0

I need to generate and store a sensitive file (assume that it is not a traditional PKCS format) private key and keep it accessible to the running service.

Normally, when running as a service account (AD User), I would store the file under the user's profile, and then let standard Windows security handle this.

Outside of the CryptoAPI, where in the file system should I store this private key?

Ran Dom
  • 315
  • 5
  • 13

1 Answers1

0

Using DPAPI, you can either use current user credentials or either the LocalMachine 'creds'.

LocalMachine will make all users on the computer able to Unprotect the data (still a solution though... if you trust every user on this computer).

Or, you can use impersonation to get the current user & do your stuff.

Kianii
  • 141
  • 1
  • 9