The "Request For Permission to Use a Key" dialog box appears whenever you try to send an e-mail message in Outlook 2007 after you configure Outlook 2007 to use a digital signature in Windows Vista

Article translations Article translations
Article ID: 936029 - View products that this article applies to.
Important This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows registry
Expand all | Collapse all

On This Page

SYMPTOMS

Consider the following scenario.
  • On a computer that is running Windows Vista, you configure Microsoft Office Outlook 2007 to use a digital signature when you send e-mail.
  • You import a digital ID into Outlook 2007.
In this scenario, the Request For Permission to Use a Key dialog box appears whenever you try to send an e-mail message. After you grant Outlook 2007 permission to use the digital ID, Outlook 2007 successfully sends the e-mail message.

Note When you try to send the e-mail message, you may also be prompted to enter the password of the digital ID. This situation depends on the security level that you specify for the digital ID.

RESOLUTION

Service pack information

To resolve this problem, obtain the latest service pack for Windows Vista. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
935791 How to obtain the latest Windows Vista service pack
After you apply the following hotfix, Windows Vista caches the digital ID that an application uses. Therefore, the Request For Permission to Use a Key dialog box still appears when you send the first e-mail message after you start Outlook 2007.

By default, Windows Vista can cache up to 20 digital IDs in an application. However, you can modify the registry to configure this number. For information about how to do this, see the "Registry information" section.

Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=support
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

No prerequisites are required.

Restart requirement

You have to restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace any other hotfixes.

Registry information

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

To configure the number of digital IDs that Windows Vista can cache in an application, follow these steps:
  1. Click Start, type regedit in the Start Search box, and then press ENTER.
  2. Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography
  3. On the Edit menu, point to New, and then click DWORD Value.
  4. Type PrivKeyCacheMaxItems to name the new entry, and then press ENTER.
  5. Right-click PrivKeyCacheMaxItems, and then click Modify.
  6. In the Value data box, type the maximum number of digital IDs that Windows Vista can cache in an application, and then click OK.

    Note If you do not want Windows Vista to cache digital IDs, type 0 in the Value data box.
  7. Exit Registry Editor.
To modify how long Windows Vista caches digital IDs in an application, follow these steps:
  1. Click Start, type regedit in the Start Search box, and then press ENTER.
  2. Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography
  3. On the Edit menu, point to New, and then click DWORD Value.
  4. Type PrivateKeyLifetimeSeconds to name the new entry, and then press ENTER.
  5. Right-click PrivateKeyLifetimeSeconds, and then click Modify.
  6. In the Value data box, type the time in seconds for Windows Vista to cache digital IDs in an application, and then click OK.

    For example, if you type 2,592,000, Windows Vista caches digital IDs for 30 days.
  7. Exit Registry Editor.
To modify the interval at which Windows Vista purges the outdated keys, follow these steps:
  1. Click Start, type regedit in the Start Search box, and then press ENTER.
  2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography
  3. On the Edit menu, point to New, and then click DWORD Value.
  4. Type PrivKeyCachePurgeIntervalSeconds to name the new entry, and then press ENTER.
  5. Right-click PrivKeyCachePurgeIntervalSeconds, and then click Modify.
  6. In the Value data box, type the time in seconds for Windows Vista to purges the outdated keys, and then click OK. For example, if you type 2,592,000, Windows Vista purges the outdated keys every 30 days.

    Note By default, the value is 86,400. Therefore, if you do not modify this value, Windows Vista purges the outdated keys every single day.
  7. Exit Registry Editor.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
Windows Vista, 32-bit versions
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Update.mumNot applicable2,21514-Jun-200719:00Not applicable
X86_9d7228792e889a3521ad80908f2ee065_31bf3856ad364e35_6.0.6000.20619_none_1e22594545dbfa0c.manifestNot applicable1,04214-Jun-200719:00Not applicable
X86_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.0.6000.20619_none_5c7fe47f0d932055.manifestNot applicable5,95214-Jun-200719:02Not applicable
X86_microsoft-windows-ncryptui-dll_31bf3856ad364e35_6.0.6000.20619_none_803d432ffefba84d.manifestNot applicable7,24614-Jun-200719:02Not applicable
Ncrypt.dll6.0.6000.20619192,51214-Jun-200702:17x86
Ncryptui.dll6.0.6000.20619437,76014-Jun-200702:17x86
Windows Vista, 64-bit versions
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Amd64_9d7228792e889a3521ad80908f2ee065_31bf3856ad364e35_6.0.6000.20619_none_7a40f4c8fe396b42.manifestNot applicable1,04414-Jun-200719:00Not applicable
Amd64_d0add7ef75dd06eb27f0ef5d7587e2ca_31bf3856ad364e35_6.0.6000.20619_none_666dc38989373894.manifestNot applicable1,04814-Jun-200719:00Not applicable
Amd64_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.0.6000.20619_none_b89e8002c5f0918b.manifestNot applicable5,97214-Jun-200719:07Not applicable
Amd64_microsoft-windows-ncryptui-dll_31bf3856ad364e35_6.0.6000.20619_none_dc5bdeb3b7591983.manifestNot applicable7,27614-Jun-200719:07Not applicable
Package_1_for_kb936029~31bf3856ad364e35~amd64~~6.0.1.0.mumNot applicable2,00714-Jun-200719:00Not applicable
Package_2_for_kb936029~31bf3856ad364e35~amd64~~6.0.1.0.mumNot applicable2,22814-Jun-200719:00Not applicable
Update.mumNot applicable1,90914-Jun-200719:00Not applicable
Ncrypt.dll6.0.6000.20619237,56814-Jun-200703:22x64
Ncryptui.dll6.0.6000.20619570,36814-Jun-200703:22x64

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section. This problem was first corrected in Windows Vista Service Pack 1.

MORE INFORMATION

If you configure Microsoft Office Outlook 2003 to use digital signatures in Microsoft Windows XP or in Microsoft Windows 2000, you are prompted to grant Outlook 2003 permission to use a digital ID. This behavior occurs only when you send the first e-mail message after you start Outlook 2003.

To configure Outlook 2007 to use a digital signature when you send e-mail, follow these steps:
  1. Start Outlook 2007.
  2. On the Tools menu, click Trust Center.
  3. In the categories pane, click E-mail Security.
  4. Click to select the Add digital signature to outgoing message check box.
  5. Click OK.
For more information about the terms that are used to describe software updates, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Properties

Article ID: 936029 - Last Review: October 8, 2011 - Revision: 5.0
APPLIES TO
  • Windows Vista Home Premium
  • Windows Vista Ultimate
  • Windows Vista Business
  • Windows Vista Enterprise
  • Windows Vista Home Premium 64-bit Edition
  • Windows Vista Ultimate 64-bit Edition
  • Windows Vista Business 64-bit Edition
  • Windows Vista Enterprise 64-bit Edition
Keywords: 
kbautohotfix kbvistasp1fix kbexpertisebeginner kbexpertiseadvanced kbfix kbqfe kbHotfixServer KB936029

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com