Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Each cryptographic service provider (CSP) has a key database in which it stores persistent cryptographic keys. Each key database contains one or more key containers, each of which contains all the key pairs belonging to a specific user. The following illustration shows the relationship between CSPs, key databases, and key containers.
.gif "ms925926.keydb(en-us,MSDN.10).gif")
The CSP stores each key container from session to session, including all of the public/private key pairs that it contains. However, session keys are not automatically persisted to any permanent storage media.
Generally, a default key container is created for each user. Default key containers have a default name.
An application can create its own key container and key pairs, and assign a name to the key container. A key is created for each user and each machine. For each user, the key container is located in the HKEY_CURRENT_USER\Comm\Security\Crypto registry key. For each machine, the key container is located in the HKEY_LOCAL_MACHINE\Comm\Security\Crypto registry key.
CryptoAPI encrypts the contents of the key container using the CryptProtectData function.
See Also
Cryptography | Microsoft Cryptographic System | Certificates
Send Feedback on this topic to the authors