RE: Protecting private keys
From: lelteto (lelteto_at_discussions.microsoft.com)
Date: 06/09/05
- Next message: lelteto: "Re: A question about CryptAcquireCertificatePrivateKey"
- Previous message: Didier Wenger: "DC Certificate and AutoEnrollment - Access Denied"
- In reply to: natush: "Protecting private keys"
- Next in thread: Alun Jones [MSFT]: "Re: Protecting private keys"
- Reply: Alun Jones [MSFT]: "Re: Protecting private keys"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 9 Jun 2005 10:28:11 -0700
If you are storing the private key in a secure hardware than you can store it
as it is (ie. inject the value). However, if your hw needs to be FIPS-140
compliant than you cannot inject the key unencrypted: you would need to wrap
it (with another key).
Laszlo Elteto
SafeNet, Inc.
"natush" wrote:
> I’m writing a CSP and I have a question regarding the protection of the
> private key.
> I read on the MSDN that after the generation of the private key I should
> call CryptProtectData.
> Is a CSP obligated to protect the private key this way? Since I need a
> higher protection level - I want to protect the keys using a special hardware
> mechanism. Is it legitimate?
>
- Next message: lelteto: "Re: A question about CryptAcquireCertificatePrivateKey"
- Previous message: Didier Wenger: "DC Certificate and AutoEnrollment - Access Denied"
- In reply to: natush: "Protecting private keys"
- Next in thread: Alun Jones [MSFT]: "Re: Protecting private keys"
- Reply: Alun Jones [MSFT]: "Re: Protecting private keys"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
