Re: Observed CryptoAPI (or CSP?) changes in XP SP2

From: Ryan Menezes [MSFT] (ryanmen_at_online.microsoft.com)
Date: 09/22/04

  • Next message: Mathew: "Re: Observed CryptoAPI (or CSP?) changes in XP SP2" 
    Date: Tue, 21 Sep 2004 18:31:33 -0700

    This is because in XPSP2 the software CSPs do some per process private key
    prompt caching. The default timeout is 1 day.
    To disable this behavior set the following registry key.

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography]
    "PrivKeyCacheMaxItems"=dword:00000000
    "PrivKeyCachePurgeIntervalSeconds"=dword:00000000 

    -- 
Thanks,
Ryan Menezes [MS]
This posting is provided "AS IS" with no warranties, and confers no rights.
"Mathew" <mathew@nospam.planet> wrote in message
news:eSBS4gDoEHA.3820@TK2MSFTNGP09.phx.gbl...
> Hi
>
> We use certificates with high security options and the CryptoAPI for
signing
> documents.  On Windows 2000 and Windows XP pre-SP2 machines the program
> requires the password to be entered every time a document is signed.  This
> is the desired behavior.  Unfortunately after installing  XP SP2, after
the
> user enters the password the first time they sign a document, it is no
> longer asked for when subsequent second documents are signed.  I haven't
> tested to see if there's a timeout involved, but from our point of view
SP2
> has downgraded the application.  Can anyone please provide details on
what's
> changed in SP2.  I've had a look through a number of documents on the
> Microsoft website about changes but couldn't find any mention of the
> CryptoAPI.
>
> Regards
> Mathew
>
>
  • Next message: Mathew: "Re: Observed CryptoAPI (or CSP?) changes in XP SP2"