The <PrivateKeyAttributes> complex type contains the attributes for the private key that will be associated with any certificate request for the corresponding CertificateEnrollmentPolicy object.

 <xs:complexType name="PrivateKeyAttributes">
     <xs:element name="minimalKeyLength" type="xs:unsignedInt" />
     <xs:element name="keySpec" type="xs:unsignedInt"
       nillable="true" />
     <xs:element name="keyUsageProperty" type="xs:unsignedInt"
       nillable="true" />
     <xs:element name="permissions" type="xs:string"
       nillable="true" />
     <xs:element name="algorithmOIDReference" type="xs:int"
       nillable="true" />
     <xs:element name="cryptoProviders" type="xcep:CryptoProviders"
       nillable="true" />

minimalKeyLength: An integer specifying the minimum key length in bits for the private key. The value of the <minimalKeyLength> element MUST be a positive nonzero number.

keySpec: This element has identical semantics for the <pKIDefaultKeySpec> attribute specified in [MS-WCCE] section

keyUsageProperty: This element has identical semantics to the <pKIKeyUsage> attribute specified in [MS-WCCE] section

permissions: Used to specify a Security Descriptor Definition Language (SDDL) representation of the permissions when a private key is created.

algorithmOIDReference: An integer reference to an <oIDReferenceID> element of an existing OID (section object in a GetPoliciesResponse message. The OID object that is referenced corresponds to the asymmetric algorithm of the private key.

cryptoProviders: An instance of the CryptoProviders object as specified in section If there are no cryptographic providers to be specified, the <cryptoProviders> element MUST be nil.