RE: Does W2K hold user's email, EFS etc private key securely ?

From: Dufresne, Pierre (PIERRE.DUFRESNE@MESS.GOUV.QC.CA)
Date: 09/06/02

• Previous message: Robert Sieber: "RE: SMBdie exploit testing"
• Maybe in reply to: Phil Pinder: "Does W2K hold user's email, EFS etc private key securely ?"
• Next in thread: Fred.Langston@guardent.com: "RE: Does W2K hold user's email, EFS etc private key securely ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Dufresne, Pierre" <PIERRE.DUFRESNE@MESS.GOUV.QC.CA>
To: focus-ms@securityfocus.com
Date: Fri, 6 Sep 2002 09:04:47 -0400 

I recently had a look at this article:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecure/ht
ml/windataprotection-dpapi.asp
This may be what you are looking for.
Although it is oriented at XP, it may give you some hints.

HTH

Pierre Dufresne

-----Original Message-----
From: Phil Pinder [mailto:fp56@dial.pipex.com]
Sent: 5 septembre, 2002 05:09
To: focus-ms@securityfocus.com
Subject: Does W2K hold user's email, EFS etc private key securely ?

Hi all,

I'd be grateful if anyone can provide an answer to the following questions:

On Windows 2000 or .Net server, if a user/administrator creates
public/private keys for use in EFS, email encryption etc, where is the
user's private key actually stored, and how is this location protected. Is
it secure?

Is the private key held in the registry for example and how is it itself
encrypted - using the Windows password I'm guessing since you are never
prompted for a separate passphrase to protect this key.

If held on the workstation, how is it retrieved if you email from a
different workstation?

Many thanks

Phil Pinder

---

• Previous message: Robert Sieber: "RE: SMBdie exploit testing"
• Maybe in reply to: Phil Pinder: "Does W2K hold user's email, EFS etc private key securely ?"
• Next in thread: Fred.Langston@guardent.com: "RE: Does W2K hold user's email, EFS etc private key securely ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: DRA and access denied ... Windows/XP workstation that is member of the domain. ... I set up administrator as DRA before User encrypted his files. ... The actual certificate and private key is stored in the Administrator's ... (microsoft.public.windows.server.security) Re: DRA and access denied ... Windows/XP workstation that is member of the domain. ... I set up administrator as DRA before User encrypted his files. ... The actual certificate and private key is stored in the Administrator's profile on the first ... (microsoft.public.windows.server.security) Does W2K hold users email, EFS etc private key securely ? ... On Windows 2000 or .Net server, ... public/private keys for use in EFS, email encryption etc, where is the ... Is the private key held in the registry for example and how is it itself ... If held on the workstation, how is it retrieved if you email from a ... (Focus-Microsoft) Re: [SLE] running rsync from a script ... >> You could use the same key for each workstation. ... and then put the private key in the right place ... Perl module, anyway, removing the whole need for this kind of kludge. ... (SuSE) Re: Client Certificates Issue ... You can't use the user's private key for this as it is on their workstation, ... not on your server. ... The problem is that i need to generate a Digital Signature using the ... (microsoft.public.dotnet.framework.aspnet.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > focus-ms  > 2002-09