PrivateKeyFlags Enumeration

Defines private key configuration settings in certificate templates.

This enumeration has a FlagsAttribute attribute that allows a bitwise combination of its member values.

Definition

Namespace: PKI.CertificateTemplates
Assembly: SysadminsLV.PKI.Win (in SysadminsLV.PKI.Win.dll) Version: 4.0.1.0 (4.0.1.0)
C#
[FlagsAttribute]
public enum PrivateKeyFlags

Members

None0 This flag indicates that attestation data is not required when creating the certificate request. It also instructs the server to not add any attestation OIDs to the issued certificate.
RequireKeyArchival1 This flag instructs the client to create a key archival certificate request.
AllowKeyExport16 This flag instructs the client to allow other applications to copy the private key to a .pfx file at a later time.
RequireStrongProtection32 This flag instructs the client to use additional protection for the private key.
RequireAlternateSignatureAlgorithm64 This flag instructs the client to use an alternate signature format.
ReuseKeysRenewal128 This flag instructs the client to use the same key when renewing the certificate.

Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 - this flag is not supported.

UseLegacyProvider256 This flag instructs the client to process the msPKI-RA-Application-Policies attribute.

Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 - this flag is not supported.

TrustOnUse512 This flag indicates that attestation based on the user's credentials is to be performed.
ValidateCert1,024 This flag indicates that attestation based on the hardware certificate of the Trusted Platform Module (TPM) is to be performed.
ValidateKey2,048 This flag indicates that attestation based on the hardware key of the TPM is to be performed.
AttestationPreferred4,096 This flag informs the client that it SHOULD include attestation data if it is capable of doing so when creating the certificate request. It also instructs the server that attestation might or might not be completed before any certificates can be issued.
AttestationRequired8,192 This flag informs the client that attestation data is required when creating the certificate request. It also instructs the server that attestation must be completed before any certificates can be issued.
AttestationWithoutPolicy16,384 This flag instructs the server to not add any certificate policy OIDs to the issued certificate even though attestation SHOULD be performed.
Server200365,536 This template is supported by Windows Server 2003 CA server or newer.
Server2008131,072 This template is supported by Windows Server 2008 CA server or newer.
Server2008R2196,608 This template is supported by Windows Server 2008 R2 CA server or newer.
Server2012262,144 This template is supported by Windows Server 2012 CA server or newer.
Server2012R2327,680 This template is supported by Windows Server 2012 R2 CA server or newer.
Server2016R2393,216 This template is supported by Windows Server 2016 CA server or newer.

Note: this template is not supported by Enrollment Web Services.

HelloLogonKey2,097,152 This flag indicates that the key is used for Windows Hello logon.
Client200316,777,216 This template is supported by Windows XP/Windows Server 2003 client or newer.
Client200833,554,432 This template is supported by Windows Vista/Windows Server 2008 client or newer.
Client2008R250,331,648 This template is supported by Windows 7/Windows Server 2008 R2 client or newer.
Client201267,108,864 This template is supported by Windows 8/Windows Server 2012 client or newer.
Client2012R283,886,080 This template is supported by Windows 8.1/Windows Server 2012 R2 client or newer.
Client2016R2100,663,296 This template is supported by Windows 10/Windows Server 2016 client or newer.

Note: this template is not supported by Enrollment Web Services.

See Also