Microsoft KB Archive/936029

= The &quot;Request For Permission to Use a Key&quot; dialog box appears whenever you try to send an e-mail message in Outlook 2007 after you configure Outlook 2007 to use a digital signature in Windows Vista =

Article ID: 936029

Article Last Modified on 9/11/2007

-

APPLIES TO


 * Windows Vista Home Premium
 * Windows Vista Ultimate
 * Windows Vista Business
 * Windows Vista Enterprise
 * Windows Vista Home Premium 64-bit Edition
 * Windows Vista Ultimate 64-bit Edition
 * Windows Vista Business 64-bit Edition
 * Windows Vista Enterprise 64-bit Edition

-



Important This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry



SYMPTOMS
Consider the following scenario.
 * On a computer that is running Windows Vista, you configure Microsoft Office Outlook 2007 to use a digital signature when you send e-mail.
 * You import a digital ID into Outlook 2007.

In this scenario, the Request For Permission to Use a Key dialog box appears whenever you try to send an e-mail message. After you grant Outlook 2007 permission to use the digital ID, Outlook 2007 successfully sends the e-mail message.

Note When you try to send the e-mail message, you may also be prompted to enter the password of the digital ID. This situation depends on the security level that you specify for the digital ID.



RESOLUTION
After you apply the following hotfix, Windows Vista caches the digital ID that an application uses. Therefore, the Request For Permission to Use a Key dialog box still appears when you send the first e-mail message after you start Outlook 2007.

By default, Windows Vista can cache up to 20 digital IDs in an application. However, you can modify the registry to configure this number. For information about how to do this, see the &quot;Registry information&quot; section.

Hotfix information
A supported hotfix is now available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next service pack that contains this hotfix.

To resolve this problem, submit a request to Microsoft Online Customer Services to obtain the hotfix. To submit an online request to obtain the hotfix, visit the following Microsoft Web site:

http://go.microsoft.com/?linkid=6294451

Note If additional issues occur or any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. To create a separate service request, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support

Prerequisites
No prerequisites are required.

Restart requirement
You have to restart the computer after you apply this hotfix.

Hotfix replacement information
This hotfix does not replace any other hotfixes.

Registry information
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

To configure the number of digital IDs that Windows Vista can cache in an application, follow these steps:  Click Start, type regedit in the Start Search box, and then press ENTER . Locate and then click the following registry subkey:

 On the Edit menu, point to New, and then click DWORD Value. Type PrivKeyCacheMaxItems to name the new entry, and then press ENTER. Right-click PrivKeyCacheMaxItems, and then click Modify. In the Value data box, type the maximum number of digital IDs that Windows Vista can cache in an application, and then click OK.

Note If you do not want Windows Vista to cache digital IDs, type 0 in the Value data box. Exit Registry Editor.</li></ol>

To modify how long Windows Vista caches digital IDs in an application, follow these steps: <ol> Click Start, type regedit in the Start Search box, and then press ENTER .</li> Locate and then click the following registry subkey:

</li> On the Edit menu, point to New, and then click DWORD Value.</li> Type PrivateKeyLifetimeSeconds to name the new entry, and then press ENTER.</li> Right-click PrivateKeyLifetimeSeconds, and then click Modify.</li> In the Value data box, type the time in seconds for Windows Vista to cache digital IDs in an application, and then click OK.

For example, if you type 2,592,000, Windows Vista caches digital IDs for 30 days.</li> Exit Registry Editor.</li></ol>

To modify the interval at which Windows Vista purges the outdated keys, follow these steps:
 * 1) Click Start, type regedit in the Start Search box, and then press ENTER.
 * 2) Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography
 * 3) On the Edit menu, point to New, and then click DWORD Value.
 * 4) Type PrivKeyCachePurgeIntervalSeconds to name the new entry, and then press ENTER.
 * 5) Right-click PrivKeyCachePurgeIntervalSeconds, and then click Modify.
 * 6) In the Value data box, type the time in seconds for Windows Vista to purges the outdated keys, and then click OK. For example, if you type 2,592,000, Windows Vista purges the outdated keys every 30 days.

Note By default, the value is 86,400. Therefore, if you do not modify this value, Windows Vista purges the outdated keys every single day.
 * 1) Exit Registry Editor.

File information
The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

Windows Vista, 64-bit versions
<div class="moreinformation_section">

MORE INFORMATION
If you configure Microsoft Office Outlook 2003 to use digital signatures in Microsoft Windows XP or in Microsoft Windows 2000, you are prompted to grant Outlook 2003 permission to use a digital ID. This behavior occurs only when you send the first e-mail message after you start Outlook 2003.

To configure Outlook 2007 to use a digital signature when you send e-mail, follow these steps:
 * 1) Start Outlook 2007.
 * 2) On the Tools menu, click Trust Center.
 * 3) In the categories pane, click E-mail Security.
 * 4) Click to select the Add digital signature to outgoing message check box.
 * 5) Click OK.

For more information about the terms that are used to describe software updates, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates

Keywords: kbfix kbqfe kbpubtypekc kbexpertiseadvanced kbexpertisebeginner kbhotfixserver KB936029

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.