From the book “Powershell in depth” (p.177): “The password can only be decrypted using the private key, which exists only on the computer where the credential was created.”
Several other ressources reports that the encryption is done with the private key of the user who created the credential / encrypted string.
When running tests with stored credentials (without using the -key Parameter), I couldn’t decrypt the password neither with an other user on the same machine nor with the same domain user on another machine.
So is the encryption done with both keys - user and machine? Or did I mess up something during my tests?