Friday, November 05, 2004

Private Key Storage - in windows OS

Private keys for the Microsoft RSA-based cryptographic service providers (CSPs), including the Base CSP and the Enhanced CSP, are located in the user profile under RootDirectory\Documents and Settings\username\Application Data\Microsoft\Crypto\RSA. In the case of a roaming user profile, private keys reside in the RSA folder on the domain controller and are downloaded to the user's computer until the user logs off or the computer is restarted.
Because private keys must be protected, all files in the RSA folder are automatically encrypted by using a random symmetric key called the user's master key. The user's master key is 64 bytes in length and is generated by a strong random number generator. 3DES keys are derived from the master key and are used to protect private keys. The master key is generated automatically and is periodically renewed. It encrypts each file in the RSA folder automatically as the file is created.
For more information about CryptoAPI, see the Software Development Kit (SDK) link on the Web Resources page at http://www.microsoft.com/windows/reskits/webresources.
For more information about Data Protection API, see the Technet link on the Web resources page at http://www.microsoft.com/windows/reskits/webresources.
Caution
The RSA folder must never be renamed or moved. This is the only place the CSPs look for private keys. If you need additional protection for this folder, the administrator can provide additional file system security for users' computers or use roaming profiles.

0 Comments:

Post a Comment

<< Home