ICEnroll::get_GenKeyFlags method (xenroll.h)
[This property is no longer available for use as of Windows Server 2008 and Windows Vista.]
The GenKeyFlags property sets or retrieves the values passed to the CryptGenKey function when the certificate request is generated.
By default, the GenKeyFlags property is set to zero. However, when a .pvk file is specified, the value of GenKeyFlags defaults to CRYPT_EXPORTABLE. For more information, see Remarks.
This property was first defined in the ICEnroll interface.
This property is read/write.
Syntax
HRESULT get_GenKeyFlags(
LONG *pdwFlags
);
Parameters
pdwFlags
Return value
None
Remarks
By default, private keys are not exportable unless a .pvk file is requested. To make the private key exportable without specifying a .pvk file, set GenKeyFlags to CRYPT_EXPORTABLE.
To specify a .pvk file name, use the PVKFileName property.
The GenKeyFlags property value is passed to the CryptGenKey CryptoAPI function by using its dwFlags parameter.
If the cryptographic service provider (CSP) does not support exportable private keys, an error occurs.
The GenKeyFlags property affects the behavior of the following methods:
Examples
LONG lGenKey;
HRESULT hr;
// pEnroll is a previously instantiated ICEnroll interface pointer.
// Get the GenKeyFlags value.
hr = pEnroll->get_GenKeyFlags( &lGenKey );
if (FAILED( hr ))
printf("Failed get_GenKeyFlags - %x\n", hr );
else
printf( "GenKeyFlags: %d\n", lGenKey );
// Set the GenKeyFlags value.
hr = pEnroll->put_GenKeyFlags( CRYPT_EXPORTABLE );
if (FAILED( hr ))
printf("Failed put_GenKeyFlags - %x\n", hr );
else
printf( "GenKeyFlags set to %d\n", CRYPT_EXPORTABLE );
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows XP [desktop apps only] |
| Minimum supported server | Windows Server 2003 [desktop apps only] |
| Target Platform | Windows |
| Header | xenroll.h |
| Library | Uuid.lib |
| DLL | Xenroll.dll |