Good evening, I hope all is well. Short answer is "Yes", but it is the RECIPIENT'S Public Key that is used. All 9 steps I discuss and enumerate in the episode are listed below for reference:
How AD RMS works - AD RMS works as follows:
The first time an author configures rights protection for a document, a client
licensor certificate is requested from the AD RMS server. A client locates the
AD RMS server by using the service connection point in AD DS.
The server then issues a client licensor certificate to the client, unless
the client is on the exclusion list in AD RMS.
When the author receives the client licensor certificate from the AD RMS server,
he or she can configure usage rights on the document. The author can perform the
configuration either manually or by applying pre-created templates.
When the author configures usage rights, the AD RMS-enabled app encrypts the
file with a symmetric key. A symmetric key is generated on the client device. When
AD RMS protection is applied to the document, the document is actually in an
This symmetric key is then encrypted by using the public key of the AD RMS
server that the author is using. This encrypted symmetric key is distributed to
the AD RMS server and stored on it. Because it is encrypted with the server’s
public key, it can be decrypted only by using the server’s private key.
The author of the AD RMS-protected content distributes the file to the recipient.
The recipient of the file opens it by using an AD RMS app or browser. It is not
possible to open AD RMS-protected content unless the app or browser supports
AD RMS. If the recipient does not have an account certificate on the current device,
one is issued to the user at this point. The app or browser transmits a request
to the author's AD RMS server for a use license.
The AD RMS server determines if the recipient is authorized. If the recipient
is authorized, the AD RMS server issues a use license.
The AD RMS server then decrypts the symmetric key that was encrypted in step 5
by using its private key.
The AD RMS server re-encrypts the symmetric key by using the recipient's public
key and then adds the encrypted session key to the use license. The use license
and the encrypted symmetric key are then distributed to the recipient. The recipient
uses his or her private key to decrypt the symmetric key. After that, the symmetric
key is used to decrypt AD RMS-protected content.
After review it all, please feel free to let me know if you have any questions, or need anything further.
Good luck !!