Skip to content

Commit

Permalink
win_acl/Certificates: Acquire private key by preferring ncrypt, not a…
Browse files Browse the repository at this point in the history
…llowing it
  • Loading branch information
jpitlor committed Sep 8, 2023
1 parent 5bfb3a2 commit 91f9ac4
Showing 1 changed file with 1 addition and 3 deletions.
4 changes: 1 addition & 3 deletions plugins/module_utils/_CertACLHelper.cs
Original file line number Diff line number Diff line change
Expand Up @@ -112,9 +112,7 @@ private enum CryptAcquireKeyFlags : uint
[Flags]
private enum CryptAcquireKeyFlagControl : uint
{
CRYPT_ACQUIRE_ALLOW_NCRYPT_KEY_FLAG = 0x00010000,
CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG = 0x00020000,
CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG = 0x00040000,
}

private enum KeySpec : uint
Expand Down Expand Up @@ -155,7 +153,7 @@ public CertAclHelper(X509Certificate2 certificate)
bool shouldFreeKey;
if (!CryptAcquireCertificatePrivateKey(
certificate.Handle,
(uint)CryptAcquireKeyFlags.CRYPT_ACQUIRE_SILENT_FLAG | (uint)CryptAcquireKeyFlagControl.CRYPT_ACQUIRE_ALLOW_NCRYPT_KEY_FLAG,
(uint)CryptAcquireKeyFlags.CRYPT_ACQUIRE_SILENT_FLAG | (uint)CryptAcquireKeyFlagControl.CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG,
IntPtr.Zero,
out handle,
out keySpec,
Expand Down

0 comments on commit 91f9ac4

Please sign in to comment.