Generates new key pair in Password Decryption service
New-AdmPwdKeyPair [-KeySize] <Int32> [<CommonParameters>]
This cmdlet is used to create a new key pair in Password Decryptor service, with one of supported key sizes.
Creates new key pair with key size 2048 bits
Requested key size in bits
Type: Int32 Parameter Sets: (All) Aliases: Required: True Position: 0 Default value: None Accept pipeline input: True (ByValue) Accept wildcard characters: False
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.
Only holders of PDSAdmin role (by design: Enterprise Admins role; it is defined in PDS.config) are allowed to call this cmdlet. Others receive Access Denied error. Note: PDSAdmin role can be easily changed by PDS.config editting. For immediate changes, you still need to restart the Win32 service called AdmPwd.E.PDS.
For FIPS compliance, key size of at least 2048 bits is required. For performance reasons, it is not recommended to use keys longer than 4096 bits.
Solution uses RSA asymmetric algorithm. To change key sizes ofered by PDS, change PDS configuration file