Thanks and a follow-up question on private keys

From: Phil Pinder (fp56@dial.pipex.com)
Date: 09/10/02


From: "Phil Pinder" <fp56@dial.pipex.com>
To: <focus-ms@securityfocus.com>, <Fred.Langston@guardent.com>, <bkml@att.net>
Date: Tue, 10 Sep 2002 19:21:31 +0100

Hi all

Thanks for the information on private keys. That's answered my burning
question. However, your replies generated another two....

It seems from some replies that protected storage is located in a mixture of
undocumented locations on the hard-drive/registry, and hence obfuscated. But
another reply seems to locate the private keys in files in :-
C:\Docs and settings\User\Application data\Microsoft\Crypto\RSA\user's SID\
and the master key used to encrypt the PK (itself encrypted with SYSKEY and
the user's password hash) is located in :-
..user\application data\microsoft\protect\user's sid\

Are these locations what is referred to as 'a mixture of locations on the
hard-drive/registry'??

If so and although Admin-only accessible, wouldn't this mean that these are
easily deleted by Admins (by mistake or by an intruder with this privilege)
and secondly where is syskey located since this seems fundamental in the
protection.

Are email keys also held in the roaming profile (same as EFS keys)??

Many thanks

Phil