Cryptography

[Ken]

On my Win2K Pro machine I noticed that in C:\Documents and Settings\[My
ID]\Application Data\Microsoft\Crypto\RSA\[My SID] there are many small
files. I have been using a DESCryptoServiceProvider for an application.

I have a few questions:
1 - What creates these files?
2 - If my application creates them, should it remove them?
3 - How would I know what to remove?
4 - On a Windows 98 machine I'm running the same application but I can't
seem to find where these are being created.
A - Where would I find them?
B - Are they automatically deleted?

Thanks in advance for your help

Ken

 

[Michel Gallant]

On my Win2K Pro machine I noticed that in C:\Documents and Settings\[My
ID]\Application Data\Microsoft\Crypto\RSA\[My SID] there are many small
files. I have been using a DESCryptoServiceProvider for an application.

I have a few questions:
1 - What creates these files?

Any application that generates an RSA keypair (public&private key) uses
CryptoAPI infrastructure to generate these protected(encrypted) key using
user credentials. A good description is in W2k Pro ResKit:
http://www.microsoft.com/windows200...techinfo/reskit/en-us/prork/prdd_sec_grhc.asp
("How Private Keys are Stored" section)

2 - If my application creates them, should it remove them?

If you application needs them, not a good idea to manually remove them.
In W2k, your EFS (Encryption File System) private-key is stored there too!

3 - How would I know what to remove?

Difficult (but not impossible) to tell by looking at binary-dump.

4 - On a Windows 98 machine I'm running the same application but I can't
seem to find where these are being created.

The location of such CSP-protected key credentials is platform-dependent. I
think lower OSs actually store the protected keys in registry. CryptoAPI calls
can automatically find the protected key containers. As a developer, you should
never assume you know the location of these CSP-protected private key. You don't
actually need to know.

- Michel Gallant
Visual Security MVP