ICertPropertyArchivedKeyHash interface (certenroll.h)

The ICertPropertyArchivedKeyHash interface represents a SHA-1 hash of an encrypted private key submitted to a certification authority for archival.

To archive a private key, a client first encrypts the key by using the public key from a CA exchange certificate. The client then places the encrypted private key into a PKCS #7 EnvelopedData structure and hashes the structure by using a SHA-1 hash algorithm. The resulting hash is used to initialize an ICertPropertyArchivedKeyHash object and is included in a CMC certificate request. The property value is typically associated with the certificate after the certificate response is received from the CA and before the response is placed in a store.

This property is initialized by the enrollment process and associated with the dummy certificate that is temporarily copied to the request store. If the CA denies the certificate request, the dummy certificate in the request store and all properties associated with it are deleted. If the CA issues the certificate and it is installed in the certificate store, this property is associated with the new certificate in the personal store and the dummy certificate is deleted.

Note  The CERTENROLL_PROPERTYID value is XCN_CERT_ARCHIVED_KEY_HASH_PROP_IDD.

 

Inheritance

The ICertPropertyArchivedKeyHash interface inherits from ICertProperty. ICertPropertyArchivedKeyHash also has these types of members:

Methods

The ICertPropertyArchivedKeyHash interface has these methods.

 
ICertPropertyArchivedKeyHash::get_ArchivedKeyHash

Retrieves a SHA-1 hash of the private key.
ICertPropertyArchivedKeyHash::Initialize

Initializes the object from a byte array that contains the hash.

Requirements

Requirement Value
Minimum supported client Windows Vista [desktop apps only]
Minimum supported server Windows Server 2008 [desktop apps only]
Target Platform Windows
Header certenroll.h

See also

CertEnroll Interfaces

ICertProperty