EldoS | Feel safer!

Software components for data protection, secure storage and transfer

How to set level high to private key on windows?

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
#121
Posted: 05/08/2006 03:40:15
by Santiago Castaño (Standard support level)
Joined: 04/16/2006
Posts: 155

Hi!,

I want to load in my programs certificates with level of security of the private key set to HIGH always, so it'll ask for password of the private key always, but windows sets it always as MEDIUM :( .

I can't find anything in the help about this, how can i do that?

Thanks
#122
Posted: 05/08/2006 03:53:00
by Ken Ivanov (EldoS Corp.)

Quote
I want to load in my programs certificates with level of security of the private key set to HIGH always, so it'll ask for password of the private key always, but windows sets it always as MEDIUM

Unfortunately, there's no possibility to do this with SecureBlackbox at the moment. However, since this feature seems to be quite useful, we will implement it in one of the nearest build updates.

Thank you for pointing us at this.
#123
Posted: 05/08/2006 04:01:14
by Santiago Castaño (Standard support level)
Joined: 04/16/2006
Posts: 155

Excellent, i'll wait for it (impatiently), and it'll be quite useful also if we can somehow change this level of security on "already added certificates". (Another solution is to remove those certificates and add them again, but may be there's the elegant solution to change that level)

Many thanks again :D
#124
Posted: 05/08/2006 04:17:08
by Ken Ivanov (EldoS Corp.)

Quote
Excellent, i'll wait for it (impatiently), and it'll be quite useful also if we can somehow change this level of security on "already added certificates"

Yes, we will consider implementing this ability also. However, SBB depends on CryptoAPI in this respect -- if CryptoAPI does not support security level change, then SBB will not. In any case, we will try.
#218
Posted: 05/15/2006 16:02:12
by Santiago Castaño (Standard support level)
Joined: 04/16/2006
Posts: 155

Will this change of the level security be available in the next build? any ETA?
#220
Posted: 05/16/2006 00:19:02
by Ken Ivanov (EldoS Corp.)

I think that this feature will be available in the following build (not in the nearest one).
#310
Posted: 05/25/2006 06:25:29
by Ken Ivanov (EldoS Corp.)

Quote
However, SBB depends on CryptoAPI in this respect -- if CryptoAPI does not support security level change, then SBB will not. In any case, we will try.

We have clarified the issue. There's no way to change protection level for already imported key, so the only solution is to delete the existing key and re-import it with another protection level. That's why protection level can be changed only for private keys marked as exportable.
#312
Posted: 05/25/2006 06:40:28
by Santiago Castaño (Standard support level)
Joined: 04/16/2006
Posts: 155

Well, it doesn't matter to me too much to ask the user for reimporting it; the important thing is when importing it, being able to automatically set for example the level high of security.
#316
Posted: 05/25/2006 14:48:47
by Ken Ivanov (EldoS Corp.)

When importing a key with CryptoAPI, one can either enable or disable key protection (CryptoAPI does not define 'high' or 'medium' protection levels). If protection is enabled (i.e., the Protected parameter of TElWinCertStorage.Add method is set to true), Windows cryptoghic service provider shows a dialog box, allowing to choose either medium or high protection level.
#317
Posted: 05/25/2006 15:10:41
by Santiago Castaño (Standard support level)
Joined: 04/16/2006
Posts: 155

Well, maybe i didn't explain well... When i import a certificate, i set that protected param to true.

What i want is... All the times that a privatekey is used, windows asks me for it's password (or in general, for A password)

Let me explain with an example:
- I import a certificate
- I sign a file, and windows says me that my application will use my private key, AND ALSO says me that the level is medium (and no password is asked); but i can set it's level (privatekey) to HIGH, and set a password, so the next times that a privatekey is needed, in the warning window, it also asks me for that password.

The thing is that i want to programatically (through code) set that level to high. I thought you did understand me ;)

Have i explained better?
Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.

Reply

Statistics

Topic viewed 13282 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!