Export (0) Print
Expand All
Expand Minimize
This topic has not yet been rated - Rate this topic

KeyContainerPermissionFlags Enumeration

Note: This enumeration is new in the .NET Framework version 2.0.

Specifies the type of key container access allowed.

This enumeration has a FlagsAttribute attribute that allows a bitwise combination of its member values.

Namespace: System.Security.Permissions
Assembly: mscorlib (in mscorlib.dll)

[SerializableAttribute] 
[FlagsAttribute] 
[ComVisibleAttribute(true)] 
public enum KeyContainerPermissionFlags
/** @attribute SerializableAttribute() */ 
/** @attribute FlagsAttribute() */ 
/** @attribute ComVisibleAttribute(true) */ 
public enum KeyContainerPermissionFlags
SerializableAttribute 
FlagsAttribute 
ComVisibleAttribute(true) 
public enum KeyContainerPermissionFlags
 Member nameDescription
AllFlagsCreate, decrypt, delete, and open a key container; export and import a key; sign files using a key; and view and change the access control list for a key container. 
ChangeAclChange the access control list (ACL) for a key container.  
CreateCreate a key container. 

Creating a key container also creates a file on disk. It is very important that any key container that is created is removed when it is no longer in use.

DecryptDecrypt a key container. 

Decryption is a privileged operation because it uses the private key.

DeleteDelete a key container. 

Deleting a key container can constitute a denial of service attack because it prevents the use of files encrypted or signed with the key. Therefore, deletion is a privileged operation.

ExportExport a key from a key container. 

The ability to export a key is potentially harmful because it removes the exclusivity of the key.

ImportImport a key into a key container. 

The ability to import a key can be as harmful as the ability to delete a container because importing a key into a named key container replaces the existing key.

NoFlagsNo access to a key container. 
OpenOpen a key container and use the public key. 

Open does not give permission to sign or decrypt files using the private key, but it does allow a user to verify file signatures and to encrypt files. Only the owner of the key is able to decrypt these files using the private key.

SignSign a file using a key. 

The ability to sign a file is potentially harmful because it can allow a user to sign a file using another user's key.

ViewAclView the access control list (ACL) for a key container. 

This enumeration is used by members of the KeyContainerPermissionAccessEntry class.

Caution noteCaution

Many of these flags can have powerful effects and should be granted only to highly trusted code.

The most powerful of the flags are Create, Delete, Import, Export, Sign, Decrypt, and AllFlags. For specific threats that the use of these flags can present, see the member descriptions.

The following code example shows the use of the KeyContainerPermissionFlags enumeration. This code example is part of a larger example provided for the KeyContainerPermission class.

// Create a KeyContainerPermission with the right 
// to open the key container.
KeyContainerPermission keyContainerPerm = new
     KeyContainerPermission(KeyContainerPermissionFlags.Open);

// Create a KeyContainerPermission with the 
// right to open the key container.
KeyContainerPermission keyContainerPerm = new KeyContainerPermission(KeyContainerPermissionFlags.Open);

Windows 98, Windows 2000 SP4, Windows Millennium Edition, Windows Server 2003, Windows XP Media Center Edition, Windows XP Professional x64 Edition, Windows XP SP2, Windows XP Starter Edition

The .NET Framework does not support all versions of every platform. For a list of the supported versions, see System Requirements.

.NET Framework

Supported in: 2.0
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.