From 76379293e7ef241412ca9890dab699698bfef925 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20T=C3=A4nzer?= <neo@nhng.de>
Date: Tue, 19 Nov 2013 23:07:28 +0100
Subject: Bug 1218: Allow exporting private keys in IE
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Michael Tänzer <neo@nhng.de>
---
 www/keygenIE.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/www/keygenIE.js b/www/keygenIE.js
index be2d184..990be35 100644
--- a/www/keygenIE.js
+++ b/www/keygenIE.js
@@ -247,6 +247,7 @@ var CAcert_keygen_IE = function () {
 			privateKey.Algorithm = algorithmOid;
 			privateKey.Length = bits;
 			privateKey.KeyUsage = 0xffffff; // XCN_NCRYPT_ALLOW_ALL_USAGES
+			privateKey.ExportPolicy = 0x1; // XCN_NCRYPT_ALLOW_EXPORT_FLAG
 
 			var request = factory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10");
 			request.InitializeFromPrivateKey(
@@ -544,9 +545,12 @@ var CAcert_keygen_IE = function () {
 				}
 			}
 
-			cenroll.GenKeyFlags = bits << 16; // keysize is encoded in the uper 16 bits
+			// This is actually the default
 			//cenroll.GenKeyFlags = cenroll.GenKeyFlags | 0x1; //CRYPT_EXPORTABLE
 
+			// keysize is encoded in the uper 16 bits
+			cenroll.GenKeyFlags = cenroll.GenKeyFlags | bits << 16;
+
 			generatingKeyNotice.style.display = "";
 
 			// The request needs to be created after we return so the "please wait"
-- 
cgit v1.2.1


From 036f7b674615b72ae0119a5f5a403f95fb7ad977 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20T=C3=A4nzer?= <neo@nhng.de>
Date: Wed, 20 Nov 2013 12:20:21 +0100
Subject: Bug 1218: Exportable flag needs to be explicitly set on Win XP
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Michael Tänzer <neo@nhng.de>
---
 www/keygenIE.js | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/www/keygenIE.js b/www/keygenIE.js
index 990be35..4c15b23 100644
--- a/www/keygenIE.js
+++ b/www/keygenIE.js
@@ -545,11 +545,9 @@ var CAcert_keygen_IE = function () {
 				}
 			}
 
-			// This is actually the default
-			//cenroll.GenKeyFlags = cenroll.GenKeyFlags | 0x1; //CRYPT_EXPORTABLE
-
-			// keysize is encoded in the uper 16 bits
-			cenroll.GenKeyFlags = cenroll.GenKeyFlags | bits << 16;
+			cenroll.GenKeyFlags = bits << 16; // keysize is encoded in the uper 16 bits
+			// Allow exporting the private key
+			cenroll.GenKeyFlags = cenroll.GenKeyFlags | 0x1; //CRYPT_EXPORTABLE
 
 			generatingKeyNotice.style.display = "";
 
-- 
cgit v1.2.1