For my applications, I have a private key stored using the Windows CNG functions, but I don't have a way to ensure when the applications communicate that the messages are from my applications. I need is a way for me to only allow the private key stored in the CNG to be loaded when the applications are signed by me. What are the CNG functions to use for that behaviour?
Asked
Active
Viewed 66 times
1 Answers
0
There isn't. Windows' security model is based around users and groups being given permission to do things and access to resources, individual applications/processes do not generate security tokens (where identifying information is stored) of their own, they inherit an existing token.
SoronelHaetir
- 14,104
- 1
- 12
- 23
-
That is not what I'm asking about. I'm asking about loading/opening a private key, not about opening it in something like notepad. Windows will not show the actual private key in a text editor, the only way to get the private key is to load it. From looking at the CNG API it appears that anyone who knows the name of the private key can open it. This is what I'm wanting to prevent. – JadziaMD Nov 20 '18 at 07:58