Re: Windows Key Manager

I am cross-posting to the iis.security newsgroup (even though you
have not state the web farm is IIS based).

I think I see why DPapi would not present a solution even though
storage in text file is, as indicated in initial post, a viable solution.

However, perhaps if you were to clarify your requirement and
the environment a little more.
Is this key just a string, or do you mean a certificate (that holds
this key)? I assume what you are after is safe storage of this key
that is used for your application internal encryption in such as way
that it will be automatically available upon automated provisioning
of a new server in the farm. Right? If so, characterize the farm
so we know what if any security contexts the instances share.

"SevDer" wrote in message
news:uh4iuD$VGHA.2760@TK2MSFTNGP11.phx.gbl...
> No this is not the one because we are on web farm and thats why we need to
> store our key somewhere.
>
> --
>
> SevDer
> http://www.sevder.com
> A new source for .NET Developers
>
>
> "Roger Abell [MVP]" wrote in message
> news:e665uL6VGHA.2272@TK2MSFTNGP11.phx.gbl...
>> Perhaps you are meaning storage via the DPAPI (data protection api).
>> Check in MSDN
>>
>>
>> "SevDer" wrote in message
>> news:%2356G3$0VGHA.4308@TK2MSFTNGP12.phx.gbl...
>>> Hi,
>>>
>>> I heard that Windows has a built in key manager that will be used for us
>>> to
>>> securely store our keys that we use for our internal encryption rather
>>> that
>>> hardcoding into the code or storing in text files.
>>>
>>> Any suggestions for this purpose?
>>>
>>> Thanks in advance.
>>>
>>> --
>>>
>>> SevDer
>>> http://www.sevder.com
>>> A new source for .NET Developers
>>>
>>>
>>>
>>>
>>
>>
>
>

Re: Windows Key Manager

Hi,

Web farm is performed by hardware loadbalancer balanced over 4 web servers.
But our sites are hosted on IIS on each machine where all the servers have
the code on their own harddrives.

And yes, it is just a string key, but if you recommend we can put into
certificate (I don't know how).

I hope this information is enough.



--

SevDer
http://www.sevder.com
A new source for .NET Developers


"Roger Abell [MVP]" wrote in message
news:OkxHvT$VGHA.4724@TK2MSFTNGP09.phx.gbl...
>I am cross-posting to the iis.security newsgroup (even though you
> have not state the web farm is IIS based).
>
> I think I see why DPapi would not present a solution even though
> storage in text file is, as indicated in initial post, a viable solution.
>
> However, perhaps if you were to clarify your requirement and
> the environment a little more.
> Is this key just a string, or do you mean a certificate (that holds
> this key)? I assume what you are after is safe storage of this key
> that is used for your application internal encryption in such as way
> that it will be automatically available upon automated provisioning
> of a new server in the farm. Right? If so, characterize the farm
> so we know what if any security contexts the instances share.
>
> "SevDer" wrote in message
> news:uh4iuD$VGHA.2760@TK2MSFTNGP11.phx.gbl...
>> No this is not the one because we are on web farm and thats why we need
>> to store our key somewhere.
>>
>> --
>>
>> SevDer
>> http://www.sevder.com
>> A new source for .NET Developers
>>
>>
>> "Roger Abell [MVP]" wrote in message
>> news:e665uL6VGHA.2272@TK2MSFTNGP11.phx.gbl...
>>> Perhaps you are meaning storage via the DPAPI (data protection api).
>>> Check in MSDN
>>>
>>>
>>> "SevDer" wrote in message
>>> news:%2356G3$0VGHA.4308@TK2MSFTNGP12.phx.gbl...
>>>> Hi,
>>>>
>>>> I heard that Windows has a built in key manager that will be used for
>>>> us to
>>>> securely store our keys that we use for our internal encryption rather
>>>> that
>>>> hardcoding into the code or storing in text files.
>>>>
>>>> Any suggestions for this purpose?
>>>>
>>>> Thanks in advance.
>>>>
>>>> --
>>>>
>>>> SevDer
>>>> http://www.sevder.com
>>>> A new source for .NET Developers
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

Re: Windows Key Manager

In a domain ?

"SevDer" wrote in message
news:OW%23sjSAWGHA.4724@TK2MSFTNGP09.phx.gbl...
> Hi,
>
> Web farm is performed by hardware loadbalancer balanced over 4 web
> servers. But our sites are hosted on IIS on each machine where all the
> servers have the code on their own harddrives.
>
> And yes, it is just a string key, but if you recommend we can put into
> certificate (I don't know how).
>
> I hope this information is enough.
>
>
>
> --
>
> SevDer
> http://www.sevder.com
> A new source for .NET Developers
>
>
> "Roger Abell [MVP]" wrote in message
> news:OkxHvT$VGHA.4724@TK2MSFTNGP09.phx.gbl...
>>I am cross-posting to the iis.security newsgroup (even though you
>> have not state the web farm is IIS based).
>>
>> I think I see why DPapi would not present a solution even though
>> storage in text file is, as indicated in initial post, a viable solution.
>>
>> However, perhaps if you were to clarify your requirement and
>> the environment a little more.
>> Is this key just a string, or do you mean a certificate (that holds
>> this key)? I assume what you are after is safe storage of this key
>> that is used for your application internal encryption in such as way
>> that it will be automatically available upon automated provisioning
>> of a new server in the farm. Right? If so, characterize the farm
>> so we know what if any security contexts the instances share.
>>
>> "SevDer" wrote in message
>> news:uh4iuD$VGHA.2760@TK2MSFTNGP11.phx.gbl...
>>> No this is not the one because we are on web farm and thats why we need
>>> to store our key somewhere.
>>>
>>> --
>>>
>>> SevDer
>>> http://www.sevder.com
>>> A new source for .NET Developers
>>>
>>>
>>> "Roger Abell [MVP]" wrote in message
>>> news:e665uL6VGHA.2272@TK2MSFTNGP11.phx.gbl...
>>>> Perhaps you are meaning storage via the DPAPI (data protection api).
>>>> Check in MSDN
>>>>
>>>>
>>>> "SevDer" wrote in message
>>>> news:%2356G3$0VGHA.4308@TK2MSFTNGP12.phx.gbl...
>>>>> Hi,
>>>>>
>>>>> I heard that Windows has a built in key manager that will be used for
>>>>> us to
>>>>> securely store our keys that we use for our internal encryption rather
>>>>> that
>>>>> hardcoding into the code or storing in text files.
>>>>>
>>>>> Any suggestions for this purpose?
>>>>>
>>>>> Thanks in advance.
>>>>>
>>>>> --
>>>>>
>>>>> SevDer
>>>>> http://www.sevder.com
>>>>> A new source for .NET Developers
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

Re: Windows Key Manager

No domain controller. All are standalone machines.

--

SevDer
http://www.sevder.com
A new source for .NET Developers


"Roger Abell [MVP]" wrote in message
news:%23tQEZ5FWGHA.3492@TK2MSFTNGP05.phx.gbl...
> In a domain ?
>
> "SevDer" wrote in message
> news:OW%23sjSAWGHA.4724@TK2MSFTNGP09.phx.gbl...
>> Hi,
>>
>> Web farm is performed by hardware loadbalancer balanced over 4 web
>> servers. But our sites are hosted on IIS on each machine where all the
>> servers have the code on their own harddrives.
>>
>> And yes, it is just a string key, but if you recommend we can put into
>> certificate (I don't know how).
>>
>> I hope this information is enough.
>>
>>
>>
>> --
>>
>> SevDer
>> http://www.sevder.com
>> A new source for .NET Developers
>>
>>
>> "Roger Abell [MVP]" wrote in message
>> news:OkxHvT$VGHA.4724@TK2MSFTNGP09.phx.gbl...
>>>I am cross-posting to the iis.security newsgroup (even though you
>>> have not state the web farm is IIS based).
>>>
>>> I think I see why DPapi would not present a solution even though
>>> storage in text file is, as indicated in initial post, a viable
>>> solution.
>>>
>>> However, perhaps if you were to clarify your requirement and
>>> the environment a little more.
>>> Is this key just a string, or do you mean a certificate (that holds
>>> this key)? I assume what you are after is safe storage of this key
>>> that is used for your application internal encryption in such as way
>>> that it will be automatically available upon automated provisioning
>>> of a new server in the farm. Right? If so, characterize the farm
>>> so we know what if any security contexts the instances share.
>>>
>>> "SevDer" wrote in message
>>> news:uh4iuD$VGHA.2760@TK2MSFTNGP11.phx.gbl...
>>>> No this is not the one because we are on web farm and thats why we need
>>>> to store our key somewhere.
>>>>
>>>> --
>>>>
>>>> SevDer
>>>> http://www.sevder.com
>>>> A new source for .NET Developers
>>>>
>>>>
>>>> "Roger Abell [MVP]" wrote in message
>>>> news:e665uL6VGHA.2272@TK2MSFTNGP11.phx.gbl...
>>>>> Perhaps you are meaning storage via the DPAPI (data protection api).
>>>>> Check in MSDN
>>>>>
>>>>>
>>>>> "SevDer" wrote in message
>>>>> news:%2356G3$0VGHA.4308@TK2MSFTNGP12.phx.gbl...
>>>>>> Hi,
>>>>>>
>>>>>> I heard that Windows has a built in key manager that will be used for
>>>>>> us to
>>>>>> securely store our keys that we use for our internal encryption
>>>>>> rather that
>>>>>> hardcoding into the code or storing in text files.
>>>>>>
>>>>>> Any suggestions for this purpose?
>>>>>>
>>>>>> Thanks in advance.
>>>>>>
>>>>>> --
>>>>>>
>>>>>> SevDer
>>>>>> http://www.sevder.com
>>>>>> A new source for .NET Developers
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

Re: Windows Key Manager

Well, I am back where I was to start with.
What if you have a page or component that fires up in context of
the backend account if it see the needed key is not in its CPapi
protected private store, which same allows the one-time entry
of same ? Part of install, or out of application onstart during
first time use after install, or . . .

"SevDer" wrote in message
news:uPjzxNLWGHA.4132@TK2MSFTNGP04.phx.gbl...
> No domain controller. All are standalone machines.
>
> --
>
> SevDer
> http://www.sevder.com
> A new source for .NET Developers
>
>
> "Roger Abell [MVP]" wrote in message
> news:%23tQEZ5FWGHA.3492@TK2MSFTNGP05.phx.gbl...
>> In a domain ?
>>
>> "SevDer" wrote in message
>> news:OW%23sjSAWGHA.4724@TK2MSFTNGP09.phx.gbl...
>>> Hi,
>>>
>>> Web farm is performed by hardware loadbalancer balanced over 4 web
>>> servers. But our sites are hosted on IIS on each machine where all the
>>> servers have the code on their own harddrives.
>>>
>>> And yes, it is just a string key, but if you recommend we can put into
>>> certificate (I don't know how).
>>>
>>> I hope this information is enough.
>>>
>>>
>>>
>>> --
>>>
>>> SevDer
>>> http://www.sevder.com
>>> A new source for .NET Developers
>>>
>>>
>>> "Roger Abell [MVP]" wrote in message
>>> news:OkxHvT$VGHA.4724@TK2MSFTNGP09.phx.gbl...
>>>>I am cross-posting to the iis.security newsgroup (even though you
>>>> have not state the web farm is IIS based).
>>>>
>>>> I think I see why DPapi would not present a solution even though
>>>> storage in text file is, as indicated in initial post, a viable
>>>> solution.
>>>>
>>>> However, perhaps if you were to clarify your requirement and
>>>> the environment a little more.
>>>> Is this key just a string, or do you mean a certificate (that holds
>>>> this key)? I assume what you are after is safe storage of this key
>>>> that is used for your application internal encryption in such as way
>>>> that it will be automatically available upon automated provisioning
>>>> of a new server in the farm. Right? If so, characterize the farm
>>>> so we know what if any security contexts the instances share.
>>>>
>>>> "SevDer" wrote in message
>>>> news:uh4iuD$VGHA.2760@TK2MSFTNGP11.phx.gbl...
>>>>> No this is not the one because we are on web farm and thats why we
>>>>> need to store our key somewhere.
>>>>>
>>>>> --
>>>>>
>>>>> SevDer
>>>>> http://www.sevder.com
>>>>> A new source for .NET Developers
>>>>>
>>>>>
>>>>> "Roger Abell [MVP]" wrote in message
>>>>> news:e665uL6VGHA.2272@TK2MSFTNGP11.phx.gbl...
>>>>>> Perhaps you are meaning storage via the DPAPI (data protection api).
>>>>>> Check in MSDN
>>>>>>
>>>>>>
>>>>>> "SevDer" wrote in message
>>>>>> news:%2356G3$0VGHA.4308@TK2MSFTNGP12.phx.gbl...
>>>>>>> Hi,
>>>>>>>
>>>>>>> I heard that Windows has a built in key manager that will be used
>>>>>>> for us to
>>>>>>> securely store our keys that we use for our internal encryption
>>>>>>> rather that
>>>>>>> hardcoding into the code or storing in text files.
>>>>>>>
>>>>>>> Any suggestions for this purpose?
>>>>>>>
>>>>>>> Thanks in advance.
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>> SevDer
>>>>>>> http://www.sevder.com
>>>>>>> A new source for .NET Developers
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

Re: Windows Key Manager

I don't understand the answer.
I simply want to know how can I use the key manager? Is there a
documentation regarding this or is there something that you suggest me to
store my key securely and access it securely? right now my key is on each
machine with in a hidden text file.

What is the secure answer to my problem?

Note: I cannot use webservice for this purpose due to high volume usage of
the sites! It will slow me down and kill my threads.

--

SevDer
http://www.sevder.com
A new source for .NET Developers


"Roger Abell [MVP]" wrote in message
news:eEWgH%23kWGHA.4768@TK2MSFTNGP05.phx.gbl...
> Well, I am back where I was to start with.
> What if you have a page or component that fires up in context of
> the backend account if it see the needed key is not in its CPapi
> protected private store, which same allows the one-time entry
> of same ? Part of install, or out of application onstart during
> first time use after install, or . . .
>
> "SevDer" wrote in message
> news:uPjzxNLWGHA.4132@TK2MSFTNGP04.phx.gbl...
>> No domain controller. All are standalone machines.
>>
>> --
>>
>> SevDer
>> http://www.sevder.com
>> A new source for .NET Developers
>>
>>
>> "Roger Abell [MVP]" wrote in message
>> news:%23tQEZ5FWGHA.3492@TK2MSFTNGP05.phx.gbl...
>>> In a domain ?
>>>
>>> "SevDer" wrote in message
>>> news:OW%23sjSAWGHA.4724@TK2MSFTNGP09.phx.gbl...
>>>> Hi,
>>>>
>>>> Web farm is performed by hardware loadbalancer balanced over 4 web
>>>> servers. But our sites are hosted on IIS on each machine where all the
>>>> servers have the code on their own harddrives.
>>>>
>>>> And yes, it is just a string key, but if you recommend we can put into
>>>> certificate (I don't know how).
>>>>
>>>> I hope this information is enough.
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> SevDer
>>>> http://www.sevder.com
>>>> A new source for .NET Developers
>>>>
>>>>
>>>> "Roger Abell [MVP]" wrote in message
>>>> news:OkxHvT$VGHA.4724@TK2MSFTNGP09.phx.gbl...
>>>>>I am cross-posting to the iis.security newsgroup (even though you
>>>>> have not state the web farm is IIS based).
>>>>>
>>>>> I think I see why DPapi would not present a solution even though
>>>>> storage in text file is, as indicated in initial post, a viable
>>>>> solution.
>>>>>
>>>>> However, perhaps if you were to clarify your requirement and
>>>>> the environment a little more.
>>>>> Is this key just a string, or do you mean a certificate (that holds
>>>>> this key)? I assume what you are after is safe storage of this key
>>>>> that is used for your application internal encryption in such as way
>>>>> that it will be automatically available upon automated provisioning
>>>>> of a new server in the farm. Right? If so, characterize the farm
>>>>> so we know what if any security contexts the instances share.
>>>>>
>>>>> "SevDer" wrote in message
>>>>> news:uh4iuD$VGHA.2760@TK2MSFTNGP11.phx.gbl...
>>>>>> No this is not the one because we are on web farm and thats why we
>>>>>> need to store our key somewhere.
>>>>>>
>>>>>> --
>>>>>>
>>>>>> SevDer
>>>>>> http://www.sevder.com
>>>>>> A new source for .NET Developers
>>>>>>
>>>>>>
>>>>>> "Roger Abell [MVP]" wrote in message
>>>>>> news:e665uL6VGHA.2272@TK2MSFTNGP11.phx.gbl...
>>>>>>> Perhaps you are meaning storage via the DPAPI (data protection api).
>>>>>>> Check in MSDN
>>>>>>>
>>>>>>>
>>>>>>> "SevDer" wrote in message
>>>>>>> news:%2356G3$0VGHA.4308@TK2MSFTNGP12.phx.gbl...
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> I heard that Windows has a built in key manager that will be used
>>>>>>>> for us to
>>>>>>>> securely store our keys that we use for our internal encryption
>>>>>>>> rather that
>>>>>>>> hardcoding into the code or storing in text files.
>>>>>>>>
>>>>>>>> Any suggestions for this purpose?
>>>>>>>>
>>>>>>>> Thanks in advance.
>>>>>>>>
>>>>>>>> --
>>>>>>>>
>>>>>>>> SevDer
>>>>>>>> http://www.sevder.com
>>>>>>>> A new source for .NET Developers
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

Re: Windows Key Manager

Well, I would have to assume that when a new machine is
brought up / configured to be part of the farm there is then
the opportunity to do the key storage.

Whatever this thing you seek under the name Key Manager
is, it is either something no longer around (there was a Key
Manager in Nt 4 used by IIS 4, and also in older versions of
Exchange) or is perhaps third-party or misnamed.

It sounded like you were seeking how to store some information
privately, that would however be accessible to the correct, allowed
context. DPapi is the way that is programmed in Windows from
XP onwards.

--
Roger Abell
Microsoft MVP (Windows Server : Security)
MCDBA, MCSE W2k3+W2k+Nt4
"SevDer" wrote in message
news:ucUCHjnWGHA.3864@TK2MSFTNGP04.phx.gbl...
>I don't understand the answer.
> I simply want to know how can I use the key manager? Is there a
> documentation regarding this or is there something that you suggest me to
> store my key securely and access it securely? right now my key is on each
> machine with in a hidden text file.
>
> What is the secure answer to my problem?
>
> Note: I cannot use webservice for this purpose due to high volume usage of
> the sites! It will slow me down and kill my threads.
>
> --
>
> SevDer
> http://www.sevder.com
> A new source for .NET Developers
>
>
> "Roger Abell [MVP]" wrote in message
> news:eEWgH%23kWGHA.4768@TK2MSFTNGP05.phx.gbl...
>> Well, I am back where I was to start with.
>> What if you have a page or component that fires up in context of
>> the backend account if it see the needed key is not in its CPapi
>> protected private store, which same allows the one-time entry
>> of same ? Part of install, or out of application onstart during
>> first time use after install, or . . .
>>
>> "SevDer" wrote in message
>> news:uPjzxNLWGHA.4132@TK2MSFTNGP04.phx.gbl...
>>> No domain controller. All are standalone machines.
>>>
>>> --
>>>
>>> SevDer
>>> http://www.sevder.com
>>> A new source for .NET Developers
>>>
>>>
>>> "Roger Abell [MVP]" wrote in message
>>> news:%23tQEZ5FWGHA.3492@TK2MSFTNGP05.phx.gbl...
>>>> In a domain ?
>>>>
>>>> "SevDer" wrote in message
>>>> news:OW%23sjSAWGHA.4724@TK2MSFTNGP09.phx.gbl...
>>>>> Hi,
>>>>>
>>>>> Web farm is performed by hardware loadbalancer balanced over 4 web
>>>>> servers. But our sites are hosted on IIS on each machine where all the
>>>>> servers have the code on their own harddrives.
>>>>>
>>>>> And yes, it is just a string key, but if you recommend we can put into
>>>>> certificate (I don't know how).
>>>>>
>>>>> I hope this information is enough.
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> SevDer
>>>>> http://www.sevder.com
>>>>> A new source for .NET Developers
>>>>>
>>>>>
>>>>> "Roger Abell [MVP]" wrote in message
>>>>> news:OkxHvT$VGHA.4724@TK2MSFTNGP09.phx.gbl...
>>>>>>I am cross-posting to the iis.security newsgroup (even though you
>>>>>> have not state the web farm is IIS based).
>>>>>>
>>>>>> I think I see why DPapi would not present a solution even though
>>>>>> storage in text file is, as indicated in initial post, a viable
>>>>>> solution.
>>>>>>
>>>>>> However, perhaps if you were to clarify your requirement and
>>>>>> the environment a little more.
>>>>>> Is this key just a string, or do you mean a certificate (that holds
>>>>>> this key)? I assume what you are after is safe storage of this key
>>>>>> that is used for your application internal encryption in such as way
>>>>>> that it will be automatically available upon automated provisioning
>>>>>> of a new server in the farm. Right? If so, characterize the farm
>>>>>> so we know what if any security contexts the instances share.
>>>>>>
>>>>>> "SevDer" wrote in message
>>>>>> news:uh4iuD$VGHA.2760@TK2MSFTNGP11.phx.gbl...
>>>>>>> No this is not the one because we are on web farm and thats why we
>>>>>>> need to store our key somewhere.
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>> SevDer
>>>>>>> http://www.sevder.com
>>>>>>> A new source for .NET Developers
>>>>>>>
>>>>>>>
>>>>>>> "Roger Abell [MVP]" wrote in message
>>>>>>> news:e665uL6VGHA.2272@TK2MSFTNGP11.phx.gbl...
>>>>>>>> Perhaps you are meaning storage via the DPAPI (data protection
>>>>>>>> api).
>>>>>>>> Check in MSDN
>>>>>>>>
>>>>>>>>
>>>>>>>> "SevDer" wrote in message
>>>>>>>> news:%2356G3$0VGHA.4308@TK2MSFTNGP12.phx.gbl...
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> I heard that Windows has a built in key manager that will be used
>>>>>>>>> for us to
>>>>>>>>> securely store our keys that we use for our internal encryption
>>>>>>>>> rather that
>>>>>>>>> hardcoding into the code or storing in text files.
>>>>>>>>>
>>>>>>>>> Any suggestions for this purpose?
>>>>>>>>>
>>>>>>>>> Thanks in advance.
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>>
>>>>>>>>> SevDer
>>>>>>>>> http://www.sevder.com
>>>>>>>>> A new source for .NET Developers
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>