Can we change the cryptography key storage path to local path instead of admin path

Munagala, Rekha 16 Reputation points
2022-04-10T15:58:37.003+00:00

When I am trying to create the Key by using api NCryptCreatePersistedKey then the key is storing under local admin user i.e.,

C:\Users\AppData\Roaming\Microsoft\Crypto\Keys

So can we store the keys to local user.

Windows API - Win32
Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,484 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Junjie Zhu - MSFT 16,151 Reputation points Microsoft Vendor
    2022-04-10T22:23:43.52+00:00

    Hello,
    Welcome to Microsoft Q&A!

    At present, it is impossible to storage to the local path through winapi.

    According to the parameter hProvider in NCryptCreatePersistedKey is generated by NCryptOpenStorageProvider.

    SECURITY_STATUS NCryptOpenStorageProvider(  
      [out]          NCRYPT_PROV_HANDLE *phProvider,  
      [in, optional] LPCWSTR            pszProviderName,  
      [in]           DWORD              dwFlags  
    );  
    

    Microsoft offers three built-in key storage providers.

    [in, optional] pszProviderName  
    

    A pointer to a null-terminated Unicode string that identifies the key storage provider to load. This is the registered alias of the key storage provider. This parameter is optional and can be NULL. If this parameter is NULL, the default key storage provider is loaded. The following values identify the built-in key storage providers.

    Also described in the documentation.
    https://learn.microsoft.com/en-us/windows/win32/api/ncrypt/nf-ncrypt-ncryptcreatepersistedkey#parameters

    [in] dwFlags  
    

    NCRYPT_MACHINE_KEY_FLAG
    The key applies to the local computer. If this flag is not present, the key applies to the current user.

    So it will be stored in the corresponding file by default.

    Thank you.


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments