I'm guessing EPiServer is using the machine key yes which of course won't work by copy pasting it to another server. Solution would be to decrypt on current server, copy paste that to new web.config, and encrypt again on both source and target server.
we're using the standard configuration encryption method in ASP.NET. I use it to encrypt the connectionStrings.config, and this has to be done manually on each server. See the aspnet_regiis.exe command for more information, or read more here: http://msdn.microsoft.com/en-us/library/89211k9b(v=vs.80).aspx
Note! In a load balanced environment, you can export/import the encryption keys, so you have the same config on all servers. Make sure you protect your keys if you go down this path.