Onde as chaves privadas de certificado são armazenadas no Windows 7?

9

Usando o utilitário certmgr.msc , posso acessar a loja cert do Windows, mas ainda não consigo descobrir onde o Windows armazena as chaves particulares.

Por exemplo, para um determinado certificado, o Windows informa que há uma chave privada associada a esse certificado. Mas onde posso encontrá-lo fisicamente?

    
por TheByeByeMan 05.04.2016 / 10:14

1 resposta

9

As chaves são armazenadas por meio da API de criptografia da Microsoft: Next Generation (CNG).

Locais de armazenamento:

  • Usuário privado: %APPDATA%\Microsoft\Crypto\Keys
  • Sistema local privado:
    %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\SystemKeys
  • Serviço local privado:
    %WINDIR%\ServiceProfiles\LocalService
  • Serviço de rede privado:
    %WINDIR%\ServiceProfiles\NetworkService
  • Particular compartilhado:
    %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\Keys

Descrição:

CNG provides a model for private key storage that allows adapting to the current and future demands of creating applications that use cryptography features such as public or private key encryption, as well as the demands of the storage of key material. The key storage router is the central routine in this model and is implemented in Ncrypt.dll. An application accesses the key storage providers (KSPs) on the system through the key storage router, which conceals details, such as key isolation, from both the application and the storage provider itself. The following illustration shows the design and function of the CNG key isolation architecture.
Key Storage Architecture
Source

Nota :

As noted by Tim G, the keys are not readable at file level because they are encrypted in the process of storing them via the CNG API.

    
por 05.04.2016 / 10:49