Is it possible to suppress 'remember password' in the CryptoAPI high-security dialog?

From: Mathew (mathew_at_nospam.planet)
Date: 03/04/04

• Next message: Rhett Gong [MSFT]: "Re: How do I make the CryptoAPI private key access dialog box modal?"
• Previous message: Michel Gallant: "Re: CAPICOM and ASP"
• Next in thread: David Cross [MS]: "Re: Is it possible to suppress 'remember password' in the CryptoAPI high-security dialog?"
• Reply: David Cross [MS]: "Re: Is it possible to suppress 'remember password' in the CryptoAPI high-security dialog?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 4 Mar 2004 15:31:34 +1300

Hi

Re: Is it possible to suppress 'remember password' in the CryptoAPI
high-security dialog?

I have a digital signature application where the private keys must be used
in the high security mode that the CrypoAPI supports for keys. It would be
inappropriate for users to use the 'remember password' checkbox, so I'd like
to remove the option from this dialog. Can I do that?

Regards
Mathew

PS.

The dialog I 'm referring to occurs when you call 'CryptSignHash', when
signing with keys imported under the high security options. You can
programatically import a key in a mode that causes this dialog using:
PFXImportCertStore( &blob, password.c_str(), CRYPT_USER_PROTECTED |
CRYPT_USER_KEYSET );

The dialog that is displayed is from CrypoAPI and is labelled 'Signing data
with your private exhange key', and has the prompt 'An application is
requesting access to a Protected item.' Under details the description is
'CryptoAPI Private Key'.

---

• Next message: Rhett Gong [MSFT]: "Re: How do I make the CryptoAPI private key access dialog box modal?"
• Previous message: Michel Gallant: "Re: CAPICOM and ASP"
• Next in thread: David Cross [MS]: "Re: Is it possible to suppress 'remember password' in the CryptoAPI high-security dialog?"
• Reply: David Cross [MS]: "Re: Is it possible to suppress 'remember password' in the CryptoAPI high-security dialog?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: OpenNETCF Cryptography questions - using RSA for licensing strategy ... that is in bits (not characters). ... the CryptoAPI on some CE devices will support 16K bit key sizes ... ... >keys, in which case I think generating 1024 character keys would be very ... >> public and private keys are just long numbers, ... (microsoft.public.dotnet.framework.compactframework) Re: Question about cryptography and public/private keys ... My understanding is that public keys and private keys are inverse ... In the parlance of cryptography, yes, the public key is used ... mathematically "inverse functions" of one another, ... (alt.computer.security) Re: Cached Domain Password on Notebook, secure? ... > The user can export his public and private keys onto floppy. ... Export your certificate and the recovery agent certificate, ... Delete the certificates from your certificate store. ... (Focus-Microsoft) Re: Pub/priv key security ... > Private keys are normally protected by a password. ... You don't usually compromise passwords by simply cracking them. ... Using SSH keys lets you keep that encrypted in a single, ... modern password encryption algorithms make ... (comp.security.ssh) Re: Serious EFS Issue ... No keys where ever exported, No recovery agent set up ... > Are private keys that were used to file encryption still in user's ... Her encryption details shows her as ... (microsoft.public.windows.server.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)