[14653] in cryptography@c2.net mail archive
Re: Internal format of RSA private keys in microsoft keystore.
daemon@ATHENA.MIT.EDU (Anton Stiglic)
Wed Oct 15 14:34:30 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Anton Stiglic" <astiglic@okiok.com>
To: "R.Sriram" <rsriram@encentuate.com>, <cryptography@metzdowd.com>
Date: Tue, 14 Oct 2003 09:48:52 -0400
----- Original Message -----
From: "R.Sriram" <rsriram@encentuate.com>
To: <cryptography@metzdowd.com>
Sent: Friday, October 10, 2003 1:20 AM
Subject: Internal format of RSA private keys in microsoft keystore.
> Greetings,
>
> In the process of trying to work around some of the limitations
> of the m$-CAPI API, I'm trying to decipher the internal representation
> of private keys in the default m$ key store, in order to extract
> the private key out.
If you could acquire a context, you could export the private key into
a blob and then read it from that, but you can't acquire a context.
As Tom mentioned, the keys are encrypted in the container.
The FIPS 140 security policies for M$'s CSPs say that the task
of protecting the keys in the system is delegated to Data Protection
API (DPAPI). There is a brief explanation in the security policies,
see for example
http://csrc.nist.gov/cryptval/140-1/140sp/140sp241.pdf
section "Key Storage".
You might be able to find more detailed information somewhere else...
Good luck!
--Anton
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
