Full Disclosure mailing list archives
Removing certificates on MS Windows.
From: Manuel Mollar Villanueva <mm.disclosure () nisu org>
Date: Sat, 08 Apr 2006 18:14:52 +0200
Hi, This applies for all MS Windows versions.If you have a certificate installed on HD (i.e. using the MS Enhaced CSP), then, following Microsoft, you can remove it using IExplorer, on the *Tools* menu, you click *Internet Options*, then you click the* Content* tab, and then click Remove. This is a well known action described in http://www.microsoft.com/technet/prodtechnol/ie/reskit/6/part2/c06ie6rk.mspx?mfr=true
Doing this, you effectively remove the certificate, but THE PRIVATE KEY REMAINS IN THE HD. You can find a lot of scenarios where this can be a problem. Suppose you go to a friend's home, you install a pkcs12 file containing your certificate and private key with "Medium" security level (the default), then you use it, and when you finishes your work, you remove the certificate (but NO the private key). Then your friend takes your certificate (is a public document) and installs it, having your private key working for him.
The program cleancapi deletes the private keys that are not used by any certificate.
Source code: http://dwnl.nisu.org/dwnl?fic=cleancapi_0_2_src.zip Precompiled version: http://dwnl.nisu.org/dwnl?fic=cleancapi_0_2_bin.zip _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Removing certificates on MS Windows. Manuel Mollar Villanueva (Apr 08)
- Re: Removing certificates on MS Windows. Alessio L.R. Pennasilico (Apr 08)