X509KeySpec enumeration (certenroll.h)
The X509KeySpec enumeration type specifies the intended use of a key for a legacy cryptographic service provider (CSP). Legacy CSPs can support at most one signature algorithm (XCN_AT_SIGNATURE) and one encryption algorithm (XCN_AT_KEYEXCHANGE). This enumeration is used by the following interfaces:
- ICspInformation
- ICspInformations
- IX509AttributeCspProvider
- IX509CertificateRequestPkcs10
- IX509PrivateKey
Syntax
typedef enum X509KeySpec {
XCN_AT_NONE = 0,
XCN_AT_KEYEXCHANGE = 1,
XCN_AT_SIGNATURE = 2
} ;
Constants
XCN_AT_NONEValue: 0 The intended use is not identified. This value is set if the provider that supports the key is a Cryptography API: Next Generation (CNG) key storage provider (KSP). |
XCN_AT_KEYEXCHANGEValue: 1 The key can be used to encrypt (including key exchange) or sign depending on the algorithm. For RSA algorithms, if this value is set, the key can be used for both signing and encryption. For other algorithms, signing may not be supported. Further, only encryption for key exchange may be supported. Note The KEYEXCHANGE portion of the value name is a carryover from CryptoAPI where it originally referred to the symmetric encryption of a private key used during key exchange. Use of the term ultimately expanded to cover all symmetric encryption. |
XCN_AT_SIGNATUREValue: 2 The key can be used for signing. |
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows Vista [desktop apps only] |
| Minimum supported server | Windows Server 2008 [desktop apps only] |
| Header | certenroll.h |
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for