Base CSP - enable private key import
Mike Cantalupo
"The current settings of Base CSP provider do not allow for private key
import."
I found the registry key
HKLM\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Smart
Card Crypto Provider and the AllowPrivateExchangeKeyImport dword. I tried
setting it to 1, but I received an "Invalid type specified." error message.
What does it need to be set to?
The profile template I am using has 1 Signature and smartcard logon
certificate template and 1 Encryption certificate template. The Encryption
certificate template has Key Archival enabled, but the signature and
smartcard logon certificate does not.
Brian Komar
You missed the other registry key. You need to change both of these to a
value of 1, and then things should work:
‧ AllowPrivateExchangeKeyImport: 1
‧ AllowPrivateSignatureKeyImport: 1
Brian
Mike Cantalupo
Is it just me, or is there VERY little documentation on CLM and the Base CSP?
Brian Komar
> Thanks, Brian. That was it.
>
> Is it just me, or is there VERY little documentation on CLM and the Base CSP?
>
> "Brian Komar" wrote:
Our company has created a CLM course for Microsoft. We hope to schedule a
public offering of the course this fall. Keep your eyes here for an
announcement in the next few weeks
Brian
mim...@gmail.com
however for 64 bit windows I had to do an additional step:
for 64 bit
Same procedure as above, just that you have to change 2 different areas
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Smart Card Crypto Provider
add:
"AllowPrivateExchangeKeyImport"=dword:00000001
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\Defaults\Provider\Microsoft Base Smart Card Crypto Provider\
add:
"AllowPrivateExchangeKeyImport"=dword:00000001
> * AllowPrivateSignatureKeyImport: 1
>
> Brian