Using a Backup Authority

A version of this page is also available for

Windows Embedded CE 6.0 R3

4/8/2010

A backup authority is a privileged application running on a more secure computer that provides storage for the session keys of its clients. All session keys stored there are encrypted, in the form of key BLOBs, with the backup authority's public key.

To store session keys in a backup authority

1. Encrypt the file.

2. Export the session key used to encrypt the file into a simple key BLOB, specifying that your own key exchange public key be used to encrypt the key BLOB.

3. Store this key BLOB with the encrypted file.

4. Export the session key, specifying that the backup authority's public key be used to encrypt the key BLOB.

5. Send this key BLOB to the backup authority, along with the key's description, serial number, and so on.

If, at a later time, you lose your key pairs, you can retrieve the session keys from a backup authority, although you will first have to establish your identity with the authority.

See Also

Concepts

Microsoft Cryptographic System

Other Resources

Cryptography
Certificates