RMS Encryption and Keys

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Rights-protected content is always encrypted. The certificates and licenses that are used by RMS may also contain encrypted content, which can be decrypted only by an appropriate entity. An RMS-enabled application uses a content key to encrypt the data. All RMS with SP1 and later servers, client computers, and user accounts have a key pair of 1024-bit RSA keys. RMS uses these keys to encrypt the content key that is in publishing and use licenses, and to sign RMS certificates and licenses, this process ensures that the server allows access only to authorized users and computers.

This section covers: