KeyContainerPermissionFlags Enum
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Caution
Code Access Security is not supported or honored by the runtime.
Specifies the type of key container access allowed.
This enumeration supports a bitwise combination of its member values.
public enum class KeyContainerPermissionFlags
[System.Obsolete("Code Access Security is not supported or honored by the runtime.", DiagnosticId="SYSLIB0003", UrlFormat="https://aka.ms/dotnet-warnings/{0}")]
public enum KeyContainerPermissionFlags
[System.Flags]
[System.Runtime.InteropServices.ComVisible(true)]
[System.Serializable]
public enum KeyContainerPermissionFlags
public enum KeyContainerPermissionFlags
[<System.Obsolete("Code Access Security is not supported or honored by the runtime.", DiagnosticId="SYSLIB0003", UrlFormat="https://aka.ms/dotnet-warnings/{0}")>]
type KeyContainerPermissionFlags =
[<System.Flags>]
[<System.Runtime.InteropServices.ComVisible(true)>]
[<System.Serializable>]
type KeyContainerPermissionFlags =
type KeyContainerPermissionFlags =
Public Enum KeyContainerPermissionFlags
- Inheritance
- Attributes
Fields
Name | Value | Description |
---|---|---|
NoFlags | 0 | No access to a key container. |
Create | 1 | Create a key container. Creating a key container also creates a file on disk. It is very important that any key container that is created is removed when it is no longer in use. |
Open | 2 | Open a key container and use the public key.
|
Delete | 4 | Delete a key container. Deleting a key container can constitute a denial of service attack because it prevents the use of files encrypted or signed with the key. Therefore, deletion is a privileged operation. |
Import | 16 | Import a key into a key container. The ability to import a key can be as harmful as the ability to delete a container because importing a key into a named key container replaces the existing key. |
Export | 32 | Export a key from a key container. The ability to export a key is potentially harmful because it removes the exclusivity of the key. |
Sign | 256 | Sign a file using a key. The ability to sign a file is potentially harmful because it can allow a user to sign a file using another user's key. |
Decrypt | 512 | Decrypt a key container. Decryption is a privileged operation because it uses the private key. |
ViewAcl | 4096 | View the access control list (ACL) for a key container. |
ChangeAcl | 8192 | Change the access control list (ACL) for a key container. |
AllFlags | 13111 | Create, decrypt, delete, and open a key container; export and import a key; sign files using a key; and view and change the access control list for a key container. |
Examples
The following example shows the use of the KeyContainerPermissionFlags
enumeration.
// Create a KeyContainerPermission with the right to open the key container.
KeyContainerPermission ^ keyContainerPerm = gcnew KeyContainerPermission( KeyContainerPermissionFlags::Open );
// Create a KeyContainerPermission with the right
// to open the key container.
KeyContainerPermission keyContainerPerm = new
KeyContainerPermission(KeyContainerPermissionFlags.Open);
' Create a KeyContainerPermission with the right to open the key container.
Dim keyContainerPerm As New KeyContainerPermission(KeyContainerPermissionFlags.Open)
Remarks
Caution
Code Access Security (CAS) has been deprecated across all versions of .NET Framework and .NET. Recent versions of .NET do not honor CAS annotations and produce errors if CAS-related APIs are used. Developers should seek alternative means of accomplishing security tasks.
This enumeration is used by members of the KeyContainerPermissionAccessEntry class.
Caution
Many of these flags can have powerful effects and should be granted only to highly trusted code.
The most powerful flags are Create
, Delete
, Import
, Export
, Sign
, Decrypt
, and AllFlags
. For specific threats that the use of these flags can present, see the member descriptions.
Applies to
.NET