Exporting ‘non-exportable’ certificates - What the hell?
Certificates that are stored in a Cryptographic Service Provider (CSP) of a computer, marked as non-exportable should not be allowed to be exported, ever… It seems though that iSEC found a way to ‘Jailbreak’ non-exportable certificates.
The big question is: is this a hack or is this using official supported functionality? Probably a bit of both. Nevertheless, Symantec already has something to say about this app. Clearly these kind of tools are working on the edge of what should be possible, and what should not.
It comes down to a simple fact: Keys on a disk are not securable by any means. If you need to secure keys, use smart cards or other techniques that provide a physical layer against the stored key. Finally, jail breaking certificates can be done if needed and it’s nice there’s a tool for it. Though use this with care!
