4.1.6 Server-Initiated Transfer of Session Key
The PowerShell Remoting Protocol allows the client and the server to exchange a session key (section 2.2.2.4). The typical PSRP sequence for transferring a session key (section 2.2.2.4) from the server to the client, when the server initiates the transfer, is described in the following table:
|
Step |
Client |
Direction |
Server |
|---|---|---|---|
|
1 |
The RunspacePool is in the Opened state on the client. |
|
The RunspacePool is in the Opened state on the server (section 4.1.1). The Public Key (section 3.2.1.2.8) is empty. |
|
2 |
The client sends a wxf:Receive message (section 3.1.5.3.7) to the server, if none is pending for this RunspacePool. |
> |
|
|
3 |
|
< |
The server constructs a PUBLIC_KEY_REQUEST message (section 2.2.2.5) and sends it to the client using wxf:ReceiveResponse (section 3.2.5.3.8). |
|
4 |
The client constructs a PUBLIC_KEY message (section 2.2.2.3) and sends it using wxf:Send message (section 3.1.5.3.5) targeted to the RunspacePool. The client starts Session Key Transfer timer (section 3.1.2). |
> |
The server stores the Public Key (section 3.2.1.2.8). The server generates a Session Key (section 3.2.1.2.7), if not already generated. |
|
5 |
The client sends a wxf:Receive message (section 3.1.5.3.7) to the server, if none is pending for this RunspacePool. |
> |
|
|
6 |
|
< |
For each wxf:Send message received from the client, the server sends a wxf:SendResponse message (see section 3.2.5.3.6) to the client. |
|
7 |
The client processes the ENCRYPTED_SESSION_KEY message (section 2.2.2.4), cancels the Session Key Transfer timer (section 3.1.2) and stores the Session Key (section 3.1.1.2.7) for future use. |
< |
The server constructs an Encrypted Session Key (section 2.2.2.4) and sends it to the client using wxf:ReceiveResponse (section 3.2.5.3.8). |
|
8 |
From this point on, the client uses the stored Session Key (section 3.1.1.2.7) for sending secure data (section 2.2.5.1.24) to the server. |
|
From this point on, the server uses the Session Key (section 3.2.1.2.7) for sending secure data (section 2.2.5.1.24) to the client. |