Solved

System Cryptography: Force strong key protection for user keys stored on the computer

Posted on 2010-11-17
4
3,456 Views
Last Modified: 2013-12-08
I am attempting to import a certificate from a website (cloud app provider) however, I cannot disable the option "Enable strong private key protection. You will be prompted every time the private key is used by an application...." which in turn forces me to enter a very obscure password.

I do not wish to have this setting checked, and I have "googled" this issue and have had many hits. So far, the only solution that I can find, is to go into the Local Security and change the folowing security policy: System Cryptography: Force strong key protection for user keys stored on the computer.

My problem is that I do not have this security entry. The closest I have is "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing".

How can I find this security option and change the setting to "User input is not required when new keys are stored and used"? Is there another way to defeat the "disable" checkbox through the registry or other means?  

This is a Windows XP pc and is not part of a domain and I am logging in as the administrator.


Thank you in advance for your assistance
0
Comment
Question by:peternintzel
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 66

Expert Comment

by:johnb6767
ID: 34158973
I think that settign was in Windows 7 , maybe Vista..... May be able to isolate it to a reg value, but not sure if the XP OS can interpret it or simply ignores it.....
0
 

Author Comment

by:peternintzel
ID: 34163904
John6767, thank you for the expedient response. One thing that I neglected to include was that this certificate worked just fine on my previous XP system (without the grayed out option). I just recently replaced that machine (bad motherboard) with a new XP machine (Yes, a new XP machine because our software vendor has not made our software ready  for Vista/7).

0
 
LVL 31

Accepted Solution

by:
Paranormastic earned 125 total points
ID: 34201317
this got essentially disabled a few years back. it is controlled in the registry - note this is a software force only to require this, in its current state you log in once and its cached.  if you really need it to control using a PIN each time then get a smartcard that supports that in the card's OS, not the software/middleware.

http://social.technet.microsoft.com/Forums/en-US/exchangesvrsecuremessaging/thread/cd74689e-8e85-456b-8473-1215749a313d
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography] -> new DWORD Value
"ForceKeyProtection"=dword:2

You might also like this one to make the PIN window active instead of gray:
HKEY_CURRENT_USER\Control Panel\Desktop
Modify: DWORD: ForegroundLockTimeout : 0x0000000
0
 

Author Closing Comment

by:peternintzel
ID: 34206841
The registry change did it... Thank you..
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had to do a bit of research to find the answer to this question so I thought I'd share my results.  Due to our outdated mainframe systems, we need to downgrade IE9 to IE8 in order to stay compatible.  We also needed to downgrade Java.  In order to…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question