RMS Server Keys

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

An RMS server has a key pair of 1024-bit RSA keys.

The server public key is used to encrypt the content key that is in a publishing license so that only the servers in the RMS cluster can retrieve the content key and issue use licenses against that publishing license. The server licensor certificate contains the server public key.

The cluster's private key is used to sign all certificates and licenses that are issued by the cluster.

Server private key protection

By default, during provisioning, the cluster's private key is created and stored in the RMS database in encrypted form. Alternately, during provisioning, you can specify a cryptographic service provider (CSP) that is already installed on the server.

You can use a CSP in two different ways:

  • Choose among software CSP implementations that are installed by default with your server.


  • Use a non-Microsoft software CSP that you have installed on the server.


If you want to use a hardware security module, make sure that you select a CSP that supports hardware security modules.

If you choose to protect the server private key by using a CSP, RMS stores the name of the provider and the name of the key container that is in the configuration database.