Private Key Caching Constants
The following constants are used to represent registry entries that control private key caching by Microsoft software-based CSPs.
| Constant/value | Description |
|---|---|
|
The path, under the HKEY_LOCAL_MACHINE root, of the private key caching registry entries. |
The following constants are used to identify registry values that control private key caching globally for a specific process by Microsoft software-based CSPs.
| Constant/value | Description |
|---|---|
|
A REG_DWORD value under the szKEY_CRYPTOAPI_PRIVATE_KEY_OPTIONS registry key that specifies the maximum number of private keys that can be cached at one time for a single process. This check is performed whenever a stored private key is read. If the maximum number is exceeded, the least recently used key is removed from the cache. If this value is zero, no keys are cached. If this value is not present, the cPRIV_KEY_CACHE_MAX_ITEMS_DEFAULT value is used as the default. If a private key that is deleted from the cache is currently referenced in an open context, then the key is read from storage the next time an attempt is made to use the key. Windows Server 2003 and Windows XP with SP1 and earlier: This registry value is not supported. |
|
The default value of the szPRIV_KEY_CACHE_MAX_ITEMS registry entry if no value is specified. |
|
A REG_DWORD value under the szKEY_CRYPTOAPI_PRIVATE_KEY_OPTIONS registry key that specifies the maximum age, in seconds, of any cached private key. This check is performed whenever a stored private key is used or read. If this amount of time has elapsed since the last clearing occurred, all cached keys that have not been referenced since the last clearing will be removed from the cache. If this value is not present, the cPRIV_KEY_CACHE_PURGE_INTERVAL_SECONDS_DEFAULT value is used as the default. If a private key that is cleared from the cache is currently referenced in an open context, then the key will be read from storage the next time an attempt is made to use the key. Windows Server 2003 and Windows XP with SP1 and earlier: This registry value is not supported. |
|
The default value of the szPRIV_KEY_CACHE_PURGE_INTERVAL_SECONDS registry entry if no value is specified. This value is equivalent to one day. |
The following constants are used to identify registry values that control private key caching for a single Microsoft software-based cryptographic service provider (CSP) instance.
| Constant/value | Description |
|---|---|
|
A REG_DWORD value under the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Protect registry key that specifies whether password caching is enabled for password-protected keys in the Microsoft software-based CSPs. If this value is 0, then password caching is disabeld and the user is prompted for the password every time a password-protected key is used. Any other value, or the absence of this value, indicates that the password will be cached. In this scenario, the user is only prompted once per process for each such key. |
|
A REG_DWORD value under the szKEY_CRYPTOAPI_PRIVATE_KEY_OPTIONS registry key that specifies whether private key caching is enabled. If this value is 1, then private key caching is enabled. Any other value, or the absence of this value, indicates that private key caching is disabled. Windows Vista with SP1, Windows Vista and Windows XP: This registry value is not supported. |
|
A REG_DWORD value under the szKEY_CRYPTOAPI_PRIVATE_KEY_OPTIONS registry key that specifies the maximum age, in seconds, of any cached private key. Windows XP: This registry value is not supported. |
Remarks
The differences between the szKEY_CACHE_SECONDS and the szPRIV_KEY_CACHE_PURGE_INTERVAL_SECONDS values are as follows:
szKEY_CACHE_SECONDS
- This value only applies to a specific CSP. After the CSP is released, the CSP's cache is released as well.
- This value is only applied when an attempt is made to use a specific private key with a specific context handle.
szPRIV_KEY_CACHE_PURGE_INTERVAL_SECONDS
- This value applies to all CSPs in a process. Even if the CSP is released, this cache is not released.
- This value applies whenever any stored private key is used or read from storage in a single process.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client |
Windows XP [desktop apps only] |
| Minimum supported server |
Windows Server 2003 [desktop apps only] |
| Header |
|
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for