ICEnroll3::get_LimitExchangeKeyToEncipherment method (xenroll.h)

[This property is no longer available for use as of Windows Server 2008 and Windows Vista.]

The LimitExchangeKeyToEncipherment property sets or retrieves a Boolean value that determines whether an AT_KEYEXCHANGE request contains digital signature and nonrepudiation key usages.

This property was first introduced in the ICEnroll3 interface.

This property is read/write.

Syntax

HRESULT get_LimitExchangeKeyToEncipherment(
  BOOL *fLimitExchangeKeyToEncipherment
);

Parameters

fLimitExchangeKeyToEncipherment

Return value

None

Remarks

This property is a Boolean value and affects only AT_KEYEXCHANGE requests. It has no impact on AT_SIGNATURE requests.

If the value for this property is false, an AT_KEYEXCHANGE request will contain the following key usages:

  • CERT_DATA_ENCIPHERMENT_KEY_USAGE
  • CERT_KEY_ENCIPHERMENT_KEY_USAGE
  • CERT_DIGITAL_SIGNATURE_KEY_USAGE
  • CERT_NON_REPUDIATION_KEY_USAGE

If the value for this property is true, an AT_KEYEXCHANGE request will contain the following key usages:

  • CERT_DATA_ENCIPHERMENT_KEY_USAGE
  • CERT_KEY_ENCIPHERMENT_KEY_USAGE

Examples

// Get the LimitExchangeKeyToEncipherment value.
BOOL       bLimitKey;
HRESULT    hr;
// pEnroll is previously instantiated ICEnroll interface pointer.
hr = pEnroll->get_LimitExchangeKeyToEncipherment(&bLimitKey);
if (FAILED(hr))
    printf("Failed get_LimitExchangeKeyToEncipherment - %x\n", hr );
else
    printf("LimitExchangeKeyToEncipherment: %s\n",
          ( bLimitKey ? "TRUE" : "FALSE"));

// Set the LimitExchangeKeyToEncipherment value.
hr = pEnroll->put_LimitExchangeKeyToEncipherment( TRUE );
if ( FAILED ( hr ) )
    printf("Failed put_LimitExchangeKeyToEncipherment - %x\n", hr );
else
    printf( "LimitExchangeKeyToEncipherment was set to TRUE\n" );

Requirements

Requirement Value
Minimum supported client Windows XP [desktop apps only]
Minimum supported server Windows Server 2003 [desktop apps only]
Target Platform Windows
Header xenroll.h
Library Uuid.lib
DLL Xenroll.dll

See also

CEnroll

ICEnroll3

ICEnroll4

KeySpec