Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What are the benefits of Windows Certificate Store?

Tags:

windows

code-signing

I just bought a code-signing certificate for the first time. I'm successfully signing my code from script/command line using 

signtool sign /f <pfx file> /p <password> <exe file>

I noticed that signtool also has a /a option that will "choose the best certificate", which I believe uses any certificates imported into the Windows Certificate Store to select from.

If I double-click my cert, it opens the Certificate Import Wizard.

What are the pros/cons of using the Certificate Store? In particular for an individual developer.

It looks like with the certificate store I do not need to use provide the password for each call. I guess that means the certificate store is linked to my user and uses my login credentials to validate use of the certs?

Thanks, Brett

like image 700
Brett Stottlemyer Avatar asked Sep 04 '10 15:09

Brett Stottlemyer

People also ask

What is the Windows certificate store?

On a computer that has the Windows operating system installed, the operating system stores a certificate locally on the computer in a storage location called the certificate store. A certificate store often has numerous certificates, possibly issued from a number of different certification authorities (CAs).

What are Windows certificates used for?

The primary function of a certificate is to authenticate the identity of the owner of the certificate to others. A certificate contains the public key of the owner, while the owner retains the private key. The public key can be used to encrypt messages sent to the owner of the certificate.

How does a certificate store work?

Certificates in a certificate store are normally kept in some kind of permanent storage such as a disk file or the system registry. Certificate stores can also be created and opened strictly in memory. A memory store provides temporary certificate storage for working with certificates that do not need to be kept.

Where are certificates stored on Windows?

This certificate store is located in the registry under the HKEY_LOCAL_MACHINE root. This type of certificate store is local to a user account on the computer. This certificate store is located in the registry under the HKEY_CURRENT_USER root.

2 Answers

I'm adding this answer because I'm concerned some people may be led down the wrong path by the previous answer. You have to be careful with how you handle your certificates. You should also be very careful of how you handle your private keys (i.e. don't leave them in files in the file system).

Here is what the Windows Certificate Store provides:

  • APIs for managing certificates: See Support Certificates In Your Applications With The .NET Framework 2.0 http://msdn.microsoft.com/en-us/magazine/cc163454.aspx
  • UI for useful tasks like renewing a certificate
  • User access control through ACLs (yes you can do this through the file system too but the store allows you to easily grant access by installing to an accounts local store)
  • Enterprise features, for example, storing certificates in a roaming profile
  • Single location for all certificates
  • Support for tying a private key to a certificate and allowing or not allowing export of the key

I encourage you to do your own research and make an informed decision.

like image 107
Ed Greaves Avatar answered Oct 02 '22 07:10

Ed Greaves

As far as I am concerned, there really isn't any clear benefit to using the the Windows Certificate Store aside from having it organized in a streamlined manner in a database (the registry).

In some cases (e.g. export) it is more convenient to work with the store.

If you are interested in learning more about the inner-working of the certificate store, check the following:

http://msdn.microsoft.com/en-us/library/aa386971%28VS.85%29.aspx

http://technet.microsoft.com/en-us/library/cc962104.aspx

like image 43
Android Eve Avatar answered Oct 02 '22 07:10

Android Eve
Sign in to Comment

Related questions

Time limited trial and Windows Certification
Disable default ALT key action in JFrame under Windows
_setmaxstdio max open files is 2048 only?
How to get location of %temp%\Low when running as a low intergrity process
Using C#/C++, is it possible to limit network traffic?
Is there a WPF control which will show a list of files in an Explorer-like view?
Pass a string containing the * (asterisk) character as a command line argument in Windows Shell
Can't send key to window with SendMessage
Running multiprocess applications from MATLAB
Windows batch file to list folders that have a specific file in them
Get User SID From Logon ID (Windows XP and Up)
Best windows text editor with SVN integration?
On Windows, how does console window ownership work?
How to put exe file in windows Startup
How to keep my topmost window on top?
How to write INT64 to CString
OpenSSL and multi-threads
POINTER_32 - what is it, and why?
Add a border icon to the form
why does dependency walker shows 32 bit dll as 64 bit?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!