Edit

Share via

ICertAdmin2::GetArchivedKey method (certadm.h)

  • Article

The GetArchivedKey method retrieves an archived key recovery BLOB. This method was first defined in the ICertAdmin interface.

Syntax

HRESULT GetArchivedKey(
  [in]  const BSTR strConfig,
  [in]  LONG       RequestId,
  [in]  LONG       Flags,
  [out] BSTR       *pstrArchivedKey
);

Parameters

[in] strConfig

Represents a valid configuration string for the certification authority (CA) in the form ComputerName\CAName, where ComputerName is the Certificate Services server's network name, and CAName is the common name of the CA, as entered during Certificate Services setup. For information about the configuration string name, see ICertConfig.

Important  GetArchivedKey does not clear the internal cache when the configuration string is changed. When you change the configuration string for the CA, you must instantiate a new ICertAdmin object and call this method again with the new configuration string.
 

[in] RequestId

Represents the certificate request ID in the Certificates Services database.

[in] Flags

The following flags can be used to specify the format of the returned BLOB.

Value Meaning
CR_OUT_BASE64
 BASE64 without BEGIN/END
CR_OUT_BASE64HEADER
 BASE64 with BEGIN CERTIFICATE and END CERTIFICATE
CV_OUT_BINARY
 Binary

[out] pstrArchivedKey

A pointer to the string that represents the retrieved archived key BLOB. When you have finished using this string, it is the responsibility of the caller to free it by calling the SysFreeString function.

Return value

C++

The return value is an HRESULT. A value of S_OK indicates the method was successful.

VB

A string that contains the retrieved archived key BLOB.

Remarks

An archived key is encrypted in a PKCS #7 to the key recovery agent certificate or certificates, and is stored in the Certificate Services database in that form. This method retrieves the encrypted PKCS #7 from the Certificate Services database, wraps it in a signed PKCS #7 which contains the user certificate and chain, the key recovery agent certificate or certificates, and the certification authority's signing certificate and chain. An authenticated attribute contains a certificate used to uniquely identify the user certificate.

Requirements

Requirement Value
Minimum supported client None supported
Minimum supported server Windows Server 2003 [desktop apps only]
Target Platform Windows
Header certadm.h (include Certsrv.h)
Library Certidl.lib
DLL Certadm.dll