The certificates are not stored in files, but in the Registry, in this path under either HKLM (for the system) or HKCU (for an individual user):
\Software\Microsoft\SystemCertificates
EFS public keys are stored in TrustedPeople\Certificates under the above path in HKLM. EFS private keys are stored in the HKCU equivalent. Each certificate gets a subkey of Certificates named the thumbprint. The data is kept in a binary value called Blob that seems to be in the same format as a PKCS #12 file, though I have not tried to run it through a decoder.
No comments:
Post a Comment