From 91f9ac4bad290edff8d685b7a5fb7e257500656a Mon Sep 17 00:00:00 2001 From: Jordan Pitlor Date: Fri, 8 Sep 2023 08:34:11 -0400 Subject: [PATCH] win_acl/Certificates: Acquire private key by preferring ncrypt, not allowing it --- plugins/module_utils/_CertACLHelper.cs | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/plugins/module_utils/_CertACLHelper.cs b/plugins/module_utils/_CertACLHelper.cs index 1c542085..0224d8cc 100644 --- a/plugins/module_utils/_CertACLHelper.cs +++ b/plugins/module_utils/_CertACLHelper.cs @@ -112,9 +112,7 @@ private enum CryptAcquireKeyFlags : uint [Flags] private enum CryptAcquireKeyFlagControl : uint { - CRYPT_ACQUIRE_ALLOW_NCRYPT_KEY_FLAG = 0x00010000, CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG = 0x00020000, - CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG = 0x00040000, } private enum KeySpec : uint @@ -155,7 +153,7 @@ public CertAclHelper(X509Certificate2 certificate) bool shouldFreeKey; if (!CryptAcquireCertificatePrivateKey( certificate.Handle, - (uint)CryptAcquireKeyFlags.CRYPT_ACQUIRE_SILENT_FLAG | (uint)CryptAcquireKeyFlagControl.CRYPT_ACQUIRE_ALLOW_NCRYPT_KEY_FLAG, + (uint)CryptAcquireKeyFlags.CRYPT_ACQUIRE_SILENT_FLAG | (uint)CryptAcquireKeyFlagControl.CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG, IntPtr.Zero, out handle, out keySpec,