IX509ExtensionKeyUsage::InitializeEncode method (certenroll.h)
The InitializeEncode method initializes the extension by using the X509KeyUsageFlags enumeration. This method is web enabled.
Syntax
HRESULT InitializeEncode(
[in] X509KeyUsageFlags UsageFlags
);
Parameters
[in] UsageFlags
An X509KeyUsageFlags enumeration value. This can be a bitwise-OR combination of any of the following values.
| Value | Meaning |
|---|---|
|
The key is used with a Digital Signature Algorithm (DSA) to support services other than nonrepudiation, certificate signing, or revocation list signing. DSAs are often used for authentication. |
|
The key is used to verify a digital signature as part of a nonrepudiation service that protects against false denial of action by a signing entity. |
|
The key is used for key transport. That is, the key is used to manage a key passed from its origination point to its point of actual use. |
|
The key is used to encrypt user data other than cryptographic keys. |
|
The key is used for key agreement. The key agreement or key exchange protocol enables two or more parties to negotiate a key value without transferring the key and without previously establishing a shared secret. |
|
The key is used to verify a certificate signature. This value can only be used for certificates issued by certification authorities. |
|
The key is used to verify an offline certificate revocation list (CRL) signature. |
|
The key is used to verify a CRL signature. |
|
The key is used to encrypt data while performing key agreement. The XCN_CERT_KEY_AGREEMENT_KEY_USAGE value must also be specified. |
|
The key is used to decrypt data while performing key agreement. The XCN_CERT_KEY_AGREEMENT_KEY_USAGE value must also be specified. |
Return value
If the function succeeds, the function returns S_OK.
If the function fails, it returns an HRESULT value that indicates the error. Possible values include, but are not limited to, those in the following table. For a list of common error codes, see Common HRESULT Values.
| Return code | Description |
|---|---|
|
The object is already initialized. |
Remarks
You must call either InitializeEncode or InitializeDecode before you can use an IX509ExtensionKeyUsage object. The two methods complement each other. The InitializeEncode method enables you to construct a Distinguished Encoding Rules (DER) encoded Abstract Syntax Notation One (ASN.1) extension object from raw data, and the InitializeDecode method enables you to initialize the raw data from an encoded object.
You can retrieve the following properties for this extension:
- The Critical property identifies whether the extension is critical. You can also specify this property.
- The ObjectId property retrieves the extension object identifier (OID).
- The KeyUsage property retrieves the restrictions that identify the intended uses of the public key (the raw extension data).
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows Vista [desktop apps only] |
| Minimum supported server | Windows Server 2008 [desktop apps only] |
| Target Platform | Windows |
| Header | certenroll.h |
| DLL | CertEnroll.dll |
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for