Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

System Cryptography: Force strong key protection for user keys stored on the computer

Posted on 2010-11-17
4
Medium Priority
?
3,673 Views
Last Modified: 2013-12-08
I am attempting to import a certificate from a website (cloud app provider) however, I cannot disable the option "Enable strong private key protection. You will be prompted every time the private key is used by an application...." which in turn forces me to enter a very obscure password.

I do not wish to have this setting checked, and I have "googled" this issue and have had many hits. So far, the only solution that I can find, is to go into the Local Security and change the folowing security policy: System Cryptography: Force strong key protection for user keys stored on the computer.

My problem is that I do not have this security entry. The closest I have is "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing".

How can I find this security option and change the setting to "User input is not required when new keys are stored and used"? Is there another way to defeat the "disable" checkbox through the registry or other means?  

This is a Windows XP pc and is not part of a domain and I am logging in as the administrator.


Thank you in advance for your assistance
0
Comment
Question by:peternintzel
  • 2
4 Comments
 
LVL 66

Expert Comment

by:johnb6767
ID: 34158973
I think that settign was in Windows 7 , maybe Vista..... May be able to isolate it to a reg value, but not sure if the XP OS can interpret it or simply ignores it.....
0
 

Author Comment

by:peternintzel
ID: 34163904
John6767, thank you for the expedient response. One thing that I neglected to include was that this certificate worked just fine on my previous XP system (without the grayed out option). I just recently replaced that machine (bad motherboard) with a new XP machine (Yes, a new XP machine because our software vendor has not made our software ready  for Vista/7).

0
 
LVL 31

Accepted Solution

by:
Paranormastic earned 500 total points
ID: 34201317
this got essentially disabled a few years back. it is controlled in the registry - note this is a software force only to require this, in its current state you log in once and its cached.  if you really need it to control using a PIN each time then get a smartcard that supports that in the card's OS, not the software/middleware.

http://social.technet.microsoft.com/Forums/en-US/exchangesvrsecuremessaging/thread/cd74689e-8e85-456b-8473-1215749a313d
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography] -> new DWORD Value
"ForceKeyProtection"=dword:2

You might also like this one to make the PIN window active instead of gray:
HKEY_CURRENT_USER\Control Panel\Desktop
Modify: DWORD: ForegroundLockTimeout : 0x0000000
0
 

Author Closing Comment

by:peternintzel
ID: 34206841
The registry change did it... Thank you..
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question