hello no problem - thank you.
there are two ways how to solve my question. 1. keygenflags in ieCSR.vbs. by using the value 67108866 the private key is marked as non exportable and a dialogue letting user to choose the level of private key protection is displayed. by using the value 67108864 the private key is also marked as non exportable and the dialogue letting user to choose the level of private key protection is not displayed. the level is set to - no protection at all. so i obviously am setting/unsetting some of theese flags: 0x00000001 CRYPT_EXPORTABLE 0x00000002 CRYPT_USER_PROTECTED does anybody know what exactly means flag 0x00000002 CRYPT_USER_PROTECTED and how the values are composed (67108866 or 67108864). does anybody know if there is a flag to set password on private key ? 2. there should be better way to solve my question - to use openssl extfile on CA and fill in extension for non exportable certs. does anybody know how such and extension looks like and how to eventually format it for openca openssl extfile ? is that method usable for private keys generated on clients ? thank you for any hint. martin lizner www.anect.com czech rep. On Fri, 30 May 2003, Michael Bell wrote: > Martin Lizner wrote: > > > while generating private key for ms internet explorer user, he is > > presented dialogue, where he can choose the level of private key > > protection. is there a way how to generate the private key with strongest > > protection by default (the key is protected by a password). and is there a > > way to offer only one option - the strongest protection ? now there are 3 > > levels (3 private key pwd protected / 2 private key unprotected - only > > warning presented upon acces to private key / 1 no warnings). > > This depends on the keygenflags in ieCSR.vbs. If you have a > recommendation what should be the default then please write a mail. > Sorry for ignoring you for such a long time but I'm not a windows > specialist. I added some minutes ago support for 512, 1024, 2048 bit rsa > keys dependend on the options which a user choose on the first form. > > Greetings Michael > -- > ------------------------------------------------------------------- > Michael Bell Email: [EMAIL PROTECTED] > ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 > (Computing Centre) Fax: +49 (0)30-2093 2704 > Humboldt-University of Berlin > Unter den Linden 6 > 10099 Berlin Email (private): [EMAIL PROTECTED] > Germany http://www.openca.org > > ------------------------------------------------------- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
