3.1.4.1.3.20 PrivateKeyAttributes

The <PrivateKeyAttributes> complex type contains the attributes for the private key that will be associated with any certificate request for the corresponding CertificateEnrollmentPolicy object.

 <xs:complexType name="PrivateKeyAttributes">
   <xs:sequence>
     <xs:element name="minimalKeyLength" type="xs:unsignedInt" />
     <xs:element name="keySpec" type="xs:unsignedInt"
       nillable="true" />
     <xs:element name="keyUsageProperty" type="xs:unsignedInt"
       nillable="true" />
     <xs:element name="permissions" type="xs:string"
       nillable="true" />
     <xs:element name="algorithmOIDReference" type="xs:int"
       nillable="true" />
     <xs:element name="cryptoProviders" type="xcep:CryptoProviders"
       nillable="true" />
   </xs:sequence>
 </xs:complexType>

minimalKeyLength: An integer specifying the minimum key length in bits for the private key. The value of the <minimalKeyLength> element MUST be a positive nonzero number.

keySpec: This element has identical semantics for the <pKIDefaultKeySpec> attribute specified in [MS-WCCE] section 3.1.2.4.2.2.1.5.

keyUsageProperty: This element has identical semantics to the <pKIKeyUsage> attribute specified in [MS-WCCE] section 3.1.2.4.2.2.1.3.

permissions: Used to specify a Security Descriptor Definition Language (SDDL) representation of the permissions when a private key is created.

algorithmOIDReference: An integer reference to an <oIDReferenceID> element of an existing OID (section 3.1.4.1.3.16) object in a GetPoliciesResponse message. The OID object that is referenced corresponds to the asymmetric algorithm of the private key.

cryptoProviders: An instance of the CryptoProviders object as specified in section 3.1.4.1.3.10. If there are no cryptographic providers to be specified, the <cryptoProviders> element MUST be nil.