| Platform SDK: Certificate Enrollment Control |
The CEnroll object is implemented in xenroll.dll and provides the entire functionality for the Certificate Enrollment Control.
The CEnroll object exposes the following interfaces.
| Interface | Description |
|---|---|
| ICEnroll | Supplies methods and properties for versions of Certificate Enrollment Control earlier than Microsoft® Windows® 2000 Beta 2. |
| ICEnroll2 | Introduced in Windows 2000 Beta 2, this interface inherits the methods and properties of ICEnroll and extends them with additional methods and properties.
These methods and properties are in turn inherited by ICEnroll3. |
| ICEnroll3 | Introduced in Windows 2000 Beta 3, this interface inherits all the methods and properties of ICEnroll and ICEnroll2 and extends them with additional methods and properties. |
Note For programming without Automation, CEnroll exposes three interfaces:
• ICEnroll
• ICEnroll2
• ICEnroll3
The documentation for the individual methods and properties of CEnroll is arranged under these interfaces.
The CEnroll object has the following methods.
| Method | Description |
|---|---|
| acceptFilePKCS7 | Accepts and processes a PKCS #7 containing a certificate. The PKCS #7 is stored in a file. |
| acceptPKCS7 | Accepts and processes a PKCS #7 containing a certificate. The PKCS #7 is input as a parameter. |
| addCertTypeToRequest | Adds a certificate template to a request (used to support the enterprise certification authority (CA)). |
| addNameValuePairToSignature | Adds a name/value pair to an attribute (the name/value pair is interpreted by the CA). |
| createFilePKCS10 | Creates a PKCS #10 requesting a certificate for the person or entity whose information is supplied in the PKCS #10. This PKCS #10 is saved to a file. |
| createPKCS10 | Creates a PKCS #10 requesting a certificate for the person or entity whose information is supplied in the PKCS #10. This PKCS #10 is a return or output parameter. |
| EnumAlgs | Enumerates IDs of algorithms supported by the cryptographic service provider (CSP). |
| enumContainers | Enumerates all the containers for the provider specified in the ProviderName property. |
| enumProviders | Enumerates all the providers available on the computer for the specified ProviderType property. |
| freeRequestInfo | Cleans up the stores if an error occurs or if a PKCS #7 is not to be accepted for some reason. Currently not implemented. |
| GetAlgName | Retrieves the name corresponding to an algorithm ID. |
| getCertFromPKCS7 | Retrieves from a PKCS #7 the single certificate that was issued in response to a PKCS #10. |
| GetKeyLen | Retrieves minimum and maximum key lengths. |
| GetSupportedKeySpec | Retrieves information regarding the CSP's support for signature or exchange keys. |
| InstallPKCS7 | Accepts and processes a PKCS #7 containing a certificate or chain of certificates. The PKCS #7 is input as a parameter. This differs from acceptPKCS7 because InstallPKCS7 doesn't receive a request certificate. |
| Reset | Places the ICEnroll3 object into its initial state. |
The CEnroll object also provides the following properties. For information on using these properties, see Using the Certificate Enrollment Control Properties.
| Property | Description |
|---|---|
| CAStoreFlags
Access: Read/write |
Passed directly to CertOpenStore, specifying characteristics when opening the certification authority (CA) store. |
| CAStoreName
Access: Read/write |
Specifies where all non-"ROOT" and non-"MY" certificates are kept. |
| CAStoreType
Access: Read/write |
Specifies the type of store to use for the store specified by the CAStoreName property. |
| ContainerName
Access: Read/write |
Specifies the name of the key container to use. |
| DeleteRequestCert
Access: Read/write |
Controls whether a dummy certificate is deleted—a dummy certificate created to persist the keys generated while the PKCS #10 certificate request is being issued. |
| EnableSMIMECapabilities
Access: Read/write |
Controls whether the PKCS10 will contain a signed attribute for S/MIME capabilities. |
| EnableT61DNEncoding
Access: Read/write |
Controls whether the certificate's distinguished name is encoded as a T61 string instead of as a UNICODE string. |
| GenKeyFlags
Access: Read\write |
Passed directly to CryptGenKey, specifying characteristics of the key being created. |
| HashAlgID
Access: Read\write |
Specifies the preferred hash algorithm for signing the PKCS #10. |
| HashAlgorithm
Access: Read\write |
Specifies the preferred hash algorithm for signing the PKCS #10. |
| KeySpec
Access: Read\write |
Specifies the key type to be generated. |
| LimitExchangeKeyToEncipherment
Access: Read\write |
Controls whether the request will contain key usages for digital signature and non-repudiation (applies to AT_KEYEXCHANGE requests only). |
| MyStoreFlags
Access: Read\write |
Passed directly to CertOpenStore, specifying characteristics when opening the MY store. |
| MyStoreName
Access: Read\write |
Specifies where certificates with linked private keys are kept. |
| MyStoreType
Access: Read\write |
Specifies the type of store to use for the store specified by the MyStoreName property. |
| ProviderFlags
Access: Read\write |
Use depends on the provider in use. |
| ProviderName
Access: Read\write |
Specifies the cryptographic service provider (CSP) to use. |
| ProviderType
Access: Read\write |
Use depends on the provider in use. |
| PVKFileName
Access: Read\write |
Specifies that the private keys be generated as exportable and written to the file specified by the PVKFileName property. |
| RequestStoreFlags
Access: Read\write |
Passed directly to CertOpenStore, specifying characteristics when opening the REQUEST store. |
| RequestStoreName
Access: Read\write |
Specifies the certificate store used to store the dummy certificate to which the private keys have been added, until a certification authority processes the request and responds with a PKCS #7. |
| RequestStoreType
Access: Read\write |
Specifies the type of store to use for the store specified by the RequestStoreName property. |
| ReuseHardwareKeyIfUnableToGenNew
Access: Read\write |
For hardware CSPs only (such as smart card), determines if an existing key is reused when it is not possible to create a new key. |
| RootStoreFlags
Access: Read\write |
Passed directly to CertOpenStore, specifying characteristics when opening the ROOT store. |
| RootStoreName
Access: Read\write |
Specifies where all intrinsically trusted, self-signed ROOT certificates are kept. |
| RootStoreName
Access: Read\write |
Specifies the type of store to use for the store specified by the RootStoreName property. |
| SPCFileName
Access: Read\write |
Specifies a file to which to write the PKCS #7 (in BSTR form) returned from the certification authority. |
| UseExistingKeySet
Access: Read\write |
Specifies that an existing key set be used, instead of generating a new one (the default value is FALSE). |
| WriteCertToCSP
Access: Read\write |
Specifies whether a certificate should be written to the cryptographic service provider. |
| WriteCertToUserDS
Access: Read\write |
Specifies whether a certificate is written to the user's Directory Service. |