RMS Machine Keys
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
An RMS with SP1 or later client computer has a key pair of 1024-bit RSA keys, which are called machine keys.
The machine public key is used to encrypt a rights account certificate private key. The RMS machine certificate contains the machine public key. The lockbox contains the machine private key, which is used to decrypt the rights account certificate to allow the use of the user private key.