On Fri, Jul 05, 2002, Richard Levitte - VMS Whacker wrote: > I'm trying to create a form for IE to build a PKCS10 request, using > xenroll.dll. It works well, except for one thing: it seems like the > private key never gets protected (I'm used to Netscape, where the key > database is protected with a password). I've tied to fiddle with the > parameters KeySpec and GenKeyFlags, and changing KeySpec to 2 (instead > of 1) does generate a dialog box from which you can choose, if you > want, to move the key to some store and to set a password for that > store (if I understand everything correctly). > > I'd like to force the user to protect the key or the key store with a > password instead of just giving them the option to do it. Anyone know > how one does that? > > Or is it something fundamental about the key stores that I have > missunderstood? >
Well AFAIK you can't do that. The corresponding CryptoAPI calls just have a single flag CRYPT_USER_PROTECTED which then throws up the dialog you see. Apart from that theres no control over what happens. MS does occasionally add some functionality to CryptoAPI so this may be possible on future versions but the newer versions frequently only ship on the latest OSes, though they do occasionally get silently added with MSIE upgrades. Steve. -- Dr. Stephen Henson [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~steve/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
