Re: Internal format of RSA private keys in microsoft keystore.
- Original Message - From: R.Sriram [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 10, 2003 1:20 AM Subject: Internal format of RSA private keys in microsoft keystore. Greetings, In the process of trying to work around some of the limitations of the m$-CAPI API, I'm trying to decipher the internal representation of private keys in the default m$ key store, in order to extract the private key out. If you could acquire a context, you could export the private key into a blob and then read it from that, but you can't acquire a context. As Tom mentioned, the keys are encrypted in the container. The FIPS 140 security policies for M$'s CSPs say that the task of protecting the keys in the system is delegated to Data Protection API (DPAPI). There is a brief explanation in the security policies, see for example http://csrc.nist.gov/cryptval/140-1/140sp/140sp241.pdf section Key Storage. You might be able to find more detailed information somewhere else... Good luck! --Anton - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Internal format of RSA private keys in microsoft keystore.
key containers in MS are encrypted. there is a capi m/l to be found at http://discuss.microsoft.com/archives/index.html ..tom Greetings, In the process of trying to work around some of the limitations of the m$-CAPI API, I'm trying to decipher the internal representation of private keys in the default m$ key store, in order to extract the private key out. The systems I'm working on are Win2K and XP, both on NTFS. Google didn't give me much. Has anyone been able to figure out the format of private key files? You can have a look at C:/Documents and Settings/username/Application Data/Microsoft/ Crypto/RSA/*/filename I'm trying this because CryptAcquireContext() dies with the error NTE_BAD_KEYSET half the time. This is supposed to indicate that the key container doesn't exist or it could be corrupted. At this point I'm trying to see if the files are in good shape by reading them out. Having come from a Unix world, there may be something obvious I'm missing out, so please have patience :) Thanks, Sriram. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Internal format of RSA private keys in microsoft keystore.
Greetings, In the process of trying to work around some of the limitations of the m$-CAPI API, I'm trying to decipher the internal representation of private keys in the default m$ key store, in order to extract the private key out. The systems I'm working on are Win2K and XP, both on NTFS. Google didn't give me much. Has anyone been able to figure out the format of private key files? You can have a look at C:/Documents and Settings/username/Application Data/Microsoft/ Crypto/RSA/*/filename I'm trying this because CryptAcquireContext() dies with the error NTE_BAD_KEYSET half the time. This is supposed to indicate that the key container doesn't exist or it could be corrupted. At this point I'm trying to see if the files are in good shape by reading them out. Having come from a Unix world, there may be something obvious I'm missing out, so please have patience :) Thanks, Sriram. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
