Archive

Archive for the ‘cryptography’ Category

Visual Basic for Applications and SHA2

I was recently helping a customer deploy a SHA-256 based PKI.  As part of the retirement of their old PKI, we reissued the code signing certificates used by their developers.  We found that the Visual Studio 2010 developers had no issue with the new code signing certs, but the Visual Basic of Application developers could not select the new SHA-256 certificate.  Working with the good folks in Premier Support, we discovered there was a bug in VBA.

Last week we released a hotfix for Office 2010, KB 2598139, that addressed this bug in Office 2010.  This hotfix corrected the issue with the certificate selection box (Tools | Digital Signature) and the handling of VBA macros signed with SHA2 certificates.

In order to properly use SHA2 code signing certificates, this hotfix would need to be installed on both the developer computers and the end-users computers.  As this is a QFE, the standard warning applies: …this hotfix is intended to correct only the problems that are described in this article. Apply this hotfix only to systems that are experiencing the problems described…  In order to download this hotfix, click the “View and request hotfix downloads” button on the top of the KB article.

-Adam Stasiniewicz

Visual Basic for Applications and SHA2

I was recently helping a customer deploy a SHA-256 based PKI.  As part of the retirement of their old PKI, we reissued the code signing certificates used by their developers.  We found that the Visual Studio 2010 developers had no issue with the new code signing certs, but the Visual Basic of Application developers could not select the new SHA-256 certificate.  Working with the good folks in Premier Support, we discovered there was a bug in VBA.

Last week we released a hotfix for Office 2010, KB 2598139, that addressed this bug in Office 2010.  This hotfix corrected the issue with the certificate selection box (Tools | Digital Signature) and the handling of VBA macros signed with SHA2 certificates.

In order to properly use SHA2 code signing certificates, this hotfix would need to be installed on both the developer computers and the end-users computers.  As this is a QFE, the standard warning applies: …this hotfix is intended to correct only the problems that are described in this article. Apply this hotfix only to systems that are experiencing the problems described…  In order to download this hotfix, click the “View and request hotfix downloads” button on the top of the KB article.

-Adam Stasiniewicz

Visual Basic for Applications and SHA2

I was recently helping a customer deploy a SHA-256 based PKI.  As part of the retirement of their old PKI, we reissued the code signing certificates used by their developers.  We found that the Visual Studio 2010 developers had no issue with the new code signing certs, but the Visual Basic of Application developers could not select the new SHA-256 certificate.  Working with the good folks in Premier Support, we discovered there was a bug in VBA.

Last week we released a hotfix for Office 2010, KB 2598139, that addressed this bug in Office 2010.  This hotfix corrected the issue with the certificate selection box (Tools | Digital Signature) and the handling of VBA macros signed with SHA2 certificates.

In order to properly use SHA2 code signing certificates, this hotfix would need to be installed on both the developer computers and the end-users computers.  As this is a QFE, the standard warning applies: …this hotfix is intended to correct only the problems that are described in this article. Apply this hotfix only to systems that are experiencing the problems described…  In order to download this hotfix, click the “View and request hotfix downloads” button on the top of the KB article.

-Adam Stasiniewicz

Best Practice for Configuring Certificate Template Cryptography

April 28th, 2012 No comments

Starting with Windows Vista and Windows Server 2008, the option to utilize Key Storage Providers (KSPs) in addition to Cryptographic Service Providers (CSPs) was added. These options are available when you create a Certificate Template and configure the settings in the Cryptography tab. Depending on the template duplicated, you may see that the default option is Request can use any provider available on the subject’s computer. However, the best practice is to select Requests must use one of the following providers. Then, ensure you configure only the providers that you want to be used. Another best practice is to use a key size of 1024 bits or higher.

More about this topic is on the TechNet Wiki http://social.technet.microsoft.com/wiki/contents/articles/10192.a-certificate-could-not-be-created-a-private-key-could-not-be-created.aspx

Best Practice for Configuring Certificate Template Cryptography

April 28th, 2012 No comments

Starting with Windows Vista and Windows Server 2008, the option to utilize Key Storage Providers (KSPs) in addition to Cryptographic Service Providers (CSPs) was added. These options are available when you create a Certificate Template and configure the settings in the Cryptography tab. Depending on the template duplicated, you may see that the default option is Request can use any provider available on the subject’s computer. However, the best practice is to select Requests must use one of the following providers. Then, ensure you configure only the providers that you want to be used. Another best practice is to use a key size of 1024 bits or higher.

More about this topic is on the TechNet Wiki http://social.technet.microsoft.com/wiki/contents/articles/10192.a-certificate-could-not-be-created-a-private-key-could-not-be-created.aspx