How to Generate Profile Encryption Keys Using Windows PowerShell

This topic provides guidance on how to use Microsoft Windows PowerShell to generate a new profile encryption key to protect properties in the Profiles store of the Commerce Server Core Systems. You can use Windows PowerShell as an alternative to using the Profile Key Manager command line interface to generate new keys.

For detailed information about using the key generation process and about the Profile Key Manager tool itself, see Profile Key Manager.

Prerequisites

• See Using Windows PowerShell for SharePoint 2010 Commerce Deployment for a list of variables and sample values that may be used in sample scripts provided in this topic.

• Prior to generating the keys, see Preparing to Use the Profile Key Manager.

To generate a profile encryption key using Windows PowerShell

Following is a sample Windows PowerShell script that generates a new key and then adds the encrypted key to the registry.

$CommerceServerSiteName = "StoreFrontSite"
$ProfileKeymanagerPath = "C:\Program Files (x86)\Microsoft Commerce Server 9.0\Tools\ProfileKeyManager.exe"
$KeyFileName = $CommerceServerSiteName + ".key" 
[Diagnostics.Process]::Start($ProfileKeymanagerPath, " /kn /o " + $KeyFileName)
$regPath = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CommerceServer\9.0 Keys\" + $CommerceServerSiteName
[Diagnostics.Process]::Start($ProfileKeymanagerPath, " /ke /f /kf .\" + $KeyFileName + " /reg """ + $regPath + """")

See Also

Other Resources

Using Windows PowerShell for SharePoint 2010 Commerce Deployment

Walkthrough: Deploying SharePoint 2010 Commerce Solution in a Two-Tier Topology

Walkthrough: Deploying a SharePoint 2010 Commerce Solution in a Three-Tier Topology