Cryptography key management for the E-Notebook 9.0

Cryptography key management for the E-Notebook 9.0

When connecting to an E-Notebook business tier server from an E-Notebook business tier client, the user’s password is encrypted using a public/private key pair generated by the Microsoft Cryptography API. In order for the password to be completely secure, the client requests a public key from the Server, and uses that public key to encrypt the public key from the client that was used to encrypt the actual password. When the password is received by the server, it first decrypts the public key provided by the client using its private key, and then decrypts the password using the client’s public key.

For Windows XP, the cryptography keys for a user are stored in: C:\Documents and Settings\[user name]\Application Data\Microsoft\Crypto\RSA. Machine keys are stored in C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA.

The provider name for the keys stored on the server is “ENServer8”. When creating a public/private key pair on the server, the key pair is first accessed or created for the currently logged in user. If that fails, then a machine key is accessed or created. If that fails, then the connection fails. A machine key can not be accessed if it was created by another user. A machine key can not be written if a machine key with the same provider name already exists.

The provider name for the keys stored on the client is “ENClient8”. When creating a public/private key pair on the client, the key pair is created for the currently logged in user. If that fails, then the connection fails.

The DeleteCryptoKeys utility is provided to delete the cryptography keys with the specified provider names for both user keys and machine keys. When running the DeleteCryptoKeys utility to delete machine keys on the business tier, the currently logged in user must be a user who has permission to write machine cryptography keys.

Following is a scenario where DeleteCryptoKeys is needed:

1. On the E-Notebook business tier, the authenticated user for the E-Notebook process is UserA. This user does not have permission to create user keys, only machine keys.
2. A client connects to the E-Notebook business tier, and a public/private key pair is created using the provider name “ENServer8”. This key pair is a machine key pair.
3. On the business tier, the authenticated user for the E-Notebook process changes to UserB. UserB also does not have permission to create user keys, only machine keys.
4. When a client connects to the E-Notebook business tier, the machine keys associated with provider name “ENServer8” can not be accessed by UserB because they were created by UserA. However, a machine key can not be created with the provider name “ENServer8” because a machine key already exists with that provider name. Thus, the connection fails.
5. At this point, connecting to the business tier machine as an administrator and running the DeleteCryptoKeys utility will delete the “ENServer8” machine key.
6. Now, when a client connects to the E-Notebook business tier, the server will create a machine key with the provider name “ENServer8” while logged in as UserB.