KeyContainerPermissionFlags 枚举


指定允许的密钥容器访问类型。Specifies the type of key container access allowed.

此枚举有一个 FlagsAttribute 属性,允许按位组合成员值。

public enum class KeyContainerPermissionFlags
public enum KeyContainerPermissionFlags
type KeyContainerPermissionFlags = 
Public Enum KeyContainerPermissionFlags


AllFlags 13111

创建、解密、删除、打开密钥容器;导出、导入密钥;使用密钥给文件签名;查看并更改密钥容器的访问控制列表。Create, decrypt, delete, and open a key container; export and import a key; sign files using a key; and view and change the access control list for a key container.

ChangeAcl 8192

更改密钥容器的访问控制列表 (ACL)。Change the access control list (ACL) for a key container.

Create 1

创建密钥容器。Create a key container.

创建密钥容器时还会在磁盘上创建一个文件。Creating a key container also creates a file on disk. 请务必注意,创建的任何密钥容器都将在不再使用时删除,这一点非常重要。It is very important that any key container that is created is removed when it is no longer in use.

Decrypt 512

解密密钥容器。Decrypt a key container.

解密是一项特权操作,因为需要使用私钥。Decryption is a privileged operation because it uses the private key.

Delete 4

删除密钥容器。Delete a key container.

删除密钥容器可能导致拒绝服务攻击,因为删除密钥容器会阻止使用经密钥加密或签名的文件。Deleting a key container can constitute a denial of service attack because it prevents the use of files encrypted or signed with the key. 因此,删除是一项特权操作。Therefore, deletion is a privileged operation.

Export 32

从密钥容器导出密钥。Export a key from a key container.

导出密钥的功能可能是有害的,因为它会破坏该密钥的唯一性。The ability to export a key is potentially harmful because it removes the exclusivity of the key.

Import 16

将密钥导入密钥容器。Import a key into a key container.

类似于删除容器的功能,导入密钥的功能同样可能有害,因为向已命名的密钥容器导入密钥会替换已有的密钥。The ability to import a key can be as harmful as the ability to delete a container because importing a key into a named key container replaces the existing key.

NoFlags 0

不能访问密钥容器。No access to a key container.

Open 2

打开一个密钥容器并使用公钥。Open a key container and use the public key.

Open 不授予使用私钥对文件进行签名或解密的权限,但允许用户验证文件签名和加密文件。 Open does not give permission to sign or decrypt files using the private key, but it does allow a user to verify file signatures and to encrypt files. 只有密钥所有者可以使用私钥对这些文件进行解密。Only the owner of the key is able to decrypt these files using the private key.

Sign 256

使用密钥给文件签名。Sign a file using a key.

对文件进行签名的功能可能是有害的,因为该功能可以让用户使用其他用户的密钥对文件进行签名。The ability to sign a file is potentially harmful because it can allow a user to sign a file using another user's key.

ViewAcl 4096

查看密钥容器的访问控制列表 (ACL)。View the access control list (ACL) for a key container.


下面的示例演示如何使用KeyContainerPermissionFlags枚举。The following example shows the use of the KeyContainerPermissionFlags enumeration.

// Create a KeyContainerPermission with the right to open the key container.
KeyContainerPermission ^ keyContainerPerm = gcnew KeyContainerPermission( KeyContainerPermissionFlags::Open );

// Create a KeyContainerPermission with the right 
// to open the key container.
KeyContainerPermission keyContainerPerm = new
' Create a KeyContainerPermission with the right to open the key container.
Dim keyContainerPerm As New KeyContainerPermission(KeyContainerPermissionFlags.Open)


此枚举由KeyContainerPermissionAccessEntry类的成员使用。This enumeration is used by members of the KeyContainerPermissionAccessEntry class.


其中的许多标志可能具有强大的效果, 只应授予高度可信的代码。Many of these flags can have powerful effects and should be granted only to highly trusted code.

最强大的标志包括Create ImportDelete、、 ExportSignDecrypt和。AllFlagsThe most powerful flags are Create, Delete, Import, Export, Sign, Decrypt, and AllFlags. 有关使用这些标志的特定威胁, 请参阅成员说明。For specific threats that the use of these flags can present, see the member descriptions.