Events
May 19, 6 PM - May 23, 12 AM
Calling all developers, creators, and AI innovators to join us in Seattle @Microsoft Build May 19-22.
Register todayICertAdmin2::GetArchivedKey method (certadm.h)
The GetArchivedKey method retrieves an archived key recovery BLOB. This method was first defined in the ICertAdmin interface.
HRESULT GetArchivedKey(
[in] const BSTR strConfig,
[in] LONG RequestId,
[in] LONG Flags,
[out] BSTR *pstrArchivedKey
);
[in] strConfig
Represents a valid configuration string for the certification authority (CA) in the form ComputerName\CAName, where ComputerName is the Certificate Services server's network name, and CAName is the common name of the CA, as entered during Certificate Services setup. For information about the configuration string name, see ICertConfig.
Important GetArchivedKey does not clear the internal cache when the configuration string is changed. When you change the configuration string for the CA, you must instantiate a new ICertAdmin object and call this method again with the new configuration string.
[in] RequestId
Represents the certificate request ID in the Certificates Services database.
[in] Flags
The following flags can be used to specify the format of the returned BLOB.
| Value | Meaning |
|---|---|
|
BASE64 without BEGIN/END |
|
BASE64 with BEGIN CERTIFICATE and END CERTIFICATE |
|
Binary |
[out] pstrArchivedKey
A pointer to the string that represents the retrieved archived key BLOB. When you have finished using this string, it is the responsibility of the caller to free it by calling the SysFreeString function.
The return value is an HRESULT. A value of S_OK indicates the method was successful. A string that contains the retrieved archived key BLOB.An archived key is encrypted in a PKCS #7 to the key recovery agent certificate or certificates, and is stored in the Certificate Services database in that form. This method retrieves the encrypted PKCS #7 from the Certificate Services database, wraps it in a signed PKCS #7 which contains the user certificate and chain, the key recovery agent certificate or certificates, and the certification authority's signing certificate and chain. An authenticated attribute contains a certificate used to uniquely identify the user certificate.
| Requirement | Value |
|---|---|
| Minimum supported client | None supported |
| Minimum supported server | Windows Server 2003 [desktop apps only] |
| Target Platform | Windows |
| Header | certadm.h (include Certsrv.h) |
| Library | Certidl.lib |
| DLL | Certadm.dll |