Advice Request Key management in Windows

Please provide comments and solutions that are helpful to the author of this topic.

notabot

Level 15
Thread author
Verified
Oct 31, 2018
703
Many policies revolve around allowing only signed code etc, verifying drivers at boot etc, which begs the question of how key management is done in Windows.

How is a key revoked ? Is it eg revoked with Windows updates or with another distribution channel

Where are the keys stored are they in a software keystore or eg in the TPM ? If it’s a software keystore what protections are built around they keystore?

Which is the root CA for the keys that sign code?

What standards does the CA impose ? Which encryption methods does it accept and with what parameters ?

Also what types of hashes of an app can be signed for the app to be considered signed ? Does eg signing the md5 qualify ? Or it needs to be a more modern algorithm like sha256? Where are acceptable hashing algorithms configured? Where are acceptable signing algorithms configured?
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top