| Platform SDK: Certificate Enrollment Control |
The GenKeyFlags property value is passed directly to calls made to CryptGenKey. This value is passed as CryptGenKey's dwFlags parameter. For details, see CryptGenKey in the CryptoAPI documentation. By default it has a value of zero except when a .pvk file is specified using PVKFileName, where it defaults to a value of CRYPT_EXPORTABLE.
By default the private key is not exportable except when a .PVK file is requested. However, if the private key is to be exportable without a specified .pvk file, this flag should be set to CRYPT_EXPORTABLE. If the cryptographic service provider (CSP) does not support exportable private keys, an error occurs.
[Visual Basic] objEnroll.GenKeyFlags [ = Flags ] [C++] HRESULT put_GenKeyFlags(DWORD Flags); HRESULT get_GenKeyFlags(DWORD * pFlags);
GenKeyFlags affects the behavior of the following methods:
DWORD dwGenKey;
HRESULT hr;
// pEnroll is previously instantiated ICEnroll interface pointer
// get the GenKeyFlags value
hr = pEnroll->get_GenKeyFlags( &dwGenKey );
if (FAILED( hr ))
printf("Failed get_GenKeyFlags - %x\n", hr );
else
printf( "GenKeyFlags: %d\n", dwGenKey );
// set the GenKeyFlags value
hr = pEnroll->put_GenKeyFlags( CRYPT_EXPORTABLE );
if (FAILED( hr ))
printf("Failed put_GenKeyFlags - %x\n", hr );
else
printf( "GenKeyFlags set to %d\n", CRYPT_EXPORTABLE );
Const CRYPT_EXPORTABLE As Long = 1
' declare Certificate Enrollment Control object
Dim objXen As Object
Dim GKFlags As Long
' instantiate the object
Set objXen = CreateObject("CEnroll.CEnroll.1")
' retrieve and display the GenKeyFlags
GKFlags = objXen.GenKeyFlags
MsgBox GKFlags, vbOKOnly, "GenKeyFlags"
' set the GenKeyFlags
objXen.GenKeyFlags = CRYPT_EXPORTABLE
Windows NT/2000: Requires Windows 2000 (or Windows NT 4.0 with the Windows NT 4.0 Option Pack).
Header: Declared in Xenroll.h.
Library: Use Uuid.lib.