Problem with MS Crypto API when IE7 in protected Mode RRS feed

  • Question

  • Hi, i have an BHO (browser helper object) which uses the MS crypto API. I try to generate a key with
    CryptGenKey(mhCryptProv, dwKeySpec, CRYPT_EXPORTABLE, hPrivateKey);

    This works fine with the vista RC1 build 5600 and IE7 is NOT in protected mode. But when i change to protected mode the mehod CryptGenKey returns "Access denied"

    Has anyone an idea what the problem is here and how to solve this?

    Thanks a lot

    Monday, September 11, 2006 5:06 PM

All replies

  • I have similar problem too. I have an ActiveX object which runs in IE. If the ActiveX is properly signed into a cab file then it is ok even under protected mode. But if I manually register my ActiveX object. I will get "Access denied" error.

    I am testing on Vista RC1 Build 5600 and IE7 too.


    Saturday, December 30, 2006 3:49 AM
  • I have this problem as well, although my "Access Denied" error occurs on CryptImportKey - I'm able to acquire the crypto context just fine. Some input would be greatly appreciated.

    When I attempted to reproduce this issue on another Vista box, I found that IE7 would not operate in protected mode no matter what settings I used. I explicitly turned on protected mode several times, to no avail. Does anyone know how to force protected mode back on?
    Tuesday, January 16, 2007 6:34 PM
  • By design of protected mode (writes are limited to a few locations), persisted CAPI containers/keys can't be created...
    Volatile containers should still work though.

    Wednesday, January 17, 2007 7:59 PM