RMS Content Keys
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
When an author publishes rights-protected content, an RMS-enabled application creates a symmetric content key and uses it to encrypt the content. RMS uses the Advanced Encryption Standard (AES) to create the content key.
The content key is included in the publishing license, and the content key is encrypted with the public key of the RMS cluster that issued the license.
When that cluster receives a request for a use license, it decrypts the content key with the cluster's private key, and then re-encrypts the content key with the user public key (which it received as part of the request). The content key is then contained in the use license.