Security / Encryption and authentication |
The entire concept of security is based on the publication of the public key, and the privacy of the associated private key. For maximum security, it is critical to restrict the access of the private key to the owner of the certificate and associated private key.
As the UNIX system is already able to restrict the access of a file to only one person, simply restrict access to the private key to the owner of that key to achieve a good level of security. This provides enough security to allow a Genero Web Services client to perform secured communications in the name of the certificate and private key owner, because access to the private key file is granted only if the correct user has logged in.
The Windows system doesn't provide a reliable and sufficiently strong file access rights policy to secure a file. However, Windows has an integrated key store system to manage certificates and private keys. It allows the registration and the storage of X.509 certificate authorities, as well as personal X.509 certificates and their associated private keys accessible only if the correct user has logged in. It is recommended that you store the certificate and associated private key in the Windows key store instead of in files on the disk.