New-NAVEncryptionKey

Create an encryption key and stores it in a file in a specified path on the computer or network.

Syntax

New-NAVEncryptionKey
   [-KeyPath] <String>
   [-Password <SecureString>]
   [-Force]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

When using SQL Server authentication between the Business Central Server instance and database in SQL Server, Business Central encrypts passwords that are used by a server instance to access to Business Central databases in SQL Server. This includes, for example, the server instance service account credentials and the database credentials.

To encrypt and decrypt the passwords, an encryption key is used. Business Central uses a single encryption key per server instance. Encryption and decryption is performed by a RSA algorithm as provided by the cryptographic service provider (see RSACryptoServiceProvider(Int32)). The generated encryption key size is 2048 bits.

In some cases, such as when upgrading or migrating a system from one set of hardware to another, you might need to copy of the encryption key to use it on another Business Central Server instance. By using the New-NAVEncryptionKey cmdlet, you can create an encryption key, and then use the Import-NAVEncryptionKey cmdlet to import the exported key to a Business Central Server instance and database. The New-NAVEncryptionKey cmdlet enables you to specify a destination file for the key and specify a password to protect the file.

Examples

EXAMPLE 1

New-NAVEncryptionKey -KeyPath "C:\Keys\nav.key" -Password (Get-Credential).Password

Description


The following example creates an encryption key in a password protected file.

Parameters

-Confirm

Prompts you for confirmation before executing the command.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Force

Forces the command to run without asking for user confirmation.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-KeyPath

Specifies the full path of the key will be exported. The full path includes the drive, folders, and file name. The folder path must already exist. The file will be created that has the given file name.

Type:String
Position:1
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Password

Specifies a password that protects the encryption key file.

Type:SecureString
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Describes what would happen if you executed the command without actually executing the command.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Outputs

System.String KeyPath