- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I recently upgrade IPT with PKI from v3.1.0.182 to v4.0.5.25, then I can not use CryptImportKey any more.
Because it returns 0x000000b7(maybe ERROR_ALREADY_EXISTS) after PIN setting PTD displayed.
Only container created.
I set dwFlags as CRYPT_USER_PROTECTED to use PKI with PTD.
I did not change any source codes, but only changed provider from Intel IPT Enhanced Cryptographic Provider to Intel IPT CSP - Non-Exportable Keys.
What is wrong with it? or any misuse?
Is there any solution to it?
Thank you in advance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
In version 4.x, the secure import and secure export functionality is not supported in the “Intel IPT CSP – Non-Exportable Keys” CSP.
To use secure import or secure export, you must use the new “Intel IPT CSP – Exportable Keys” CSP.
Please let me know if this helps you,
Gael
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
As indicated in the attached Release Notes for v4.0.5.25 and the excerpt below, the name of the Cryptographic Service Providers (CSP) in v4 has changed, and the “Intel IPT Cryptographic Provider” CSP has been removed. You will need to change your code to use the new CSP names.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
In version 4.x, the secure import and secure export functionality is not supported in the “Intel IPT CSP – Non-Exportable Keys” CSP.
To use secure import or secure export, you must use the new “Intel IPT CSP – Exportable Keys” CSP.
Please let me know if this helps you,
Gael
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I was looking forward to your response :)
You mean that I cannot use certificates in the form of pkcs#12 any more with PTD?
Actually I tried to import through “Intel IPT CSP – Exportable Keys”, but the result was same.
If "secure import" means import through a migration authority,
Then how can I import certificates securely?
There is any technical documents of secure import or detail of changed specification of IPT with PKI?
I am so sorry for too many questions.
I really appreciate your kind and detail answer.
Kiyoung
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am talking to the experts on this - so that is why there is a delay in my responses. They are wondering if you are integrating this into a product or if this is a Proof of Concept?
Thanks,
Gael
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In Korea, almost people have one or more certificates already.
So if it is impossible to import certificate, we can not use IPT even though it is a wonderful technology.
I hope I can make many people, companies, and government use Intel IPT with PKI.
Next week. I have to show manufacturers it is possible with a 6th generation machine of them.
Our company finished development with Intel IPT Enhanced Cryptographic Provider on Broadwell PC.
I tried to use 3.x IPT on new machine, but it was impossible to install on the machine.
Is there any solution?
Kiyoung
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Gael Hofemeier (Intel) wrote:
I am talking to the experts on this - so that is why there is a delay in my responses. They are wondering if you are integrating this into a product or if this is a Proof of Concept?
Thanks,
Gael
Yes, We are using IPT with PKI as a main secure certificate storage in our product.
If we can not use it, manufacturers do not make a vPro product line.
Thanks,
Kiyoung
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
According to the Release Notes,
Intel IPT Enhanced Cryptographic Provider The name of this CSP has been changed to: “Intel IPT CSP – Non-Exportable Keys”.
The functionality of the CSP has not changed.
I think that certificate import should be allowed. if not, it is bug.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi - could you send me your email in a private message? I need to connect you to our folks who can help you.
Gael
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Gael Hofemeier (Intel) wrote:
Hi - could you send me your email in a private message? I need to connect you to our folks who can help you.
Gael
Hello,
I did not receive any message from your folks.
Did you received my message? if not, my email address is kiyoung.kky at gmail.com.
I have not much time, I have to answer to my customers - manufacturers.
Would you let me know what is going on inside the team?
Thank you,
Kiyoung

- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page