X509CertificateTemplatePrivateKeyFlag enumeration (certenroll.h)

The X509CertificateTemplatePrivateKeyFlag enumeration contains values that specify client actions regarding a private key.

Syntax

typedef enum X509CertificateTemplatePrivateKeyFlag {
  PrivateKeyRequireArchival,
  PrivateKeyExportable,
  PrivateKeyRequireStrongKeyProtection,
  PrivateKeyRequireAlternateSignatureAlgorithm,
  PrivateKeyRequireSameKeyRenewal,
  PrivateKeyUseLegacyProvider,
  PrivateKeyEKTrustOnUse,
  PrivateKeyEKValidateCert,
  PrivateKeyEKValidateKey,
  PrivateKeyAttestNone,
  PrivateKeyAttestPreferred,
  PrivateKeyAttestRequired,
  PrivateKeyAttestMask,
  PrivateKeyAttestWithoutPolicy,
  PrivateKeyServerVersionMask,
  PrivateKeyServerVersionShift,
  PrivateKeyHelloKspKey,
  PrivateKeyHelloLogonKey,
  PrivateKeyClientVersionMask,
  PrivateKeyClientVersionShift
} ;

Constants

 
PrivateKeyRequireArchival
Instructs the client to create a key archival certificate request.
PrivateKeyExportable
Instructs the client to allow other applications to export the private key to a Personal Information Exchange (PFX) message. The message is typically saved in a file with a .pfx extension.
PrivateKeyRequireStrongKeyProtection
Instructs the client to use additional protection for the private key.
PrivateKeyRequireAlternateSignatureAlgorithm
If this flag is defined, the client must sign the certificate request by using the PKCS #1 version 2.1 signature format which requires that the hash algorithm OID be encoded into the signature parameters. If this flag is not defined the client must sign the certificate request by using the PKCS #1 version 1.5 signature format which requires that the hash and asymmetric algorithm object identifiers (OIDs) be combined into a single OID and that the signature parameters be set to NULL.
PrivateKeyRequireSameKeyRenewal
PrivateKeyUseLegacyProvider
PrivateKeyEKTrustOnUse
PrivateKeyEKValidateCert
PrivateKeyEKValidateKey
PrivateKeyAttestNone
PrivateKeyAttestPreferred
PrivateKeyAttestRequired
PrivateKeyAttestMask
PrivateKeyAttestWithoutPolicy
PrivateKeyServerVersionMask
PrivateKeyServerVersionShift
PrivateKeyHelloKspKey
PrivateKeyHelloLogonKey
PrivateKeyClientVersionMask
PrivateKeyClientVersionShift

Requirements

   
Minimum supported client Windows 7 [desktop apps only]
Minimum supported server Windows Server 2008 R2 [desktop apps only]
Header certenroll.h