You are no longer prompted to enter your private key password every time that the private key is accessed after you upgrade your computer to Windows XP Service Pack 2

Support for Windows XP has ended

Microsoft ended support for Windows XP on April 8, 2014. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

This article has been archived. It is offered "as is" and will no longer be updated.
Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows registry
Symptoms
You are no longer prompted to enter your private key password when strong private key protection functionality is set to high. This issue occurs after you upgrade your computer to Microsoft Windows XP Service Pack 2 (SP2), or after you install the hotfix that is described in the following article in the Microsoft Knowledge Base:
821574 Windows prompts you for your password multiple times when you use Outlook if strong private key protection is set to high
When strong private key protection functionality is set to high by using a software key in CryptoAPI, you are no longer prompted to enter your private key password every time that the private key is used to sign data, to encrypt data, or to decrypt data. You are only prompted to enter your private key password the first time that the private key is accessed.
Cause
This issue occurs because of a change in the functionality of Windows XP SP2. This change in functionality is documented in the Microsoft Knowledge Base article 821574 that is listed in the Cause section.
Workaround
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

To work around this issue, add the PrivKeyCacheMaxItems registry entry to the following registry subkey, and then set the registry entry to 0 (zero):
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Cryptography
To do this, follow these steps:
  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Cryptography
  3. On the Edit menu, point to New, and then click DWORD Value.
  4. Type PrivKeyCacheMaxItems, and then press ENTER.
  5. Right-click PrivKeyCacheMaxItems, and then click Properties.
  6. Type 0 in the Value data box, and then click OK.
  7. Quit Registry Editor.
Properties

Article ID: 890062 - Last Review: 01/16/2015 16:33:34 - Revision: 4.0

  • Microsoft Windows XP Professional
  • Microsoft Windows XP Home Edition
  • kbnosurvey kbarchive kbpending kbbug kbtshoot KB890062
Feedback