X509KeyUsageFlags enumeration (certenroll.h)
The X509KeyUsageFlags enumeration type specifies the purpose of a key contained in a certificate. You can use the enumeration to identify restrictions. For example, if a key should be used only for signing, you can select the XCN_CERT_DIGITAL_SIGNATURE_KEY_USAGE or the XCN_CERT_NON_REPUDIATION_KEY_USAGE values. Likewise, if a key should be used only for key management, you can select the XCN_CERT_KEY_ENCIPHERMENT_KEY_USAGE value. This enumeration can be used to initialize an IX509ExtensionKeyUsage object.
Syntax
typedef enum X509KeyUsageFlags {
XCN_CERT_NO_KEY_USAGE = 0,
XCN_CERT_DIGITAL_SIGNATURE_KEY_USAGE = 0x80,
XCN_CERT_NON_REPUDIATION_KEY_USAGE = 0x40,
XCN_CERT_KEY_ENCIPHERMENT_KEY_USAGE = 0x20,
XCN_CERT_DATA_ENCIPHERMENT_KEY_USAGE = 0x10,
XCN_CERT_KEY_AGREEMENT_KEY_USAGE = 0x8,
XCN_CERT_KEY_CERT_SIGN_KEY_USAGE = 0x4,
XCN_CERT_OFFLINE_CRL_SIGN_KEY_USAGE = 0x2,
XCN_CERT_CRL_SIGN_KEY_USAGE = 0x2,
XCN_CERT_ENCIPHER_ONLY_KEY_USAGE = 0x1,
XCN_CERT_DECIPHER_ONLY_KEY_USAGE = 0x8000
} ;
Constants
XCN_CERT_NO_KEY_USAGEValue: 0 The purpose of the key is not defined. |
XCN_CERT_DIGITAL_SIGNATURE_KEY_USAGEValue: 0x80 The key is used with a Digital Signature Algorithm (DSA) to support services other than nonrepudiation, certificate signing, or revocation list signing. |
XCN_CERT_NON_REPUDIATION_KEY_USAGEValue: 0x40 The key is used to verify a digital signature as part of a nonrepudiation service that protects against false denial of action by a signing entity. |
XCN_CERT_KEY_ENCIPHERMENT_KEY_USAGEValue: 0x20 The key is used for key transport. That is, the key is used to manage a key passed from its point of origination to another point of use. |
XCN_CERT_DATA_ENCIPHERMENT_KEY_USAGEValue: 0x10 The key is used to encrypt user data other than cryptographic keys. |
XCN_CERT_KEY_AGREEMENT_KEY_USAGEValue: 0x8 The key is used for key agreement. The key agreement or key exchange protocol enables two or more parties to negotiate a key value without transferring the key and without previously establishing a shared secret. |
XCN_CERT_KEY_CERT_SIGN_KEY_USAGEValue: 0x4 The key is used to verify a certificate signature. This value can only be used for certificates issued by certification authorities. |
XCN_CERT_OFFLINE_CRL_SIGN_KEY_USAGEValue: 0x2 The key is used to verify an offline certificate revocation list (CRL) signature. |
XCN_CERT_CRL_SIGN_KEY_USAGEValue: 0x2 The key is used to verify a CRL signature. |
XCN_CERT_ENCIPHER_ONLY_KEY_USAGEValue: 0x1 The key is used to encrypt data while performing key agreement. When this value is specified, the XCN_CERT_KEY_AGREEMENT_KEY_USAGE value must also be specified. |
XCN_CERT_DECIPHER_ONLY_KEY_USAGEValue: 0x8000 The key is used to decrypt data while performing key agreement. When this value is specified, the XCN_CERT_KEY_AGREEMENT_KEY_USAGE must also be specified. |
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows Vista [desktop apps only] |
| Minimum supported server | Windows Server 2008 [desktop apps only] |
| Header | certenroll.h |
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for