Fix for https://bugs.cacert.org/view.php?id=1218

"client cert issued no longer exportable with private key (class3). IE10 certs usage broken"
10 years ago · 35e318c03c
parent 1b49547d06
commit 35e318c03c
1 changed files with 3 additions and 1 deletions
--- a/www/keygenIE.js
+++ b/www/keygenIE.js
@ -247,6 +247,7 @@ var CAcert_keygen_IE = function () {
 			privateKey.Algorithm = algorithmOid;
 			privateKey.Length = bits;
 			privateKey.KeyUsage = 0xffffff; // XCN_NCRYPT_ALLOW_ALL_USAGES
+			privateKey.ExportPolicy = 0x1; // XCN_NCRYPT_ALLOW_EXPORT_FLAG

 			var request = factory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10");
 			request.InitializeFromPrivateKey(
@ -545,7 +546,8 @@ var CAcert_keygen_IE = function () {
 			}

 			cenroll.GenKeyFlags = bits << 16; // keysize is encoded in the uper 16 bits
-			//cenroll.GenKeyFlags = cenroll.GenKeyFlags | 0x1; //CRYPT_EXPORTABLE
+			// Allow exporting the private key
+			cenroll.GenKeyFlags = cenroll.GenKeyFlags | 0x1; //CRYPT_EXPORTABLE

 			generatingKeyNotice.style.display = "";