Re: Location of users private key in PKI solution
From: David Cross [MS] (dcross@online.microsoft.com)
Date: 04/09/03
- Next message: Jeff Cochran: "Re: Local admin domain user"
- Previous message: Tony: "Disabling IE"
- In reply to: Paul Mateer: "Location of users private key in PKI solution"
- Next in thread: Karl Levinson [x y] mvp: "Re: Location of users private key in PKI solution"
- Reply: Karl Levinson [x y] mvp: "Re: Location of users private key in PKI solution"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "David Cross [MS]" <dcross@online.microsoft.com> Date: Wed, 9 Apr 2003 05:20:04 -0700
In Windows, user private keys are stored in the user profile %appdata% and
in general are not centralized. However roaming profiles can be used which
can make the keys available to applications which are trusted for
delegation, can impersonate the user LSALogonUser and LoadUserProfile to get
access to the keys.
In general, I would not recommend the above approach and as it does not
provide for non-repudiation of the signature.
-- David B. Cross [MS] -- This posting is provided "AS IS" with no warranties, and confers no rights. http://support.microsoft.com "Paul Mateer" <p.mateer@meridio.com> wrote in message news:424f2ade.0304090410.6a05da60@posting.google.com... > Hi, > > I am trying to design a document signing solution for an existing > document management system, and I have a question (or two) that will > influence the design. > > Basically I need to know where a users private key is located in a PKI > solution. Does it reside on the users machine, or is it held in some > sort of central repository (with access to a particular key restricted > to the user in question). > > Does the answer to this question depend upon the PKI solution in use > (I'm particularly interested in Windows Certificate Services)? If a > users private key is installed on their PC how to they sign documents > and emails if they are working of a different PC? > > If private keys are located in some central repository, then I can > design a system where the document repository (at the request of a > user) signs a document on their behalf (by assuming the identity of > the user and then acquiring their private key for encryption). > > If private keys are stored on individual PC's then my solution will > have to transfer the document to be signed to the client PC, sign it > and then return the signature to the server. > > My knowledge of PKI is somewhat limited, so hopefully I haven't asked > any questions that are stupid or don't make sense. > > Thanks for any help on this matter, > > Paul Mateer > Meridio Limited > www.meridio.com
- Next message: Jeff Cochran: "Re: Local admin domain user"
- Previous message: Tony: "Disabling IE"
- In reply to: Paul Mateer: "Location of users private key in PKI solution"
- Next in thread: Karl Levinson [x y] mvp: "Re: Location of users private key in PKI solution"
- Reply: Karl Levinson [x y] mvp: "Re: Location of users private key in PKI solution"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
