Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The X509KeyUsageFlags enumeration type specifies the purpose of a key contained in a certificate. You can use the enumeration to identify restrictions. For example, if a key should be used only for signing, you can select the XCN_CERT_DIGITAL_SIGNATURE_KEY_USAGE or the XCN_CERT_NON_REPUDIATION_KEY_USAGE values. Likewise, if a key should be used only for key management, you can select the XCN_CERT_KEY_ENCIPHERMENT_KEY_USAGE value. This enumeration can be used to initialize an IX509ExtensionKeyUsage object.
Syntax
typedef enum X509KeyUsageFlags {
XCN_CERT_NO_KEY_USAGE = 0,
XCN_CERT_DIGITAL_SIGNATURE_KEY_USAGE = 0x80,
XCN_CERT_NON_REPUDIATION_KEY_USAGE = 0x40,
XCN_CERT_KEY_ENCIPHERMENT_KEY_USAGE = 0x20,
XCN_CERT_DATA_ENCIPHERMENT_KEY_USAGE = 0x10,
XCN_CERT_KEY_AGREEMENT_KEY_USAGE = 0x8,
XCN_CERT_KEY_CERT_SIGN_KEY_USAGE = 0x4,
XCN_CERT_OFFLINE_CRL_SIGN_KEY_USAGE = 0x2,
XCN_CERT_CRL_SIGN_KEY_USAGE = 0x2,
XCN_CERT_ENCIPHER_ONLY_KEY_USAGE = 0x1,
XCN_CERT_DECIPHER_ONLY_KEY_USAGE = 0x8000
} ;
Constants
XCN_CERT_NO_KEY_USAGEValue: 0 The purpose of the key is not defined. |
XCN_CERT_DIGITAL_SIGNATURE_KEY_USAGEValue: 0x80 The key is used with a Digital Signature Algorithm (DSA) to support services other than nonrepudiation, certificate signing, or revocation list signing. |
XCN_CERT_NON_REPUDIATION_KEY_USAGEValue: 0x40 The key is used to verify a digital signature as part of a nonrepudiation service that protects against false denial of action by a signing entity. |
XCN_CERT_KEY_ENCIPHERMENT_KEY_USAGEValue: 0x20 The key is used for key transport. That is, the key is used to manage a key passed from its point of origination to another point of use. |
XCN_CERT_DATA_ENCIPHERMENT_KEY_USAGEValue: 0x10 The key is used to encrypt user data other than cryptographic keys. |
XCN_CERT_KEY_AGREEMENT_KEY_USAGEValue: 0x8 The key is used for key agreement. The key agreement or key exchange protocol enables two or more parties to negotiate a key value without transferring the key and without previously establishing a shared secret. |
XCN_CERT_KEY_CERT_SIGN_KEY_USAGEValue: 0x4 The key is used to verify a certificate signature. This value can only be used for certificates issued by certification authorities. |
XCN_CERT_OFFLINE_CRL_SIGN_KEY_USAGEValue: 0x2 The key is used to verify an offline certificate revocation list (CRL) signature. |
XCN_CERT_CRL_SIGN_KEY_USAGEValue: 0x2 The key is used to verify a CRL signature. |
XCN_CERT_ENCIPHER_ONLY_KEY_USAGEValue: 0x1 The key is used to encrypt data while performing key agreement. When this value is specified, the XCN_CERT_KEY_AGREEMENT_KEY_USAGE value must also be specified. |
XCN_CERT_DECIPHER_ONLY_KEY_USAGEValue: 0x8000 The key is used to decrypt data while performing key agreement. When this value is specified, the XCN_CERT_KEY_AGREEMENT_KEY_USAGE must also be specified. |
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows Vista [desktop apps only] |
| Minimum supported server | Windows Server 2008 [desktop apps only] |
| Header | certenroll.h |