Certificate Extended Properties

The data in a certificate including any extensions, is read-only and cannot be changed. However, on Microsoft platforms, CryptoAPI certificates also have dynamic extended properties that can be added and changed.

Note   Extended properties are associated with a certificate and are not part of a certificate as issued by a certificate authority (CA). Extended properties are not available on a certificate when it is used on a non-Microsoft platform.

These properties include data that:

  • Pertains to the private key to be used with the certificate.
  • Indicates the type of hashes to be performed on the certificate.
  • Provides user-defined information associated with the certificate.

On Microsoft platforms, values for these properties are attached to and move with the certificate. Currently predefined properties identified with property IDs include:

  • CERT_KEY_PROV_HANDLE_PROP_ID,
    CERT_KEY_PROV_INFO_PROP_ID, and
    CERT_KEY_CONTEXT_PROP_ID

    These properties tie a certificate to a particular CSP and, within that CSP, to a particular private key.

  • CERT_SHA1_HASH_PROP_ID and
    CERT_MD5_HASH_PROP_ID

These properties indicate the hashing algorithm to be used when a hashing operation is performed.

See Also

Cryptography | Certificates | Enrolling for a Certificate

 Last updated on Thursday, April 08, 2004

© 1992-2003 Microsoft Corporation. All rights reserved.