ICEnroll4::GenKeyFlags property

[This property is no longer available for use as of Windows Server 2008 and Windows Vista.]

The GenKeyFlags property sets or retrieves the values passed to the CryptGenKey function when the certificate request is generated.

By default, the GenKeyFlags property is set to zero. However, when a .pvk file is specified, the value of GenKeyFlags defaults to CRYPT_EXPORTABLE. For more information, see Remarks.

This property was first defined in the ICEnroll interface.

This property is read/write.

Syntax


HRESULT put_GenKeyFlags(
  [in]   LONG Flags
);

HRESULT get_GenKeyFlags(
  [out]  LONG *pFlags
);

Property value

A Long that represents a flag that determines whether a private key is exportable.

Error codes

If the property access methods put_GenKeyFlags and get_GenKeyFlags succeed, they return S_OK.

Any other HRESULT value indicates that the call failed.

Remarks

By default, private keys are not exportable unless a .pvk file is requested. To make the private key exportable without specifying a .pvk file, set GenKeyFlags to CRYPT_EXPORTABLE.

To specify a .pvk file name, use the PVKFileName property.

The GenKeyFlags property value is passed to the CryptGenKey CryptoAPI function by using its dwFlags parameter.

If the cryptographic service provider (CSP) does not support exportable private keys, an error occurs.

The GenKeyFlags property affects the behavior of the following methods:

Note  The default value for the GenKeyFlags property is zero. If you need to change this value, you must do so before calling these methods. After calling any of these methods, you cannot change the GenKeyFlags property value.

Examples


LONG     lGenKey;
HRESULT  hr;

// pEnroll is a previously instantiated ICEnroll interface pointer.

// Get the GenKeyFlags value.
hr = pEnroll->get_GenKeyFlags( &lGenKey );
if (FAILED( hr ))
    printf("Failed get_GenKeyFlags - %x\n", hr );
else
    printf( "GenKeyFlags: %d\n", lGenKey );

// Set the GenKeyFlags value.
hr = pEnroll->put_GenKeyFlags( CRYPT_EXPORTABLE );
if (FAILED( hr ))
    printf("Failed put_GenKeyFlags - %x\n", hr );
else
    printf( "GenKeyFlags set to %d\n", CRYPT_EXPORTABLE );

Requirements

Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]

End of client support

Windows XP

End of server support

Windows Server 2003

Header

Xenroll.h

Library

Uuid.lib

DLL

Xenroll.dll

IID

IID_ICEnroll4 is defined as c1f1188a-2eb5-4a80-841b-7e729a356d90

See also

ICEnroll4
ICEnroll3
ICEnroll2
CEnroll
CryptGenKey

 

 

Community Additions

ADD
Show:
© 2014 Microsoft