|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: W2K: EFS key caching?
From: Alan Ramsbottom (ACR
ALS.CO.UK)Date: Wed Mar 01 2000 - 12:35:38 CST
- Next message: Nick FitzGerald: "Re: Autorun.inf vulnerability"
- Previous message: Dave Tarbatt - ACS: "Disk (over)quota in Windows 2000"
- Maybe in reply to: Alan Ramsbottom: "W2K: EFS key caching?"
- Next in thread: Paul Robichaux: "W2K: when is admin not admin?"
- Maybe reply: Alan Ramsbottom: "Re: W2K: EFS key caching?"
- Reply: Paul Robichaux: "W2K: when is admin not admin?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> From: Lieberzeit, Vladja [mailto:VLieberRKK.CZ]
> Well, the situation with deleting EFS certificate is actually
> a bit different (worse?) than what Alan expects.
Interesting info, thanks.. and I think "worse" is an understatement for no
native method to gracefully delete *any* PK encryption keypairs from a
Windows box. That said, I've just spotted one method under W2K (it's not
there on my NT4 SP6A IE5 box):
When you export a cert from the personal store you can choose to include the
private key. If you do that then you get a new (to me) option, "Delete the
private key if the export is successful".
Unsurprisingly this appears to leave the relevant cert installed, although
it does vanish from the cert manager view of the personal store (in
principle, because the associated private key is gone). In pfx import/export
experiments it also left a likely redundant file under the directory:
\Documents and Settings\[User ID]\.. ...\My\Keys
Whatever:
1) I doubt I'm the only non-CAPI guru who erroneously assumed that keypairs
would get deleted together with associated personal store certificates. The
nature of the personal store (must be a cert and associated keypair) and the
lack of an explicit private key deletion method doubtless encourages this
umm.. naive belief.
2) Since the W2K cert manager is happy to offer to export and delete
key-pairs during personal store certificate export, I can't see any reason
why it shouldn't also offer to delete key-pairs when you delete the a
certificate.
3) The above "oficial" private key deletion method doesn't affect the
previously noted EFS behaviour i.e. it is still possible to decrypt/encrypt
files until a restart.
-Alan-
PS: Does anyone have a tool to find and zap "certificate-less" keypairs?
----------------------------------------------------------------------------
Delivery co-sponsored by SUNBELT SOFTWARE - http://www.sunbelt-software.com/
STAT: NT VULNERABILITY SCANNER - http://www.sunbelt-software.com/stat.htm
Ever had that feeling of ACUTE PANIC that a hacker has invaded your
network? Plug NT's holes before they plug you. There are now over 750
known NT vulnerabilities. You just have to protect your LAN _before_ it
gets attacked. STAT comes with a responsive web-update service and a
dedicated Pro SWAT team that helps you to hunt down and kill Security
holes. Built by anti-hackers for DOD sites. Download a demo copy before
you become a statistic.
----------------------------------------------------------------------------
- Next message: Nick FitzGerald: "Re: Autorun.inf vulnerability"
- Previous message: Dave Tarbatt - ACS: "Disk (over)quota in Windows 2000"
- Maybe in reply to: Alan Ramsbottom: "W2K: EFS key caching?"
- Next in thread: Paul Robichaux: "W2K: when is admin not admin?"
- Maybe reply: Alan Ramsbottom: "Re: W2K: EFS key caching?"
- Reply: Paul Robichaux: "W2K: when is admin not admin?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]