what it means when we say Encryption Key is unique for User and Machine

I am following the book “PowerShell In Depth” and in Credentials topic I found this Line

“When PowerShell performs that encryption, it does so using a locally
stored encryption key. Move the script and password file to another machine and it
won’t work, because the local encryption key will be different”

But when I tried to import the encrypted Password from another server but using the same file(Which was stored on my roaming profile) I can still decrypt the Password.

So is the encryption key user dependent?

Hi Kiran,

When using a encryption key it will work between machines. If you don’t specify an encryption key it will not work between machines

TechNet Convertto-SecuretString

Let me know if that helps, I can go into more detail if you want :slight_smile:


Thank You Alex.I did not use -Key parameter but still was able to reproduce the Password in plain text that was in encrypted text format(Output of ConvertFrom-SecureString) between machines on same domain.
However the file was stored in my Roaming Profile.

Hmm that is interesting.

I wonder if it thinks its the same machines because its stored in your roaming profile.

Would be one to test (I don’t have a roaming profile setup here). Let me see if I can test by putting it in a share.

The encryption keys are stored in your user profile, so roaming profiles should be fine cross-machine. There’s also an AD feature called Credential Roaming which can make this work without needing to use roaming profiles.

Thank you Dave, that is interesting. Something to keep a note of :slight_smile:

Thank You Dave It makes sense to me know.
Thank You Alex