X509KeySpec enumeration (certenroll.h)

The X509KeySpec enumeration type specifies the intended use of a key for a legacy cryptographic service provider (CSP). Legacy CSPs can support at most one signature algorithm (XCN_AT_SIGNATURE) and one encryption algorithm (XCN_AT_KEYEXCHANGE). This enumeration is used by the following interfaces:

Syntax

typedef enum X509KeySpec {
  XCN_AT_NONE = 0,
  XCN_AT_KEYEXCHANGE = 1,
  XCN_AT_SIGNATURE = 2
} ;

Constants

 
XCN_AT_NONE
Value: 0
The intended use is not identified. This value is set if the provider that supports the key is a Cryptography API: Next Generation (CNG) key storage provider (KSP).
XCN_AT_KEYEXCHANGE
Value: 1
The key can be used to encrypt (including key exchange) or sign depending on the algorithm. For RSA algorithms, if this value is set, the key can be used for both signing and encryption. For other algorithms, signing may not be supported. Further, only encryption for key exchange may be supported.

Note  The KEYEXCHANGE portion of the value name is a carryover from CryptoAPI where it originally referred to the symmetric encryption of a private key used during key exchange. Use of the term ultimately expanded to cover all symmetric encryption.

 
XCN_AT_SIGNATURE
Value: 2
The key can be used for signing.

Requirements

Requirement Value
Minimum supported client Windows Vista [desktop apps only]
Minimum supported server Windows Server 2008 [desktop apps only]
Header certenroll.h

See also

CertEnroll Enumerations

CertEnroll Interfaces

IX509PrivateKey