[英]Private key security in windows certificate store
When I import a public/private pair into windows certificate store, Windows does not require any password of any kind to encrypt the keys. 当我将公共/私人对导入Windows证书存储区时,Windows不需要任何密码来加密密钥。
From that I conclude that if it is a user's store, it uses the user's password (or probably the user's hashed password) to encrypt the private key, and, if it is the local machine store, it is probably some kind of hardware-based key to encrypt the private key. 由此我得出结论,如果它是用户的商店,它使用用户的密码(或可能是用户的哈希密码)来加密私钥,如果它是本地机器商店,它可能是某种基于硬件的密钥加密私钥。
Did I get it right??? 我做对了吗???
And if I did, what is the point of non-exportable keys if I can decrypt the keys??? 如果我这样做,如果我可以解密密钥,那么非可导出密钥的重点是什么?
And last question - If I got it right up to here, what are the alternatives? 最后一个问题 - 如果我到达这里,有什么替代方案?
As "SLanks" link explains, the private keys are encrypted with the user's password or the machines's password (depends on the location of the keys in the store). 正如“SLanks”链接所解释的那样,私钥是使用用户密码或机器密码加密的(取决于商店中密钥的位置)。
Therefore, anyone who can log to the machine can obtain to this user's keys and anyone who has access to the machine can obtain keys stored for the local machine. 因此,任何可以登录到该计算机的人都可以获取该用户的密钥,并且任何有权访问该计算机的人都可以获得为本地计算机存储的密钥。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.