mailing list archives
Removing certificates on MS Windows.
From: Manuel Mollar Villanueva <mm.disclosure () nisu org>
Date: Sat, 08 Apr 2006 18:14:52 +0200
This applies for all MS Windows versions.
If you have a certificate installed on HD (i.e. using the MS Enhaced
CSP), then, following Microsoft, you can remove it using IExplorer, on
the *Tools* menu, you click *Internet Options*, then you click the*
Content* tab, and then click Remove. This is a well known action
Doing this, you effectively remove the certificate, but THE PRIVATE KEY
REMAINS IN THE HD.
You can find a lot of scenarios where this can be a problem. Suppose you
go to a friend's home, you install a pkcs12 file containing your
certificate and private key with "Medium" security level (the default),
then you use it, and when you finishes your work, you remove the
certificate (but NO the private key). Then your friend takes your
certificate (is a public document) and installs it, having your private
key working for him.
The program cleancapi deletes the private keys that are not used by any
Source code: http://dwnl.nisu.org/dwnl?fic=cleancapi_0_2_src.zip
Precompiled version: http://dwnl.nisu.org/dwnl?fic=cleancapi_0_2_bin.zip
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Removing certificates on MS Windows. Manuel Mollar Villanueva (Apr 08)