4.1.6 Server-Initiated Transfer of Session Key

The PowerShell Remoting Protocol allows the client and the server to exchange a session key (section 2.2.2.4). The typical PSRP sequence for transferring a session key (section 2.2.2.4) from the server to the client, when the server initiates the transfer, is described in the following table:

Step

Client

Direction

Server

1

The RunspacePool is in the Opened state on the client.

The RunspacePool is in the Opened state on the server (section 4.1.1).

The Public Key (section 3.2.1.2.8) is empty.

2

The client sends a wxf:Receive message (section 3.1.5.3.7) to the server, if none is pending for this RunspacePool.

>

3

<

The server constructs a PUBLIC_KEY_REQUEST message (section 2.2.2.5) and sends it to the client using wxf:ReceiveResponse (section 3.2.5.3.8).

4

The client constructs a PUBLIC_KEY message (section 2.2.2.3) and sends it using wxf:Send message (section 3.1.5.3.5) targeted to the RunspacePool.

The client starts Session Key Transfer timer (section 3.1.2).

>

The server stores the Public Key (section 3.2.1.2.8).

The server generates a Session Key (section 3.2.1.2.7), if not already generated.

5

The client sends a wxf:Receive message (section 3.1.5.3.7) to the server, if none is pending for this RunspacePool.

>

6

<

For each wxf:Send message received from the client, the server sends a wxf:SendResponse message (see section 3.2.5.3.6) to the client.

7

The client processes the ENCRYPTED_SESSION_KEY message (section 2.2.2.4), cancels the Session Key Transfer timer (section 3.1.2) and stores the Session Key (section 3.1.1.2.7) for future use.

<

The server constructs an Encrypted Session Key (section 2.2.2.4) and sends it to the client using wxf:ReceiveResponse (section 3.2.5.3.8).

8

From this point on, the client uses the stored Session Key (section 3.1.1.2.7) for sending secure data (section 2.2.5.1.24) to the server.

From this point on, the server uses the Session Key (section 3.2.1.2.7) for sending secure data (section 2.2.5.1.24) to the client.