As chaves são armazenadas por meio da API de criptografia da Microsoft: Next Generation (CNG).
Locais de armazenamento:
- Usuário privado:
%APPDATA%\Microsoft\Crypto\Keys
- Sistema local privado:
%ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\SystemKeys
- Serviço local privado:
%WINDIR%\ServiceProfiles\LocalService
- Serviço de rede privado:
%WINDIR%\ServiceProfiles\NetworkService
- Particular compartilhado:
%ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\Keys
Descrição:
CNG provides a model for private key storage that allows adapting to the current and future demands of creating applications that use cryptography features such as public or private key encryption, as well as the demands of the storage of key material. The key storage router is the central routine in this model and is implemented in Ncrypt.dll. An application accesses the key storage providers (KSPs) on the system through the key storage router, which conceals details, such as key isolation, from both the application and the storage provider itself. The following illustration shows the design and function of the CNG key isolation architecture.
Source
Nota :
As noted by Tim G, the keys are not readable at file level because they are encrypted in the process of storing them via the CNG API.