ICEnroll4::LimitExchangeKeyToEncipherment property

[This property is no longer available for use as of Windows Server 2008 and Windows Vista.]

The LimitExchangeKeyToEncipherment property sets or retrieves a Boolean value that determines whether an AT_KEYEXCHANGE request contains digital signature and nonrepudiation key usages.

This property was first introduced in the ICEnroll3 interface.

This property is read/write.

Syntax


HRESULT put_LimitExchangeKeyToEncipherment(
  [in]  BOOL bValue
);

HRESULT get_LimitExchangeKeyToEncipherment(
  [out] BOOL *pbValue
);

Property value

If true, the AT_KEYEXCHANGE request contains digital signature and nonrepudiation key usages.

Error codes

If the property access methods put_LimitExchangeKeyToEncipherment and get_LimitExchangeKeyToEncipherment succeed, they return S_OK.

Any other HRESULT value indicates that the call failed.

Remarks

This property is a Boolean value and affects only AT_KEYEXCHANGE requests. It has no impact on AT_SIGNATURE requests.

If the value for this property is false, an AT_KEYEXCHANGE request will contain the following key usages:

  • CERT_DATA_ENCIPHERMENT_KEY_USAGE
  • CERT_KEY_ENCIPHERMENT_KEY_USAGE
  • CERT_DIGITAL_SIGNATURE_KEY_USAGE
  • CERT_NON_REPUDIATION_KEY_USAGE

If the value for this property is true, an AT_KEYEXCHANGE request will contain the following key usages:

  • CERT_DATA_ENCIPHERMENT_KEY_USAGE
  • CERT_KEY_ENCIPHERMENT_KEY_USAGE

Examples


// Get the LimitExchangeKeyToEncipherment value.
BOOL       bLimitKey;
HRESULT    hr;
// pEnroll is previously instantiated ICEnroll interface pointer.
hr = pEnroll->get_LimitExchangeKeyToEncipherment(&bLimitKey);
if (FAILED(hr))
    printf("Failed get_LimitExchangeKeyToEncipherment - %x\n", hr );
else
    printf("LimitExchangeKeyToEncipherment: %s\n",
          ( bLimitKey ? "TRUE" : "FALSE"));

// Set the LimitExchangeKeyToEncipherment value.
hr = pEnroll->put_LimitExchangeKeyToEncipherment( TRUE );
if ( FAILED ( hr ) )
    printf("Failed put_LimitExchangeKeyToEncipherment - %x\n", hr );
else
    printf( "LimitExchangeKeyToEncipherment was set to TRUE\n" );

Requirements

Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]

End of client support

Windows XP

End of server support

Windows Server 2003

Header

Xenroll.h

Library

Uuid.lib

DLL

Xenroll.dll

IID

IID_ICEnroll4 is defined as c1f1188a-2eb5-4a80-841b-7e729a356d90

See also

ICEnroll4
CEnroll
ICEnroll3
KeySpec

 

 

Show: