is it possible in openca to issue non-exportable certificate - i.e. - if user imports the cert - he can not export it anymore. chip cards are not an issue - but what about key storages in os - windows etc...
Yes, this is possible of course because smartcards only supports non-exportable keys (there are no non-exportable certificates :) ). ieCSR.vbs supports this.
how to protect private key of the user - so he does not change the level of protection - is there a way to call private key generation on client side at a high level of protection ? (now there are two or three levels available in openca - we need only one - the highest)
I don't know how prevent that a user change the security level but the default level should be configurable via certHelper.GenKeyFlags. Please see ieCSR.vbs and www.microsoft.com for more information. The documentation of Microsoft is really good.
Michael -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
------------------------------------------------------- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
