What are the benefits of Windows Certificate Store?

I just bought a code-signing certificate for the first time. I'm successfully signing my code from script/command line using

signtool sign /f <pfx file> /p <password> <exe file>

I noticed that signtool also has a /a option that will "choose the best certificate", which I believe uses any certificates imported into the Windows Certificate Store to select from.

If I double-click my cert, it opens the Certificate Import Wizard.

What are the pros/cons of using the Certificate Store? In particular for an individual developer.

It looks like with the certificate开发者_开发问答 store I do not need to use provide the password for each call. I guess that means the certificate store is linked to my user and uses my login credentials to validate use of the certs?

Thanks, Brett

I'm adding this answer because I'm concerned some people may be led down the wrong path by the previous answer. You have to be careful with how you handle your certificates. You should also be very careful of how you handle your private keys (i.e. don't leave them in files in the file system).

Here is what the Windows Certificate Store provides:

• APIs for managing certificates: See Support Certificates In Your Applications With The .NET Framework 2.0 http://msdn.microsoft.com/en-us/magazine/cc163454.aspx
• UI for useful tasks like renewing a certificate
• User access control through ACLs (yes you can do this through the file system too but the store allows you to easily grant access by installing to an accounts local store)
• Enterprise features, for example, storing certificates in a roaming profile
• Single location for all certificates
• Support for tying a private key to a certificate and allowing or not allowing export of the key

I encourage you to do your own research and make an informed decision.

As far as I am concerned, there really isn't any clear benefit to using the the Windows Certificate Store aside from having it organized in a streamlined manner in a database (the registry).

In some cases (e.g. export) it is more convenient to work with the store.

If you are interested in learning more about the inner-working of the certificate store, check the following:

http://msdn.microsoft.com/en-us/library/aa386971%28VS.85%29.aspx

http://technet.microsoft.com/en-us/library/cc962104.aspx