作为本地系统运行的Windows服务应在哪里将私钥存储在文件系统中?
[英]Where should a Windows service, running as Local System, store a private key in the file system?
问题描述
I need to generate and store a sensitive file (assume that it is not a traditional PKCS format) private key and keep it accessible to the running service. 
我需要生成并存储一个敏感文件(假设它不是传统的PKCS格式)私钥,并使运行的服务可以访问它。
Normally, when running as a service account (AD User), I would store the file under the user's profile, and then let standard Windows security handle this. 通常,当以服务帐户(AD用户)身份运行时,我会将文件存储在用户的配置文件下,然后让标准Windows安全处理此问题。
Outside of the CryptoAPI, where in the file system should I store this private key? 在CryptoAPI之外,我应该将该私钥存储在文件系统中的什么位置?
1 个解决方案
解决方案1
0 2019-01-09 09:44:25
Using DPAPI, you can either use current user credentials or either the LocalMachine 'creds'. 使用DPAPI,您既可以使用当前用户凭据,也可以使用LocalMachine“信条”。
LocalMachine will make all users on the computer able to Unprotect the data (still a solution though... if you trust every user on this computer). LocalMachine将使计算机上的所有用户都能够取消保护数据(不过,如果您信任此计算机上的每个用户,这仍然是解决方案)。
Or, you can use impersonation to get the current user & do your stuff. 或者,您可以使用模拟来获取当前用户并做您的工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.