Re: Private key access security

From: David Cross [MS] (dcross_at_online.microsoft.com)
Date: 05/15/03

• Next message: Keith W. McCammon: "Re: email address in a directory on line"
• Previous message: Jurren Bouman: "Re: Popups"
• In reply to: Guogang: "Private key access security"
• Next in thread: Michel Gallant \(MVP\): "Re: Private key access security"
• Reply: Michel Gallant \(MVP\): "Re: Private key access security"
• Reply: Guogang: "Re: Private key access security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 15 May 2003 05:14:41 -0700

This is known as "strong private key protection" and is part of DPAPI. It
is an optional setting created at key generation or import time. You must
generate or install the key without this setting. To remove this setting,
export the key and re-import without this protection level. Or enroll a new
cert with a key and do not use this setting.

-- 
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.
http://support.microsoft.com
"Guogang" <nospam@no_such_domain.com> wrote in message
news:et%23fYvkGDHA.4048@tk2msftngp13.phx.gbl...
> Hi,
>
> I have problem with a dialog box with title: "Signing data with your
private
> exchange key". In the box, it says: "An application is requesting access
to
> a Protected item. CryptoAPI Pirvate Key"
>
> Background:
> I have a client program which contacts my Web Service through SSL. The web
> service require client certificate. Problems is whenever the application
> contacts the web service, client certificate's private key is used to
signed
> the data, and the dialog box jumps out. My program can't proceed without
> click on OK. But, my program is implemented as a Windows Service, no human
> interaction is supposed to be presented.
>
> There got to be a setting to authorized the use of private key
> automatically, any idea?
>
> Thanks,
> Guogang
>
>

---

• Next message: Keith W. McCammon: "Re: email address in a directory on line"
• Previous message: Jurren Bouman: "Re: Popups"
• In reply to: Guogang: "Private key access security"
• Next in thread: Michel Gallant \(MVP\): "Re: Private key access security"
• Reply: Michel Gallant \(MVP\): "Re: Private key access security"
• Reply: Guogang: "Re: Private key access security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: UsernameOverTransportSecurity+SSL Confusion, please help ... But when I go to my web service: ... I have under IIS settings for my WebService? ... I will have a private key on the server, and I will give the private key to ... The client will automatically get the public key and negotiate a key to ... (microsoft.public.dotnet.framework.webservices.enhancements) Re: Private key access security ... This is known as "strong private key protection" and is part of DPAPI. ... > I have a client program which contacts my Web Service through SSL. ... (microsoft.public.windowsxp.security_admin) Re: Private key access security ... This is known as "strong private key protection" and is part of DPAPI. ... > I have a client program which contacts my Web Service through SSL. ... (microsoft.public.dotnet.security) Re: ClientCertificates and IIS5 with https://localhost ... - for imported client cert with Strong protection, ... if the private key access for jscert is password protected (i.e. ... the client cert must be loaded to the Current User ... > HttpWebResponse.GetResponsemethods for the case of SSL with required client ... (microsoft.public.dotnet.security) Re: Private key access security ... Is there other ways to provide better protection of private key? ... >> I have a client program which contacts my Web Service through SSL. ... (microsoft.public.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)