Re: CA key pair deposition

From: paul (paul@rettersen.de)
Date: 08/29/02

• Next message: krish shenoy[MS]: "Re: Auditing"
• Previous message: Bryce Shaw: "Re: Folder Security, I have a problem!"
• In reply to: D. Cross [MS]: "Re: CA key pair deposition"
• Next in thread: D. Cross [MS]: "Re: CA key pair deposition"
• Reply: D. Cross [MS]: "Re: CA key pair deposition"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "paul" <paul@rettersen.de>
Date: Thu, 29 Aug 2002 09:24:57 -0700

Hi,

thanks a lot for your postings and the link about DPAPI.
But which regKeys, are the private and public key ? okay,
they are protected by DPAPI - but is there any
encrypted "thing" in the registry ? and where :)

thanks
-paul

>-----Original Message-----
>The CA runs as the SYSTEM account which implies that the
keys are stored in
>the machine store of the local system. You can use a HSM
of course with a
>third party CSP to store the keys elsewhere of couse.
>
>keys are protected by DPAPI and are generated using
CryptGenRandom
>
>http://msdn.microsoft.com/library/default.asp?
url=/library/en-us/dnsecure/ht
>ml/windataprotection-dpapi.asp
>
>--
>
>David B. Cross [MS]
>
>--
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>
>"paul" <paul@rettersen.de> wrote in message
>news:94ee01c24e84$9c1d7120$35ef2ecf@TKMSFTNGXA11...
>hi,
>
>i´m trying to make a PKI with .NET RC1. I need it for a
>VPN-Solution (L2TP/IPSec).
>After the installation of an enterprise CA I´m trying to
>find out where the key pair (private and public key of
>the CA), which the "wizzard" generated, could be.
>
>Is there any whitepaper, which descibes how the wizzard
>generates keys (random, etc.) and where the keys are ?
>
>thanks a lot
>best regards
>-paul
>
>
>.
>

• Next message: krish shenoy[MS]: "Re: Auditing"
• Previous message: Bryce Shaw: "Re: Folder Security, I have a problem!"
• In reply to: D. Cross [MS]: "Re: CA key pair deposition"
• Next in thread: D. Cross [MS]: "Re: CA key pair deposition"
• Reply: D. Cross [MS]: "Re: CA key pair deposition"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Manual import of pkcs12 file ... in DPAPI CryptProtectData, ... in PFX, when you do PFXImportCertStore, PFX will try to decode and import ... the keys stored in the PFX data to the CSP by CryptImportKey call. ... called with the flag above so that a GUI is shown. ... (microsoft.public.platformsdk.security) Re: CA key pair deposition ... Hi David, ... thanks for your posting. ... >thanks a lot for your postings and the link about DPAPI. ... >>third party CSP to store the keys elsewhere of couse. ... (microsoft.public.win2000.security) Re: is cert with strong protection ? ... Only keys have strong protection enabled through DPAPI, not certificates. ... "Slava" wrote in message ... (microsoft.public.platformsdk.security) Re: Firewall security: Re: Problems with simple Samba file share ... > against is people who already stole the private keys using them to do ... > once they had access to backups, but I grant you there are diffeernt ... Peter, do I really have to go back through nearly 200 posts and prove to ... (comp.os.linux.misc) Re: Can I implement an autofill feature with a textbox? ... the arrow keys, though. ... Private mAutoFill As New ArrayList ... Private mblnLockout As Boolean ... (microsoft.public.dotnet.framework.windowsforms)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint