New-NAVEncryptionKey
Create an encryption key and stores it in a file in a specified path on the computer or network.
Syntax
New-NAVEncryptionKey
[-KeyPath] <String>
[-Password <SecureString>]
[-Force]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
When using SQL Server authentication between the Business Central Server instance and database in SQL Server, Business Central encrypts passwords that are used by a server instance to access to Business Central databases in SQL Server. This includes, for example, the server instance service account credentials and the database credentials.
To encrypt and decrypt the passwords, an encryption key is used. Business Central uses a single encryption key per server instance. Encryption and decryption is performed by a RSA algorithm as provided by the cryptographic service provider (see RSACryptoServiceProvider(Int32)). The generated encryption key size is 2048 bits.
In some cases, such as when upgrading or migrating a system from one set of hardware to another, you might need to copy of the encryption key to use it on another Business Central Server instance. By using the New-NAVEncryptionKey cmdlet, you can create an encryption key, and then use the Import-NAVEncryptionKey cmdlet to import the exported key to a Business Central Server instance and database. The New-NAVEncryptionKey cmdlet enables you to specify a destination file for the key and specify a password to protect the file.
Examples
EXAMPLE 1
New-NAVEncryptionKey -KeyPath "C:\Keys\nav.key" -Password (Get-Credential).Password
Description
The following example creates an encryption key in a password protected file.
Parameters
-Confirm
Prompts you for confirmation before executing the command.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Force
Forces the command to run without asking for user confirmation.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-KeyPath
Specifies the full path of the key will be exported. The full path includes the drive, folders, and file name. The folder path must already exist. The file will be created that has the given file name.
Type: | String |
Position: | 1 |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Password
Specifies a password that protects the encryption key file.
Type: | SecureString |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WhatIf
Describes what would happen if you executed the command without actually executing the command.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Outputs
System.String KeyPath