Hello everyone,
I am trying to issue separate S/MIME certificates for encryption and signing. For the certificates used for encryption I enabled key archival, but when I try to enroll a user using a smart card KSP the operation fails with the following error: "The parameter is incorrect. 0x80090027 (-2146893785 NTE_INVALID_PARAMETER)". I read that the KSP must support the crypt_archivable flag and I think that is the problem. The question is whether is there a way to enable key archival for the KSP, or the provider simply does not support it?
Thanks in advance,
Bogdan
