Certificate Services database and key recovery security
From: Lars Olaussen (Isolauss_at_hotmail.com)
Date: 06/16/04
- Next message: S. Pidgorny
: "Re: W2K3 domain in DMZ" - Previous message: Hairy One Kenobi: "Re: W2K3 domain in DMZ"
- Next in thread: David Cross [MS]: "Re: Certificate Services database and key recovery security"
- Reply: David Cross [MS]: "Re: Certificate Services database and key recovery security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 16 Jun 2004 10:25:53 +0200
As far as I know, the private keys are stored encrypted in the CA
database by using a random key with 3DES algorithm.
Is it possible to change this to 128/256 bit key size with AES
algorithm? If so, how?
And, I've seen that there are possibilites to delete entries in the CA
database; both single rows performed through certutil.exe and multiple
rows through eseutil.exe. I think I've read somewhere that the database
is hashed to know when changes has been performed, but I do not remember
the source.
Is it this feature that detects if one or more rows are deleted? If so,
is the whole database hashed as one? I also wonder if each database row
is signed by the CA when added, and if so, if they hashes are chained
together in any way.
Best regards,
Lars Olaussen
Isolauss@hotmail.com
- Next message: S. Pidgorny
: "Re: W2K3 domain in DMZ" - Previous message: Hairy One Kenobi: "Re: W2K3 domain in DMZ"
- Next in thread: David Cross [MS]: "Re: Certificate Services database and key recovery security"
- Reply: David Cross [MS]: "Re: Certificate Services database and key recovery security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
