Home/ Questions/Q 9117801
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T04:58:56+00:00

I am using per-user Win32 cryptographic key containers (via .Net RSACryptoServiceProvider class) to store

  • 0

I am using per-user Win32 cryptographic key containers (via .Net RSACryptoServiceProvider class) to store a private key used to decrypt stored passwords in a password manager.

How secure is that private key stored? Obviously any program running from the same user account can access it. But is the key actually encrypted based on the user’s password?

Can I assume that the private key is accessible only once the user is logged on? Or can a service (or another account) still extract the key? Can the computer administrator not knowing the user’s password extract it? Can the key be extracted by resetting the user’s password using an administrative account? If the computer gets stolen and the attacker can access the harddisk (but does not know the user’s password), can he extract the private key? If the user has locked the session, can an attacker extract the key from memory using an administrative account/kernel driver?

P.S. I know about the ‘master key’ pattern, but it’s not acceptable in my case, so I need to store the passwords the most secure way I can.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    A user’s private keys should only be accessible once that user is logged on, and cannot be accessed simply by resetting the user’s password then logging in using the reset password (indeed, prior to resetting a users password, there are warnings that the user will lose access to encrypted data etc.) See: http://support.microsoft.com/kb/290260

    However, once the user is logged in, there is the possibility for other users’ processes on the same machine with sufficient privileges (generally only granted to administrative/system accounts) to access the stored keys, e.g. by injecting code into a users process that will run I’m the context of the user and hence be able to do anything the user could do with the key (use it to decrypt, sign, or export the key, etc.).

    Enabling strong private key protection may mitigate some of these issues by requiring the user to enter a password for the key whenever it is used. Even with this, it would likely still be possible for malicious code to intercept the key’s password.

    • 0