SafeGuard LAN Crypt: User certificate cannot be found

  • Article ID: 118440
  • Updated: 16 Jul 2013

Issue

At every Login the LAN Crypt Client asks and accepts the Certificate PIN and says, the user certificate isn't found.

First seen in
Every LAN Crypt Client, which uses profiles created with SafeGuard LAN Crypt Administration 3.80 or higher.

Cause

The SafeGuard LAN Crypt Client uses a cryptographic Provider (CSP), which is not capable to decrypt the policy data with the configured algorithm.

Look at the Central Settings tab 'other settings'. You should see 'Use key wrapping' with the configured algorithm AES.

What To Do

Activate ‘Use Key wrapping’ and change the algorithm to any supported algorithm, e.g. 3DES. If you did not change the CSP settings for the client, AES encryption is not supported.

If 'Use key wrapping' (default setting) is selected, the Security Officer data and user profile data will be encrypted using a random session key with the selected algorithm (default 3DES). This sessions key then again is RSA-encrypted with the public key from the certificate.

If ‘Use key wrapping’ is not selected, the data will be RSA-encrypted with the public key from the certificate. This operation is usually not supported if smartcards are used.

If you want to keep the configured algorithm, you have to select a CSP which supports this algorithm. The CSP has to be configured using the group policy settings “SafeGuard\Client Settings\CSPs and Algorithms”.

An overview of the built in CSPs and their capabilities can be found here: Microsoft Cryptographic Service Providers.

If you use smartcards, please consult the documentation of the smartcard CSP and middleware about the supported algorithms.

Note: User Profiles have to be recreated.

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments