IX509PrivateKey::KeySpec property

The KeySpec property specifies or retrieves a value that identifies whether a private key can be used for signing, or encryption, or both. This property is web enabled for both input and output.

This property is read/write.

Syntax


HRESULT put_KeySpec(
  [in]   X509KeySpec Value
);

HRESULT get_KeySpec(
  [out]  X509KeySpec *pValue
);

Property value

An X509KeySpec enumeration value that specifies the supported key operations. This can be one of the following values. The default value is XCN_AT_SIGNATURE.

ValueMeaning
XCN_AT_NONE

The intended use is not identified. This value should be used if the provider is a Cryptography API: Next Generation (CNG) key storage provider (KSP).

XCN_AT_KEYEXCHANGE

The key can be used for encryption or key exchange.

XCN_AT_SIGNATURE

The key can be used for signing.

 

Error codes

If the function succeeds, the function returns S_OK.

If the function fails, it returns an HRESULT value that indicates the error. Possible values include, but are not limited to, those in the following table. For a list of common error codes, see Common HRESULT Values.

NameMeaning
CERTSRV_E_PROPERTY_EMPTY

The property value could not be found.

HRESULT_FROM_WIN32(ERROR_FILE_READ_ONLY)

The key is open and the property value cannot be set.

Remarks

If you specify a value of XCN_AT_SIGNATURE, the KeySpec property automatically sets the KeyUsage property to XCN_NCRYPT_ALLOW_SIGNING_FLAG. If you specify XCN_AT_KEYEXCHANGE, the KeyUsage property is set to XCN_NCRYPT_ALLOW_DECRYPT_FLAG | XCN_NCRYPT_ALLOW_KEY_AGREEMENT_FLAG. The KeySpec property only applies to [legacy] providers created by using CryptoAPI.

Requirements

Minimum supported client

Windows Vista [desktop apps only]

Minimum supported server

Windows Server 2008 [desktop apps only]

Header

CertEnroll.h

DLL

CertEnroll.dll

See also

IX509PrivateKey

 

 

Community Additions

ADD
Show:
© 2014 Microsoft