Denis McCarthy wrote:
customers use. On this application, it is important to identify the physical machine on which a transaction takes place. In most of our
b) The application is currently multi platform, but all our users use windows (because that is what the application we are replacing runs on). If we have to, we can stipulate that our users must use windows if we have to. Is there some way we could interact with the windows key store to extract a machine based key to authenticate with our server?
Microsoft supports "machine" certificates and in an active directory domain for instance, you can enforce that a computer in the domain must have a machine certificate to connect to the domain at all.
If you open the certificates snap-in in the Microsoft management console (start -> run-> "mmc", and you can add in the certs snap-in) it asks you whether to add one for "My user account" "Service Account" or "Computer account". You'd most likely want to drop a cert in "Computer Account" for your purposes.
I don't know exactly how all this works, but I know it can be done so it's something you can definately look into. Probably start with Microsoft PKI documentation.
Dave -- dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
