Daniel,
there is no secret, you are setting GenKeyFlags = 3,
if you got a 512 RSA key it means that you have a
"Microsoft Base Cryptographic Provider v1.0".
You need a "Microsoft Enhanced Cryptographic Provider v1.0".
Install the "Enhanced Provider" and set:
Xenroll.providerName = "Microsoft Enhanced Cryptographic Provider v1.0"
Xenroll.GenKeyFlags = &h04000003
0x04000003 ==> RSA 1024 + CRYPT_EXPORTABLE + CRYPT_USER_PROTECTED
Regards,
Miguel Angel
----- Original Message -----
From: Daniel Bruce <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, October 14, 1999 05:38
Subject: Problem Getting XENROLL.DLL to generate >512 client cert
Not strictly Openssl ...
I have been struggling for a while now trying to issue keys >512 to
MSIE clients.
Netscape is fine and creates a 1024 key. I have been exporting from netscape
and importing to IE.
IE is the 128bit strength. The keys are always 512. The script I have seems
OK. MS black magic. Can't find a decent example from MS (SDK somewhere?).
part of what I have looks like this:
Xenroll.KeySpec = 1
Xenroll.GenKeyFlags = 3
Xenroll.HashAlgorithm = "MD5"
sz10 = Xenroll.CreatePKCS10(szName,"1.3.6.1.5.5.7.3.2") (magic
numbers!)
What's the secret? (Besides not using IEEEE!)
Any help appreciated! THX.
/* ---------------------------------------------------- *
* Daniel Bruce - mailto:[EMAIL PROTECTED]
* ---------------------------------------------------- */
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
