Bug 1218: Allow exporting private keys in IE
authorMichael Tänzer <neo@nhng.de>
Tue, 19 Nov 2013 22:07:28 +0000 (23:07 +0100)
committerMichael Tänzer <neo@nhng.de>
Tue, 19 Nov 2013 22:07:28 +0000 (23:07 +0100)
Signed-off-by: Michael Tänzer <neo@nhng.de>
www/keygenIE.js

index be2d184..990be35 100644 (file)
@@ -247,6 +247,7 @@ var CAcert_keygen_IE = function () {
                        privateKey.Algorithm = algorithmOid;
                        privateKey.Length = bits;
                        privateKey.KeyUsage = 0xffffff; // XCN_NCRYPT_ALLOW_ALL_USAGES
+                       privateKey.ExportPolicy = 0x1; // XCN_NCRYPT_ALLOW_EXPORT_FLAG
 
                        var request = factory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10");
                        request.InitializeFromPrivateKey(
@@ -544,9 +545,12 @@ var CAcert_keygen_IE = function () {
                                }
                        }
 
-                       cenroll.GenKeyFlags = bits << 16; // keysize is encoded in the uper 16 bits
+                       // This is actually the default
                        //cenroll.GenKeyFlags = cenroll.GenKeyFlags | 0x1; //CRYPT_EXPORTABLE
 
+                       // keysize is encoded in the uper 16 bits
+                       cenroll.GenKeyFlags = cenroll.GenKeyFlags | bits << 16;
+
                        generatingKeyNotice.style.display = "";
 
                        // The request needs to be created after we return so the "please wait"