet Convertto-SecuretString

    Let me know if that helps, I can go into more detail if you want 🙂


  • #38987

    Kiran Chilledout

    Thank You Alex.I did not use -Key parameter but still was able to reproduce the Password in plain text that was in encrypted text format(Output of ConvertFrom-SecureString) between machines on same domain.
    However the file was stored in my Roaming Profile.

  • #38989


    Hmm that is interesting.

    I wonder if it thinks its the same machines because its stored in your roaming profile.

    Would be one to test (I don't have a roaming profile setup here). Let me see if I can test by putting it in a share.

  • #38991

    Dave Wyatt

    The encryption keys are stored in your user profile, so roaming profiles should be fine cross-machine. There's also an AD feature called Credential Roaming which can make this work without needing to use roaming profiles.

  • #38992


    Thank you Dave, that is interesting. Something to keep a note of 🙂

  • #38993

    Kiran Chilledout

    Thank You Dave It makes sense to me know.
    Thank You Alex

You must be logged in to reply to this topic.