X509PrivateKeyProtection enumeration (certenroll.h)
The X509PrivateKeyProtection enumeration specifies the level of private key protection supported by a cryptographic provider. For example, if strong key protection is enabled, the user is typically prompted to enter a password when the key is created and whenever the key is used. The precise behavior is specified by the KSP or CSP being used. The enumeration value can be specified or retrieved by using the KeyProtection property on the IX509PrivateKey interface.
Syntax
typedef enum X509PrivateKeyProtection {
XCN_NCRYPT_UI_NO_PROTECTION_FLAG = 0,
XCN_NCRYPT_UI_PROTECT_KEY_FLAG = 0x1,
XCN_NCRYPT_UI_FORCE_HIGH_PROTECTION_FLAG = 0x2,
XCN_NCRYPT_UI_FINGERPRINT_PROTECTION_FLAG = 0x4,
XCN_NCRYPT_UI_APPCONTAINER_ACCESS_MEDIUM_FLAG = 0x8
} ;
Constants
XCN_NCRYPT_UI_NO_PROTECTION_FLAGValue: 0 The protection level is not specified. |
XCN_NCRYPT_UI_PROTECT_KEY_FLAGValue: 0x1 A user interface is displayed to indicate that a process is attempting to use the key. The exact behavior is specified by the KSP or CSP being used. Some Microsoft legacy CSPs allow the client to decide whether a password is required to use the key or whether the user must only acknowledge a prompt. |
XCN_NCRYPT_UI_FORCE_HIGH_PROTECTION_FLAGValue: 0x2 Specifies strong key protection. The user is typically prompted to enter a password when the key is created and whenever the key is used. The exact behavior is specified by the KSP being used. This value is not supported by the Certificate Enrollment API for legacy CSPs. |
XCN_NCRYPT_UI_FINGERPRINT_PROTECTION_FLAGValue: 0x4 |
XCN_NCRYPT_UI_APPCONTAINER_ACCESS_MEDIUM_FLAGValue: 0x8 |
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows Vista [desktop apps only] |
| Minimum supported server | Windows Server 2008 [desktop apps only] |
| Header | certenroll.h |