locked
How could key container be secure storage? Or should I just use default container? RRS feed

  • Question

  • My goal is to protect a piece of user's PII persistent on disk from tampering by processes running under different user account either privileged or non-privileged.

    Found CAPI CryptAcquireContext() suggest to use unique container ID to avoid naming space conflict: http://msdn.microsoft.com/en-us/library/windows/desktop/aa379886(v=vs.85).aspx

    No sure if CAPI key database address this issue if any processes could tamper the key container named/created uniquely by a process running under a different user account? Like deleting or overwriting context from it?

    I am concerned about the AIC of key in key container across different users and possible DoS attach when an app uses its own pszContainer but later the pszContainer become known to malicious process who wants to attack the app and sensitive info.

    Thanks


    • Edited by Mr_Jones_ Thursday, March 15, 2012 3:52 PM
    Thursday, March 15, 2012 3:37 AM