[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ms-cryptoapi
Subject:    access to the private key
From:       Kenichi Furusawa <furusawa () AST ! CO ! JP>
Date:       1997-03-22 7:27:01
[Download RAW message or body]


 When user wants to operate one's privatekey,almost security application
require
user id and password (called PIN).CryptoAPI2.0 doesn't have parameter area
of
PIN.I recognized that login user who store a key pair  can access
privatekey.
But we usually don't logoff when leave our PC while a few minutes.(Is it a
chance
of spoofing for somebody else?).If I'm afraid of this issue,do I have to
program
individual password system? when decrypt and/or sign, may I issue
CryptoAcquireContext(dwFlags=0) without requiring of password?

 There is a description in Application Programmer's Guide(P 148) that I
can't
understand it's meaning.

...many CSPs will require input from the owning user....(rsa base provider
too?)

...access to the private key is not required and the user interface
can be bypassed.("user interface"? who manage?)

if I'm wrong please correct.
Thank's

====================================================
  Kenichi Furusawa
      Advanced Systems Technology, Inc.
      Network Solution Group. Solution Div.
      phone:(03)5391-7624  fax:(03)5391-7433
      E-mail:furusawa@ast.co.jp
====================================================

[prev in list] [next in list] [prev in thread] [next in thread]