X509KeySpec enumeration

The X509KeySpec enumeration type specifies the intended use of a key for a legacy cryptographic service provider (CSP). Legacy CSPs can support at most one signature algorithm (XCN_AT_SIGNATURE) and one encryption algorithm (XCN_AT_KEYEXCHANGE). This enumeration is used by the following interfaces:

Syntax


typedef enum X509KeySpec { 
  XCN_AT_NONE         = 0,
  XCN_AT_KEYEXCHANGE  = 1,
  XCN_AT_SIGNATURE    = 2
} X509KeySpec;

Constants

XCN_AT_NONE

The intended use is not identified. This value is set if the provider that supports the key is a Cryptography API: Next Generation (CNG) key storage provider (KSP).

XCN_AT_KEYEXCHANGE

The key can be used to encrypt (including key exchange) or sign depending on the algorithm. For RSA algorithms, if this value is set, the key can be used for both signing and encryption. For other algorithms, signing may not be supported. Further, only encryption for key exchange may be supported.

Note  The KEYEXCHANGE portion of the value name is a carryover from CryptoAPI where it originally referred to the symmetric encryption of a private key used during key exchange. Use of the term ultimately expanded to cover all symmetric encryption.

XCN_AT_SIGNATURE

The key can be used for signing.

Requirements

Minimum supported client

Windows Vista [desktop apps only]

Minimum supported server

Windows Server 2008 [desktop apps only]

Header

CertEnroll.h

See also

CertEnroll Enumerations
CertEnroll Interfaces
IX509PrivateKey

 

 

Community Additions

ADD
Show:
© 2014 Microsoft