Edit

X509PrivateKeyProtection enumeration (certenroll.h)

  • Article

The X509PrivateKeyProtection enumeration specifies the level of private key protection supported by a cryptographic provider. For example, if strong key protection is enabled, the user is typically prompted to enter a password when the key is created and whenever the key is used. The precise behavior is specified by the KSP or CSP being used. The enumeration value can be specified or retrieved by using the KeyProtection property on the IX509PrivateKey interface.

Syntax

typedef enum X509PrivateKeyProtection {
  XCN_NCRYPT_UI_NO_PROTECTION_FLAG = 0,
  XCN_NCRYPT_UI_PROTECT_KEY_FLAG = 0x1,
  XCN_NCRYPT_UI_FORCE_HIGH_PROTECTION_FLAG = 0x2,
  XCN_NCRYPT_UI_FINGERPRINT_PROTECTION_FLAG = 0x4,
  XCN_NCRYPT_UI_APPCONTAINER_ACCESS_MEDIUM_FLAG = 0x8
} ;

Constants

 
XCN_NCRYPT_UI_NO_PROTECTION_FLAG
Value: 0
The protection level is not specified.
XCN_NCRYPT_UI_PROTECT_KEY_FLAG
Value: 0x1
A user interface is displayed to indicate that a process is attempting to use the key. The exact behavior is specified by the KSP or CSP being used. Some Microsoft legacy CSPs allow the client to decide whether a password is required to use the key or whether the user must only acknowledge a prompt.
XCN_NCRYPT_UI_FORCE_HIGH_PROTECTION_FLAG
Value: 0x2
Specifies strong key protection. The user is typically prompted to enter a password when the key is created and whenever the key is used. The exact behavior is specified by the KSP being used. This value is not supported by the Certificate Enrollment API for legacy CSPs.
XCN_NCRYPT_UI_FINGERPRINT_PROTECTION_FLAG
Value: 0x4
XCN_NCRYPT_UI_APPCONTAINER_ACCESS_MEDIUM_FLAG
Value: 0x8

Requirements

Requirement Value
Minimum supported client Windows Vista [desktop apps only]
Minimum supported server Windows Server 2008 [desktop apps only]
Header certenroll.h

See also

CertEnroll Enumerations

CertEnroll Interfaces

IX509PrivateKey