Thoughts about certificates
slinuxuzer
Member Posts: 665 ■■■■□□□□□□
I was thinking about certificates and the fact that your private key is stored inside your user profile. Well I also found that the certificate (which contains the public key) is also stored inside the users profile that they are using at the time the certificate is issued.
I found this out by coping the original profile over to another machine and poof now I had a certificate in the store, plus the private key, where as with the second copy there wasn't a cert or key.
So I am guessing that to make certs practicale for users that don't use the same workstation all the time you would just about have to implement Roaming profiles. In this sceneario does anyone know how practical it would be for someone to use a packet analyzer to get a copy of the roaming profile thereby compromising the private key?
I guess the best way is to use smart cards.
I found this out by coping the original profile over to another machine and poof now I had a certificate in the store, plus the private key, where as with the second copy there wasn't a cert or key.
So I am guessing that to make certs practicale for users that don't use the same workstation all the time you would just about have to implement Roaming profiles. In this sceneario does anyone know how practical it would be for someone to use a packet analyzer to get a copy of the roaming profile thereby compromising the private key?
I guess the best way is to use smart cards.
Comments
-
royal Member Posts: 3,352 ■■■■□□□□□□“For success, attitude is equally as important as ability.” - Harry F. Banks