摘要： 研究Windows操作系统下证书的保护机制，分析私钥导出标志位、私钥访问提示保护和密码保护3种主要安全措施的工作原理，采用正向分析和逆向工程相结合的研究方法，证明软件形式的证书在Windows操作系统中存在安全隐患。指出可以利用与专用硬件相结 合的方法提高证书的安全性。

关键词: 私钥导出标, 访问提示, 密码保护, 证书保护机制

Abstract: This paper studies the certificate protection mechanism in Windows operating system, it analyses the theory of the three security measures which include the private key export flag protection, the private key accession prompt protection and the password protection. A research method that uses a combination of forward analysis and reverse engineering is applied. It shows that there are security risks in the certificates in the form of software in the Windows operating system. It proposes that it can improve the certificates’ security by storing in the hardware.

Key words: private key export flag, access prompt, key protection, certificate protection mechanism

中图分类号: 

• TP309