Private keys handling in XP/2003 Server

From: Tom (tom.meier_at_gmx.ch)
Date: 04/25/05 

Date: 25 Apr 2005 02:18:05 -0700

Hi

I'm looking for information about the location(s) and handling of
certificates and private keys in Windows XP and 2003 Server. I'm
particularly interested in how the private keys are copied around when
using roaming profiles, how they are transferred, where they are stored
(with which sort of security mechanisms) and if they are removed after
logging out. The most helpful document so far was the Windows Data
Protection paper [1], but it is rather about Data Protection API (with
Master/Session Keys, etc.) and less about the problems in a distributed
environment. Any hints about key security with ActiveDirectory are
highly welcome!

Thanks - Tom

[1]:
http://msdn.microsoft.com/library/en-us/dnsecure/html/windataprotection-dpapi.asp

Relevant Pages

  • Re: X.509 certificate generation
    ... For information on how private keys are stored in Windows 2000, ... Scroll about half way down to the topic "How Certificates Are Stored". ... This is followed by a discussion of "How Private Keys Are Stored". ...
    (microsoft.public.win2000.security)
  • Re: Unable to Install Secure Certificate with use for NAFN.gov website
    ... Certificates and their associated private keys are not available when a user ... who has a roaming user profile uses a Windows 2000-based computer to log on ... SP1 under windows 2000, as a user on an AD domain. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Locked out; forgot my administrative password
    ... EFS, Credentials, and Private Keys from Certificates Are Unavailable After a Password Is ... Reset ... How to Log On to Windows XP If You Forget Your Password or Your Password Expires ...
    (microsoft.public.windowsxp.newusers)
  • Re: Location of users private key in PKI solution
    ... user private keys are stored in the user profile %appdata% and ... > sort of central repository (with access to a particular key restricted ... > (I'm particularly interested in Windows Certificate Services)? ... > If private keys are located in some central repository, ...
    (microsoft.public.security)
  • Re: Location of users private key in PKI solution
    ... user private keys are stored in the user profile %appdata% and ... > sort of central repository (with access to a particular key restricted ... > (I'm particularly interested in Windows Certificate Services)? ... > If private keys are located in some central repository, ...
    (microsoft.public.win2000.security)