RE: Certificates and key containers

From: Help (anonymous_at_discussions.microsoft.com)
Date: 10/07/04

Next message: Kid: "How to use RAS API retrieve network connection password ?"
Previous message: John Banes [MS]: "Re: Generating TLS server certificates"
In reply to: lelteto: "RE: Certificates and key containers"
Next in thread: lelteto: "RE: Certificates and key containers"
Reply: lelteto: "RE: Certificates and key containers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 6 Oct 2004 23:18:10 -0700

Thanks Laszlo,

Using certificates, a user could have many different key
containers over time. Keeping track of these containers
would probably be a hassle. Would it be best to not bother
keeping track of key container names, instead just search
for certificates and get the relevant private/public keys
from there?

TIA.

>-----Original Message-----
>As per strictly using "CAPI" one should always specify
the container name.
>(Yes, there is a so-called "default" container but there
is only ONE of that.
>CAPI itself (at least at the CryptAcquireContext level)
doesn't "generate" a
>container name for you.
>On your other question when moving certs and keys I don't
think that the
>container name is usually copied - certainly not when the
container name is
>GUID style.
>Of course, some applications may insist on their own
container naming
>convention - especially if it's not store in the Registry
but on a tokne /
>smart acrd - so in that case the container naming may be
consistent when
>moving certs and keys.
>
>Laszlo Elteto
>SafeNet, Inc.
>
>"Help" wrote:
>
>> Hi,
>>
>> If a certificate and its keys are exported from one
>> machine and installed on another machine, what would
the
>> name of the key container be on the new machine? Would
it
>> be randomly generated, or will it be the same as the
>> container name on the original machine?
>>
>> Another question, when using CryptoAPI, if a new cert
is
>> requested, how is the name of the key container decided
>> (is it user specified or auto-generated)?
>>
>> TIA.
>>
>>
>.
>

Next message: Kid: "How to use RAS API retrieve network connection password ?"
Previous message: John Banes [MS]: "Re: Generating TLS server certificates"
In reply to: lelteto: "RE: Certificates and key containers"
Next in thread: lelteto: "RE: Certificates and key containers"
Reply: lelteto: "RE: Certificates and key containers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Trust model- Exporting keys & "Error during CryptAcquireContext"
... I'm currently generating working keys like this: ... However, if I then export those certificates, they just won't work on ... I see an error message "Error 80090016 during CryptAcquireContext!" ... "Container Name" is used. ...
(microsoft.public.windowsce.platbuilder)
Re: Multiple Personal Certificates
... how would the key container be named? ... Most applications rely on the default random naming ... >> If a user has multiple personal certificates, ...
(microsoft.public.platformsdk.security)
RE: Certificates and key containers
... That's how it is done by most applications. ... certificatethen get the CSP and container name from the attached property ... > for certificates and get the relevant private/public keys ... >>On your other question when moving certs and keys I don't ...
(microsoft.public.platformsdk.security)