Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to suppress "An application is requesting access to a protected item" popup

I'm getting a pop-up when trying to use a certificate to decrypt data. I'm creating a self-signed certificate, and I'm using it to encrypt some data, but I'm getting the following confirmation pop-up when trying to decrypt the data:

CryptoAPI popup

How can I programatically grant access to use the certificate?

like image 425
lsotov Avatar asked Jan 15 '16 14:01

lsotov


2 Answers

Ian's answer is correct. I just want to add my 2 cents. I've installed the .pfx certificate with the "Enable strong private key protection" checkbox (see screenshot).

If this is done - then no policies will help you remove the prompts. I had to reinstall the certificate without this checkbox marked. Don't ask me why I marked it in the first place.

enter image description here

like image 154
Denis Molodtsov Avatar answered Oct 29 '22 05:10

Denis Molodtsov


I believe the issue is that the certificate's private key has "strong protection" enabled.

enter image description here

Enable strong private key protection. You will be prompted every time the private key is used by an application if you enable this option.

Any attempt to use the private key causes Windows to display the warning.

You have to re-import the certificate without the Strong private key protection option enabled.

Group policy that does the same

It's also possible a system wide group policy is in effect:

  • secpol.msc
    • Security Settings
      • Local Policies
        • Security Options
          • System Cryptography: Force strong key protection for user keys stored on the computer

System Cryptography: Force strong key protection for user keys stored on the computer

This security setting determines if users' private keys require a password to be used.

The options are:

User input is not required when new keys are stored and used User is prompted when the key is first used User must enter a password each time they use a key For more information, see Public key infrastructure.

Default: This policy is not defined.

If that group policy security option is set, you have to disable it.

Bonus Reading

  • MSDN Blog: What is a strong key protection in Windows? (archive)
  • Technet GP reference: System cryptography: Force strong key protection for user keys stored on the computer (archive)

tl;dr: You cannot programatically bypass a security boundary

like image 40
Ian Boyd Avatar answered Oct 29 '22 04:10

Ian Boyd