What is the effect on UI Prompts when group policy sets strong key protection in windows?
I am attempting see this question with 50% success to avoid using the windows dialog and entering passwords for certificate private keys through my own code.
I can do it with certificate stored on a smart card but am having no success with certificates stored in the PC. My question is why?
I see in this article it is explained the required process. Our group policy has set for us children users. When we import a certificate we get this window.
And when we use the certificate for example with Outlook this is seen
Further in Group Policy under security options the "Force strong key protection for user keys stored on the computer" has "User Must enter a password each time they use a key" Meaning each and every time I read an email and it needs such a certificate I need to enter the password.
For me a lowly .net programmer these things mean the user has to enter a password each time, but in windows/security person speak does this also mean that windows must supply the UI to do it? In other words when I attempt to add a password for a key whose certificate is stored on the PC it fails.
If I am correct so far what are the workarounds. Can the certificate be saved in file form and used? Can it be saved in a database and retrieved? Or is the only real alternative to store on a smart card where then the policy seems to be different.
does this also mean that windows must supply the UI to do it?
yes, operating system will present private key access dialog (either, consent prompt or password input dialog).
In other words when I attempt to add a password for a key whose certificate is stored on the PC it fails.
it is unclear what exactly fails. What error message you get? Under what conditions?
IIRC, you cannot add password to already installed certificate after policy enforcement. When you enforce the policy, only newly generated/requested certificates will require user input. When imported from PFX, there is an option to specify key protection flag. But once the certificate is installed, you cannot change this setting.
- Constrain a Specman list so it doesn't have identical values in consecutive elements
- How to type cast a list of uint to a list of vr_ahb_data in Specman?
- Static fields/methods in e
- What is the difference between deep_copy and gen keeping in Specman?
- Specman UVM: What is the difference between write_reg { .field == 2;}; and write_reg_fields?
- Does Specman support optional parameters to a method?
- Specman e: When colon equal sign ":=" should be used?
- Specman e: Is there a way to know how many values there is in an enumerated type?
- Specman e error: No match for file when using "for each line in file"
- How to run e file one by one? Not in parallel test
- Specman/e constraint (for each in) iteration
- Specman e: How driver's items queue can be locked from a sequence?
- Specman e: How to print variable's address?
- Specman e: "keep type .. is a" fails to refine the type of a field
- Specman soft select on variable, decimal vs. hexadecimal values
- Specman e: How to print a pointer to a struct?
- Specman e: Is there a way to print unit instance name?
- Specman e: simultaneous events error
- Specman e coverage: ignored values appear in the coverage statistics
- Specman e: How a sequence should be started when gen_and_start_main constrained to FALSE?
- Specman/e list of lists (multidimensional array)
- Does Specman e have struct constructor?
- Specman e: How the predefined sequence.item should be used?
- Specman e: define-as-computed macro error
- Specman e UVM: Why to inherit from uvm_* units?
- Specman e: A sequence drives its BFM also its MAIN was not defined in a test
- e HVL (IEEE 1647): expect expression fails unexpectedly
- Specman e subtyping: How to refer to FALSE value of conditional field in when/extend subtyping?
- e HVL (IEEE 1647): How to set 'X' value?
- Difference between declaring an event that is sensitive to a simple_port value and event_port