RE: Whether a key container is persist

From: lelteto <lelteto@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 6 Feb 2008 10:06:06 -0800

Unless you specify CRYPT_VERIFYCONTEXT the container with CRYPT_NEWKEYSET
remains in the system. (Until you explicitly delete it with
CRYPT_DELETEKEYSET). You can open the same container again using the SAME
container name.
As for same / other application use: more important is the logged-in USER.
If the container was created with CRYPT_MACHINE_KEYSET flag, any user
(application) can open it - of course, the machine keyset flag needs to be
set each time. Otherwise only the same user which created the container can
open it.

Laszlo Elteto
SafeNet, Inc.

"Arsalan Ahmad" wrote:

Hello all,

Could anyone please confirm whether a new key container created through
CryptAcquireContext() by specifying a random key container name (could be a
UUID) and specifying CRYPT_NEWKEYSET remains persist even if the application
exits (and even system reboots). ?

And is it possible to acquire handle to same key container from some other
application and use the keys inside it which were generated by the previous
application?

Thanks,

Arsalan

Follow-Ups:
- Re: Whether a key container is persist
  - From: Arsalan Ahmad

References:
- Whether a key container is persist
  - From: Arsalan Ahmad

Prev by Date: Re: How to add a user to a group and programatically see that in its token
Next by Date: Re: How to add a user to a group and programatically see that in i
Previous by thread: Whether a key container is persist
Next by thread: Re: Whether a key container is persist
Index(es):
- Date
- Thread

Relevant Pages

Re: Designating a class as a superior of another programmatically
... it's the possSuperiors attribute of the container class that you need to add ... systemPossSuperiors and possSuperiors references on contained classes. ... > property of the container class, and have tried specifying the container ... > class in the possibleInferiors property (figured that wouldn't work as it ...
(microsoft.public.windows.server.active_directory)
Re: synecdoche?
... I see the advantage of "packed" in not specifying ... the container, ... Absolutely standard BrE. ... H2G2 agrees with you - and that's good enough for me. ...
(alt.usage.english)
Re: CryptAcquireContext fails with error 6 (The handle is invalid)
... As far as why both accounts are not part of the IIS_WPG I did not research ... any potential problem just give both accounts access to the key container. ... | from the beginning and, indeed, NETWORK SERVICE" and "LOCAL SERVICE" ...
(microsoft.public.platformsdk.security)
Re: AES Initialization Vectors dont seem to work
... This should not be an issue with container names. ... will definetely run into interference because this file is created under ... > Should I be using a different key container name? ... > same algorithm (like AES or DES)? ...
(microsoft.public.platformsdk.security)
Re: Key container - removeing entries?
... > Key Container when Preivate key in CSP is selected. ... Two of those containers will belong to your EFS support. ... a key associated with your EFS cert, ...
(microsoft.public.platformsdk.security)