🟣KeyProtection

Specifies a value that indicates how a private key is protected before use.

These values are only used for Microsoft's certreq command.

Value ID Description

Value	ID	Description
`XCN_NCRYPT_UI_NO_PROTECTION_FLAG`	0	The protection level is not specified.
`XCN_NCRYPT_UI_PROTECT_KEY_FLAG`	1	A user interface is displayed to indicate that a process is attempting to use the key. The exact behavior is specified by the KSP or CSP being used. Some Microsoft legacy CSPs allow the client to decide whether a password is required to use the key or whether the user must only acknowledge a prompt.
`XCN_NCRYPT_UI_FORCE_HIGH_PROTECTION_FLAG`	2	Specifies strong key protection. The user is typically prompted to enter a password when the key is created and whenever the key is used. The exact behavior is specified by the KSP being used. This value is not supported by the Certificate Enrollment API for legacy CSPs.
`XCN_NCRYPT_UI_FINGERPRINT_PROTECTION_FLAG`	4	Uses fingerprint protection (not compatible with Yubikey).
`XCN_NCRYPT_UI_APPCONTAINER_ACCESS_MEDIUM_FLAG`	8	Unknown

XCN_NCRYPT_UI_NO_PROTECTION_FLAG

The protection level is not specified.

XCN_NCRYPT_UI_PROTECT_KEY_FLAG

A user interface is displayed to indicate that a process is attempting to use the key. The exact behavior is specified by the KSP or CSP being used. Some Microsoft legacy CSPs allow the client to decide whether a password is required to use the key or whether the user must only acknowledge a prompt.

XCN_NCRYPT_UI_FORCE_HIGH_PROTECTION_FLAG

Specifies strong key protection. The user is typically prompted to enter a password when the key is created and whenever the key is used. The exact behavior is specified by the KSP being used. This value is not supported by the Certificate Enrollment API for legacy CSPs.

XCN_NCRYPT_UI_FINGERPRINT_PROTECTION_FLAG

Uses fingerprint protection (not compatible with Yubikey).

XCN_NCRYPT_UI_APPCONTAINER_ACCESS_MEDIUM_FLAG

Unknown

PreviousextendedKeyUsage NextKeySpec

Last updated 1 year ago