X509KeySpec enumeration (certenroll.h)

The X509KeySpec enumeration type specifies the intended use of a key for a legacy cryptographic service provider (CSP). Legacy CSPs can support at most one signature algorithm (XCN_AT_SIGNATURE) and one encryption algorithm (XCN_AT_KEYEXCHANGE). This enumeration is used by the following interfaces:


typedef enum X509KeySpec {
} ;


Name Description
XCN_AT_NONE The intended use is not identified. This value is set if the provider that supports the key is a Cryptography API: Next Generation (CNG) key storage provider (KSP).
XCN_AT_KEYEXCHANGE The key can be used to encrypt (including key exchange) or sign depending on the algorithm. For RSA algorithms, if this value is set, the key can be used for both signing and encryption. For other algorithms, signing may not be supported. Further, only encryption for key exchange may be supported.

Note  The KEYEXCHANGE portion of the value name is a carryover from CryptoAPI where it originally referred to the symmetric encryption of a private key used during key exchange. Use of the term ultimately expanded to cover all symmetric encryption.

XCN_AT_SIGNATURE The key can be used for signing.


Minimum supported client Windows Vista [desktop apps only]
Minimum supported server Windows Server 2008 [desktop apps only]
Header certenroll.h

See also

CertEnroll Enumerations

CertEnroll Interfaces