User Keys

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

An RMS user has a key pair of 1024-bit RSA keys. The user key pair is stored in the RMS configuration database so that a given user always has the same key pair throughout the RMS system.

A rights account certificate contains the user public key. This key is used to encrypt the content key that is in a use license so that only a particular user can consume rights-protected content by using that license.

The same rights account certificate also contains the user private key, which is encrypted with a client computer public key. This assures that a rights account certificate can be used only on the computer for which it was issued, but that every rights account certificate for a given user will contain the same key pair. The user private key is required to consume any content that has been protected by using RMS.