Re: CA key pair deposition

From: Shreeniwas Kelkar [MS] (srkelkar@online.microsoft.com)
Date: 08/28/02 

From: "Shreeniwas Kelkar [MS]" <srkelkar@online.microsoft.com>
Date: Wed, 28 Aug 2002 11:12:04 -0700

Also, if you just want to backup the keys (and certs), you can use the MMC
Certification Authority snapin or run "certutil -backupKey" 

--
Shreeniwas Kelkar,
Microsoft Corp.
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of any included samples is subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm"
--
"D. Cross [MS]" <vaq130@hotmail.com> wrote in message
news:uaQtxwpTCHA.2556@tkmsftngp09...
> The CA runs as the SYSTEM account which implies that the keys are stored
in
> the machine store of the local system.  You can use a HSM of course with a
> third party CSP to store the keys elsewhere of couse.
>
> keys are protected by DPAPI and are generated using CryptGenRandom
>
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecure/ht
> ml/windataprotection-dpapi.asp
>
> --
>
> David B. Cross [MS]
>
> --
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
> "paul" <paul@rettersen.de> wrote in message
> news:94ee01c24e84$9c1d7120$35ef2ecf@TKMSFTNGXA11...
> hi,
>
> i´m trying to make a PKI with .NET RC1. I need it for a
> VPN-Solution (L2TP/IPSec).
> After the installation of an enterprise CA I´m trying to
> find out where the key pair (private and public key of
> the CA), which the "wizzard" generated, could be.
>
> Is there any whitepaper, which descibes how the wizzard
> generates keys (random, etc.) and where the keys are ?
>
> thanks a lot
> best regards
> -paul
>
>

Relevant Pages

  • Re: Why you need a registry cleaner
    ... These are free and "safe" to use for experienced users, keeping in mind that you can do a lot of damage running as the System account, things that you can't do even as an Administrator. ... The keys were there all the time, you were just not using the System account to run Regedit and open the keys, that is why you weren't seeing anything. ... Is it truly there or does Registrar Registry Manager just display and or build it? ... "John John" wrote in message ...
    (microsoft.public.windowsxp.basics)
  • Re: Unable to delete Registry Items
    ... > While we are on the subject of Legacy keys, ... As they are created these keys inherit ACLs from the ... parent key (which only allow DELETE from the SYSTEM account and thus ...
    (microsoft.public.win2000.registry)
  • Re: CA key pair deposition
    ... The CA runs as the SYSTEM account which implies that the keys are stored in ... the machine store of the local system. ... third party CSP to store the keys elsewhere of couse. ... which descibes how the wizzard ...
    (microsoft.public.win2000.security)
  • Re: Reg Imports
    ... Nope, Full control. ... Tried to import the keys and it says that "Some of the ... privileges since FBA is run in System account. ... called "Permission" set permissions for your account to full ...
    (microsoft.public.windowsxp.embedded)
  • Re: CA keyPai deposition
    ... All keys are stored in the CryptoAPI store and are protected using DPAPI. ... You can view them using the certificates mmc for the local computer. ... > the CA), which the "wizzard" generated, could be. ...
    (microsoft.public.security)