3.4.5.2 Decrypting the Connection String
To decrypt the connection string, the consumer MUST use a private key that matches a public key that the publisher has. The following algorithm MUST be followed to decrypt the string:
Separate the exported key and the encrypted connection string. This information MUST be retrieved from the payload after the Peer Name has been resolved. The byte length of the exported key MUST be retrieved from the FriendlyName (as specified in [MS-PNRP], section 3.2.4.1) string that is associated with the Peer Name.
Decrypt the exported symmetric key by using the matching private key and the RSA algorithm.
Decrypt the connection string by using the symmetric key that was obtained in step 2.