Re: remove private key

From: Shawn Corey [MSFT] (shawncor_at_online.microsoft.com)
Date: 01/30/04 

Date: Fri, 30 Jan 2004 11:09:52 -0800

Depending on what order you are doing things a couple of problems may arise.
If you are deleting the cert from the store before you delete the private
key, by using oCertificate.PrivateKey.Delete, then the oCertificate object
may have the flag saying that a private key is available but the info on
where that key is may be deleted with the cert. Another possibility is that
the cert you are using is a copy of another cert and the properties for that
cert contained info pointing to a key that no longer exists. From what you
said it seems most likely that the key that the certificates properties are
pointing to no longer exists.

If you remove a cert from a store then leaving the private key behind is not
a huge deal, there are several apps I have seen that do this. The key will
still be protected in the same way it was before the cert was deleted and
there is no info in the key that says what cert that key belonged to, that
info is all in the certificate properties in the store. For added security
it is recommended to remove the key, this is best done just before you
delete the cert form the store.

Keysets are the public private key pairs. The public key is stored in the
cert and the private key is stored in either a file or the registry
depending on the version of windows you use, and is in a different
folder/registry location for each user. 

-- 
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"flor_lai" <flor_lai@yahoo.com> wrote in message
news:u25W2715DHA.2064@TK2MSFTNGP11.phx.gbl...
> I can sucessful to remove cert record in certificate store(personal
folder).
> Thx
> but I have question on Privatekey.
>
> In the cert detail, it return "True" for oCertificate.HasPrivateKey().
> So, I just try to execute oCertificate.PrivateKey.Delete
> But return "error '80090016'  Keyset does not exist"
>
> How to cause the problem? How to solve it ?
>
> If I remove the Cert is store, is it necessary to remove PrivateKey?
> Where and what is Keyset?
>
> Thx
>
>

Relevant Pages

  • Re: Alternative store vs. MY store
    ... I don't think copying the cert to ... the private key to leave my alternative physical store--which is a USB flash ... store both the client cert and its associate private key on my USB memory ... article "The Smart Card Cryptographics Service Provider Cookbook" which has ...
    (microsoft.public.platformsdk.security)
  • Re: Alternative store vs. MY store
    ... store both the client cert and its associate private key on my USB memory ... your codes (CSP, ... indirect call to your CSP when one of your cert is involved in an operation. ...
    (microsoft.public.platformsdk.security)
  • Re: Alternative store vs. MY store
    ... >> keep the private key on the memory card all the time. ... > must so start to copy your certs to the store, ... > indirect call to your CSP when one of your cert is involved in an operation. ...
    (microsoft.public.platformsdk.security)
  • Re: The remote server returned an error: 403 Forbidden
    ... I still having the same error after i installed Hotfix from Microsoft ... and the cert. ... > the CAPI store. ... >> Does the certificate in the store say it has a private key associated ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: How do you associate private key with import cert?
    ... I want to generate and store a cert and private key so I can use them to ... I need access to the cert and private key). ... > Your command below should generate a new certificate ...
    (microsoft.public.dotnet.security)