Persits Software, Inc. Web Site
Main Menu:  Home |  Tasks |  Object Reference |  Crypto 101 |  FAQ |  Download & Buy |  Clients |  Live Demo |  Contact
 Navigator:  Home |  Frequently Asked Questions

  Frequently Asked Questions
General Questions

  • Q101. Does AspEncrypt support 128-bit encryption?
    A. Yes if your system has the Microsoft Enhanced Cryptographic Provider installed. For more information, see the task Learn about Windows Cryptography.
  • Q102. Is AspEncrypt subject to U.S. cryptography export restrictions?
    A. No, as AspEncrypt's cryptographic functionality comes from external modules called Cryptographic Service Providers. It is those modules that may be subject to the export restrictions.
  • Q103. I am interested in the secure mail feature of AspEncrypt. Can I use a mail component other than AspEmail for that?
    A. No. AspEncrypt and AspEmail were specifically designed to work together to send secure mail. Notice however, that AspEmail's secure mail functionality is free, so you only need to purchase AspEncrypt, not both components.
  • Q104. When I send encrypted mail with AspEncrypt and AspEmail, do file attachments get encrypted as well?
    A. Yes. The entire message including all attachments gets encrypted.

Common Errors

  • Q201. I want to use my certificate to send signed mail, so I am trying to move it to the HKEY_LOCAL_MACHINE section of the registry using the CertMover sample application. However I keep getting the error "Bad Key". Why?

    A. For a public/private key pair to be movable, it must have been created with the CRYPT_EXPORTABLE flag. Once a key pair is created you cannot set this flag. The only way out is to generate a new (exportable) key pair and apply for a new certificate. We have provided an online form at which will help you with that.

  • Q202. When I call

    Set Context = CM.OpenContext("mycontainer", True)

    it sometimes generates the following error. How do I fix that?

    Persits.CryptoManager.1 error '800a0001'
    Keyset does not exist

    A. Windows NT: This is a permission issue. The current user (such as IUSR_xxx) does not have sufficient permissions to access the specified key container in the registry. To fix this problem, open regedt32 (not regedit!), open the hive HKEY_LOCAL_MACHINE and highlight the key

    HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\MachineKeys\<container name>.

    Select Security/Permissions from the menu and make sure Everyone has Full Control over this key.

    In Windows 2000 key containers are stored in the file system rather than registry. See Q204 for more info.

  • Q203. I want to use the LogonUser method to impersonate an admin account in order to be able to access a certificate or entry in the registry. However, I always get the error

    Persits.CryptoManager error '0x800a001c'
    A required privilege is not held by the client.

    A. Windows NT/IIS4: Most probably, your virtual directory has the "Run in separate memory space" option checked. This causes Windows NT to disallow calling LogonUser unless the user has the privilege "Act as Part of Operating System". You have two options: disable "Run in separate memory space" for this virtual directory, or grant this privilege to all the users of your application such as IUSR_xxx (go to User Manager, select Policies/User Rights, check "Show Advanced User Rights", select "Act as Part of Operating System", add desired users). We recommend that you reboot after that.

    Windows 2000/IIS5: Run Internet Services Manager. Right-click your virtual directory and select "Properties". On the "Virtual Directory" tab, set the "Application Protection" option to Low. If the option is disabled, click on the "Create" button first.

  • Q204. On a Windows 2000 server, I am getting the error Object already exists when calling OpenContext("containername", True ). How should I fix that?

    A. It is a permission problem. See Knowledge Base article Q246459 for a solution. If your machine had previously had Windows 2000 Beta 2 installed, you should apply the procedure described in this KB article to the directory

    %WINDIR%\Profiles\All Users\Application Data\Microsoft\Crypto\RSA\Machinekeys instead.

  • Q205. Why is Server.CreateObject generating the error message

    Server object error 'ASP 0177 : 8002801d'
    Server.CreateObject Failed
    Library not registered.

    A. This error usually occurs because of tight security settings in the HKEY_CLASSES_ROOT section of the registry. To fix the error, run regedt32 and select the key


    From the Security menu, select Permissions. Add Everyone to the permission list and assign Full Control to the Everyone account. Make sure the settings propagate to the sub-keys as well.

Search this Site

Other Products
  This site is owned and maintained by Persits Software, Inc. Copyright © 2000 - 2010. All Rights Reserved.