To help comply with certain Common Criteria requirements, various key operations are audited. Enter the following command from an elevated command-prompt to configure key auditing in Windows Vista.
auditpol /set /subcategory:"other system events" /success:enable /failure:enable
Note | The U.S. Government Protection Profile for Single-level Operating Systems in Environments Requiring Medium Robustness v1.67, §5.1, defines security audit requirements, including those related to cryptographic key use (NSA 2003). |
Various keys operations, such as creation, deletion, and key access will yield events such as those shown in Figure 7-1.
Figure 7-1: Audit event created when an RSA key is accessed from CNG.
You can view these entries in the Security log of the Windows Event Viewer.