[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ms-cryptoapi
Subject:    Certificates and the Registry
From:       Susan Chapin <schapin () MITRE ! ORG>
Date:       1996-10-25 17:43:05
[Download RAW message or body]


I just did a Registry (WinNT Workstation 4.0) search on "cert" and I found entries in \
several locations:

 1.  HKEY_LOCAL_MACHINE/software/classes/<several entries>

 2.   HKEY_LOCAL_MACHINE/software/microsoft/
              cryptography/CertificateStore
 3.   HKEY_LOCAL_MACHINE/microsoft/
              SystemCertificates
 4.  HKEY_LOCAL_MACHINE/<both control sets>/control/
               SecurityProviders/SCHANNEL/CertificateAuthorities

 5.  HKEY_CURRENT_USER/Software/microsoft/
              SystemCertificates/MY/certificates


#1 is file and COM/OLE extensions, and #5 is the MY store I created when I opened a \
"system certificate store" in the code I am playing with, so those are not puzzling \
me (well, not much.  What kinds of applications are envisaged to create system \
certificate stores?).  But both #2 and #3 contain certificates, and #4 contains \
information that I expect would be interesting to anyone validating certificates.  

Who is responsible for each of #2, #3, and #4, what exactly is each of these used \
for, and how do they differ from/relate to each other?  What applications, if any, \
are expected to read/modify these?  What security protections should be associated \
with each?

Thank you,

 Susan Chapin (schapin@mitre.org) 
(All statements above are my very own and are not approved by or necessarily even \
known to my employer).


[prev in list] [next in list] [prev in thread] [next in thread]