C:\Documents and Settings\<userid>\Application Data\Microsoft\Crypto\RSA\<SID>
The name of the encrypted files containing the keypairs is derived from a combination of
the MD5 hash of the CryptoAPI "keycontainer" name contatenated with the MachineGuid registry
value stored at:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
In detail, the keycontainer name is converted to lower-case, a null byte
is added, and the resultant ASCII byte[] is hashed using MD5. The resultant
16 byte hash data is then read as 4 DWORD values and encoded as hex data.
(Since multi-byte data is read in little-endian order, this has the simple
effect of reversing the hex-encoded bytes in groups of 4 bytes).
Finally, the MachineGuid value data is extracted from the registry and appended with
an underscore character separator. e.g.
keycontainer : MyCoolContainer MD5 hash (hex bytes): 7641ab524cd7a921f1e0e3730a4e37bc MD5 as 4 DWORDS hex: 52ab417621a9d74c73e3e0f1bc374e0a UniqueKeyContainer : 52ab417621a9d74c73e3e0f1bc374e0a_<machineGuidfromregistry>
Note that these details of keycontainer files is platform dependent and may change. Therefore developers should not rely on these specific implemention details. If available, it is best to use API functions to access keycontainer name information.
For example, the unique key container name can also be obtained from CryptoAPI
CryptGetProvParam()
using dwParam = PP_UNIQUE_CONTAINER.
Also, CAPICOM 2.0.0.3 provides access to the same unique key container name
by PrivateKey.UniqueContainerName
.
Michel I. Gallant
neutron@istar.ca