Where are certificate private keys stored in Windows 7?

windows-7 windows certificate
35,766

The keys are stored via Microsoft's Cryptography API: Next Generation (CNG).

Storage locations:

  • User private:
    %APPDATA%\Microsoft\Crypto\Keys
  • Local system private:
    %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\SystemKeys
  • Local service private:
    %WINDIR%\ServiceProfiles\LocalService
  • Network service private:
    %WINDIR%\ServiceProfiles\NetworkService
  • Shared private:
    %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\Keys

Description:

CNG provides a model for private key storage that allows adapting to the current and future demands of creating applications that use cryptography features such as public or private key encryption, as well as the demands of the storage of key material. The key storage router is the central routine in this model and is implemented in Ncrypt.dll. An application accesses the key storage providers (KSPs) on the system through the key storage router, which conceals details, such as key isolation, from both the application and the storage provider itself. The following illustration shows the design and function of the CNG key isolation architecture.
Key Storage Architecture
Source

Note:

As noted by Tim G, the keys are not readable at file level because they are encrypted in the process of storing them via the CNG API.

Share:
35,766

Related videos on Youtube

TheByeByeMan
Author by

TheByeByeMan

Updated on September 18, 2022

Comments

  • TheByeByeMan
    TheByeByeMan over 1 year

    Using the certmgr.msc utility, I can access the windows cert store, but I still can't figure out where Windows stores the private keys.

    For example for a given certificate, Windows tells me that there is a private key associated with this certificate. But where I can I physically find it ?

  • Tim G
    Tim G about 8 years
    These key locations are correct, but I have one point of emphasis/clarity: Windows Key isolation services obscure the keys, so they are not readable at the user or Administrator level from within the operating system as-is. (They are visible as files in Explorer, but you couldn't dump their true contents in a hex viewer or as ugly ASCII in notepad -- it would still be ugly ASCII, just not the true representation like in Unixoid systems.)
  • Martin Bonner supports Monica
    Martin Bonner supports Monica almost 6 years
    @TimG Can you point me at any documentation which describes that obscuration? (I realize it's a bit late, but I can hope...)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How can I tell what version of Windows came on a laptop?
Windows 7: EFS and Windows backup (system image) - Certificates not included?
WIndows integrated utility to convert DER to PEM
What are the Windows system certificate stores?
Importing .PEM certificates on Windows 7 on the command line
Windows 7 appears to select inconsistent anchor during wireless connection
Is it possible to configure a virtual network interface on Windows7?
Multiple Workspaces in Windows with Two Monitors
Generating an RSA key pair in powershell
How do I set Windows Environment variables permanently?