2.2.2.4 CAINFO

  • Article

The CAINFO structure defines a basic informational block that describes a CA.

 typedef struct _CAINFO {
   DWORD cbSize;
   long CAType;
   DWORD cCASignatureCerts;
   DWORD cCAExchangeCerts;
   DWORD cExitAlgorithms;
   long lPropIDMax;
   long lRoleSeparationEnabled;
   DWORD cKRACertUsedCount;
   DWORD cKRACertCount;
   DWORD fAdvancedServer;
 } CAINFO;

cbSize: Unsigned integer value that MUST contain the size of this structure in bytes.

CAType: Integer value that SHOULD contain a constant describing the CA type. The value SHOULD be one of the values in the following table.

Note The value 0x00000002 MUST NOT be used for this parameter.

Value

Meaning

ENUM_ENTERPRISE_ROOTCA

0x00000000

The CA is an enterprise root (self-signed) CA. For more information, see [MSFT-PKI].

ENUM_ENTERPRISE_SUBCA

0x00000001

The CA is an enterprise subordinate CA. For more information, see [MSFT-PKI].

ENUM_STANDALONE_ROOTCA

0x00000003

The CA is a stand-alone root (self-signed) CA. For more information, see [MSFT-PKI].

ENUM_STANDALONE_SUBCA

0x00000004

The CA is a stand-alone subordinate CA. For more information, see [MSFT-PKI].

ENUM_UNKNOWN_CA

0x00000005

The CA type is unknown.

cCASignatureCerts: Unsigned integer value that SHOULD contain the count of CA signing certificates in the CA. A CA signing certificate contains a public key that is in turn associated with the private key used to sign certificates that are issued by the CA. For more information on CA signing certificates, see [MSFT-PKI].

cCAExchangeCerts: Unsigned integer value that SHOULD contain the count of CA exchange certificates in the CA. CA exchange certificates contain public keys that are used to encrypt requests sent to a CA. For more information, see [MSFT-ARCHIVE].

cExitAlgorithms: Unsigned integer value that SHOULD contain the number of exit algorithms that are installed and active for the CA.

lPropIDMax: Integer that SHOULD contain the maximum supported value for the PropID parameter in the ICertRequestD2::GetCAProperty method. For more information on CA properties, see section 3.2.1.4.3.2.

lRoleSeparationEnabled: Integer value that SHOULD indicate whether CA role separation is enabled on the CA. A value of 0 indicates that CA role separation is disabled; a value of 1 indicates that it is enabled.

cKRACertUsedCount: Unsigned integer value that SHOULD contain the number of key recovery agent (KRA) keys used to encrypt each archived private key.

cKRACertCount: Unsigned integer value that SHOULD contain the number of KRA keys available for the CA to encrypt archived private keys.

fAdvancedServer: Unsigned integer value that SHOULD be set to 0 for standard CA and 1 for advanced CA. This value is a Boolean value. The CA SHOULD return 0 or 1.