Select Page
Blocking RSA Keys less than 1024 bits (part 2)

Blocking RSA Keys less than 1024 bits (part 2)

First published on TECHNET on Jul 13, 2012On August 14, 2012, Microsoft will issue a critical non-security update (KB 2661254) for Windows XP, Windows Server 2003, Windows Server 2003 R2, Windows Vista, Windows Server 2008, Windows 7, and Windows Server ... continue reading

How to determine if a smart card was used for logon

First published on TECHNET on Jun 18, 2012Fabian Müller, Premier Field Engineer (PFE) in Germany, just wrote a detailed article discussing a commonly asked question: how do I determine if a smart card was used for logon ? The article ... continue reading
RSA keys under 1024 bits are blocked

RSA keys under 1024 bits are blocked

First published on TECHNET on Jun 11, 2012Public key based cryptographic algorithms strength is determined based on the time taken to derive the private key using brute force methods. The algorithm is deemed to be strong enough when the time ... continue reading

Visual Basic for Applications and SHA2

First published on TECHNET on May 03, 2012I was recently helping a customer deploy a SHA-256 based PKI. As part of the retirement of their old PKI, we reissued the code signing certificates used by their developers. We found that ... continue reading
Best Practice for Configuring Certificate Template Cryptography

Best Practice for Configuring Certificate Template Cryptography

First published on TECHNET on Apr 27, 2012Starting with Windows Vista and Windows Server 2008, the option to utilize Key Storage Providers (KSPs) in addition to Cryptographic Service Providers (CSPs) was added. These options are available when you create a ... continue reading

Network Device Enrollment Service (NDES) now on the TechNet Wiki

First published on TECHNET on Apr 18, 2012The Network Device Enrollment Service (NDES) whitepaper is now on the TechNet Wiki and I have already made a few updates that were requested. The old download center location has been updated to ... continue reading

HSPD-12 Logical Access Authentication and 2008 Active Directory Domains on Download Center

First published on TECHNET on Mar 14, 2012A follow-up document to the original HSPD-12 Logical Access Authentication and Active DIrectory Domains document has just been posted to the download center. The follow-up document demonstrates the increased flexibility of FIPS 201 ... continue reading

EFS Certificates may be recovered as CNG certificates when CAPI CSP is required

First published on TECHNET on Jan 23, 2012If a Key Recovery Agent (KRA) certificate is stored in a Cryptography Next Generation (CNG) Key Service Provider (KSP), the certutil -RecoverKey command will by default recover a key as a CNG certificate ... continue reading

How to decommission a Windows enterprise certification authority and how to remove all related objects

First published on TECHNET on Oct 07, 2011The Windows KB article 889250 titled "How to decommission a Windows enterprise certification authority and how to remove all related objects from Windows Server 2003 and from Windows Server 2000" has been revised ... continue reading
Does Enterprise PKI (PKIVIEW) support OCSP?

Does Enterprise PKI (PKIVIEW) support OCSP?

First published on TECHNET on Oct 07, 2011A common question from certification authority administrators is "Does Enterprise PKI (PKIView) support OCSP?" Yes, the Microsoft Management Console (MMC) Enterprise PKI ( PKIView ), supports the When setting up Certificate Extensions, you ... continue reading