ICEnroll3::get_LimitExchangeKeyToEncipherment method (xenroll.h)
[This property is no longer available for use as of Windows Server 2008 and Windows Vista.]
The LimitExchangeKeyToEncipherment property sets or retrieves a Boolean value that determines whether an AT_KEYEXCHANGE request contains digital signature and nonrepudiation key usages.
This property was first introduced in the ICEnroll3 interface.
This property is read/write.
Syntax
HRESULT get_LimitExchangeKeyToEncipherment(
BOOL *fLimitExchangeKeyToEncipherment
);
Parameters
fLimitExchangeKeyToEncipherment
Return value
None
Remarks
This property is a Boolean value and affects only AT_KEYEXCHANGE requests. It has no impact on AT_SIGNATURE requests.
If the value for this property is false, an AT_KEYEXCHANGE request will contain the following key usages:
- CERT_DATA_ENCIPHERMENT_KEY_USAGE
- CERT_KEY_ENCIPHERMENT_KEY_USAGE
- CERT_DIGITAL_SIGNATURE_KEY_USAGE
- CERT_NON_REPUDIATION_KEY_USAGE
If the value for this property is true, an AT_KEYEXCHANGE request will contain the following key usages:
- CERT_DATA_ENCIPHERMENT_KEY_USAGE
- CERT_KEY_ENCIPHERMENT_KEY_USAGE
Examples
// Get the LimitExchangeKeyToEncipherment value.
BOOL bLimitKey;
HRESULT hr;
// pEnroll is previously instantiated ICEnroll interface pointer.
hr = pEnroll->get_LimitExchangeKeyToEncipherment(&bLimitKey);
if (FAILED(hr))
printf("Failed get_LimitExchangeKeyToEncipherment - %x\n", hr );
else
printf("LimitExchangeKeyToEncipherment: %s\n",
( bLimitKey ? "TRUE" : "FALSE"));
// Set the LimitExchangeKeyToEncipherment value.
hr = pEnroll->put_LimitExchangeKeyToEncipherment( TRUE );
if ( FAILED ( hr ) )
printf("Failed put_LimitExchangeKeyToEncipherment - %x\n", hr );
else
printf( "LimitExchangeKeyToEncipherment was set to TRUE\n" );
Requirements
Requirement | Value |
---|---|
Minimum supported client | Windows XP [desktop apps only] |
Minimum supported server | Windows Server 2003 [desktop apps only] |
Target Platform | Windows |
Header | xenroll.h |
Library | Uuid.lib |
DLL | Xenroll.dll |