Reputation: 11
Open a certificate store (program only)
I'm implementing a program that involves saving and reading certificates in the certificate store.
The certificate opening and reading is done through the following 2 APIs:
CertOpenStore()
CertFindCertificateInStore()
For example, certificate(A) is stored in the certificate store by the program and I want the user to be unable to interact with the store where the certificate is stored (manually adding, deleting a certificate ...). The deletion or addition of a certificate is implement only by the program. So how do I do this?
Thanks in advance.
Upvotes: 0
Views: 192
Answers (1)
Reputation: 93948
Basically, you cannot fully get this to work, as it is similar to the DRM problem. A user can always reverse engineer your application and create his own runtime.
You can try and perform a MAC over the store and keep the key in your application. However, if the user finds the key then your store can be changed and a new authentication tag can be created.
In the end you need either a trusted execution environment (TEE) or some kind of access elevation for your application (i.e. running under a specific user that can change files, while the ordinary user can only read the file).
Upvotes: 1
Related Questions
- Microsoft CNG - Create a self signed certificate in memory using BCrypt functions
- Load an PEM encoded X.509 certificate into Windows CryptoAPI
- Read and validate certificate from executable
- X509 Certificate verification with Windows Crypto API
- c++ code for ceating X509 certificate and verify it
- Access X509 Certificate store with unmanaged C++
- Attach .pfx certificate to exe file
- Windows certificate store
- Create new certificate store in C/C++
- Obtaining ssl certificate on windows using C++