If I have an encrypted string
$cipherText ="MIID"
How can I figure out what specific certificate is able to decrypt it?
If I just decrypt it, like this:
Invoke-ServiceFabricDecryptText -CipherText $cipherText
..I'm not able to see which specific certificate was able to decrypt it
There is no direct way to identify which certificate will be able to decrypt the string.
Invoke-ServiceFabricDecryptTextis a command which only focusses on decrypting the text.Check this MSDoc, try all the available certificates by trial-and-error method and verify which one will be suitable to the given decrypted text. (Not applicable for large number of available certificates as it makes job difficult)
In Service Fabric encryption, the encrypted string usually contains details about the certificate used for encryption, like its thumbprint. You can check the initial characters of the
$cipherTextvariable to verify if there's a recognizable format that talks about the certificate used.You can also check the manifest file
ApplicationManifest.xml. The application manifest might specify the encryption certificate with the help of<SecretsCertificate>element.Reference: Manage certificates in Service Fabric clusters