none
CryptAcquireContext fails only for non-Admin user on Vista RRS feed

  • Question

  • We are converting out http program so that we can transfer files via https.  Within the program, we make a call to "CryptAcquireContext".  The call is successful if the program is running on XP, but fails with "keyset does not exist" when running on Vista;  The following KB article gave us a clue as to the problem:

     

    http://support.microsoft.com/kb/952569

     

    According to the article, (which is in reference to encrypted Message Queuing), the solution to the failed call of "CryptAcquireContext" is solved by adding a user to the permissions of a couple of files in the "<drive>:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" folder. 

     

    With this clue, we added the non-Admin user to the permissions of a couple of files in that directory, and low and behold, the call to "CryptAcquireContext" succeeds for the non-Admin user on Vista.  However, it doesn't seem reasonable that we would have to ask our clients to do this for every machine that is running our app.

     

    What is the preferred method of doing https transfers through a C++ app that will run on Vista where there will be users that are not logged in to the machine as Admin?

     

    How does IE handle it?  Does IE use "CryptAcqireContext"?

     

    Thanx in advance for any help that can be offered.

    Wednesday, June 25, 2008 3:01 PM

All replies

  • I assume your application is using a per machine key (CRYPT_MACHINE_KEYSET is specified).

    One solution would be to switch to a per user key.

     

    Friday, July 4, 2008 1:02 AM
  • Hi 

    Can you please tell how to switch to one user per key?

     

    i am facing the same kind of problem.

     

    Thanks

    Monday, June 14, 2010 11:49 AM