Edit

Share via

X509CertificateTemplatePrivateKeyFlag enumeration (certenroll.h)

  • Article

The X509CertificateTemplatePrivateKeyFlag enumeration contains values that specify client actions regarding a private key.

Syntax

typedef enum X509CertificateTemplatePrivateKeyFlag {
  PrivateKeyRequireArchival = 0x1,
  PrivateKeyExportable = 0x10,
  PrivateKeyRequireStrongKeyProtection = 0x20,
  PrivateKeyRequireAlternateSignatureAlgorithm = 0x40,
  PrivateKeyRequireSameKeyRenewal = 0x80,
  PrivateKeyUseLegacyProvider = 0x100,
  PrivateKeyEKTrustOnUse = 0x200,
  PrivateKeyEKValidateCert = 0x400,
  PrivateKeyEKValidateKey = 0x800,
  PrivateKeyAttestNone = 0,
  PrivateKeyAttestPreferred = 0x1000,
  PrivateKeyAttestRequired = 0x2000,
  PrivateKeyAttestMask = 0x3000,
  PrivateKeyAttestWithoutPolicy = 0x4000,
  PrivateKeyServerVersionMask = 0xf0000,
  PrivateKeyServerVersionShift = 16,
  PrivateKeyHelloKspKey = 0x100000,
  PrivateKeyHelloLogonKey = 0x200000,
  PrivateKeyClientVersionMask = 0xf000000,
  PrivateKeyClientVersionShift = 24
} ;

Constants

 
PrivateKeyRequireArchival
Value: 0x1
Instructs the client to create a key archival certificate request.
PrivateKeyExportable
Value: 0x10
Instructs the client to allow other applications to export the private key to a Personal Information Exchange (PFX) message. The message is typically saved in a file with a .pfx extension.
PrivateKeyRequireStrongKeyProtection
Value: 0x20
Instructs the client to use additional protection for the private key.
PrivateKeyRequireAlternateSignatureAlgorithm
Value: 0x40
If this flag is defined, the client must sign the certificate request by using the PKCS #1 version 2.1 signature format which requires that the hash algorithm OID be encoded into the signature parameters. If this flag is not defined the client must sign the certificate request by using the PKCS #1 version 1.5 signature format which requires that the hash and asymmetric algorithm object identifiers (OIDs) be combined into a single OID and that the signature parameters be set to NULL.
PrivateKeyRequireSameKeyRenewal
Value: 0x80
PrivateKeyUseLegacyProvider
Value: 0x100
PrivateKeyEKTrustOnUse
Value: 0x200
PrivateKeyEKValidateCert
Value: 0x400
PrivateKeyEKValidateKey
Value: 0x800
PrivateKeyAttestNone
Value: 0
PrivateKeyAttestPreferred
Value: 0x1000
PrivateKeyAttestRequired
Value: 0x2000
PrivateKeyAttestMask
Value: 0x3000
PrivateKeyAttestWithoutPolicy
Value: 0x4000
PrivateKeyServerVersionMask
Value: 0xf0000
PrivateKeyServerVersionShift
Value: 16
PrivateKeyHelloKspKey
Value: 0x100000
PrivateKeyHelloLogonKey
Value: 0x200000
PrivateKeyClientVersionMask
Value: 0xf000000
PrivateKeyClientVersionShift
Value: 24

Requirements

Requirement Value
Minimum supported client Windows 7 [desktop apps only]
Minimum supported server Windows Server 2008 R2 [desktop apps only]
Header certenroll.h