UID

title

description

helpviewer_keywords

old-location

tech.root

ms.assetid

ms.date

ms.keywords

req.header

req.include-header

req.target-type

req.target-min-winverclnt

req.target-min-winversvr

req.kmdf-ver

req.umdf-ver

req.ddi-compliance

req.unicode-ansi

req.idl

req.max-support

req.namespace

req.assembly

req.type-library

req.lib

req.dll

req.irql

targetos

req.typenames

req.redist

ms.custom

f1_keywords

dev_langs

topic_type

api_type

api_location

api_name

NF:xenroll.ICEnroll.put_PVKFileName

ICEnroll::put_PVKFileName (xenroll.h)

The PVKFileName property of ICEnroll4 sets or retrieves the name of the file that will contain exported keys. (Put)

CEnroll object [Security]

PVKFileName property

ICEnroll interface [Security]

PVKFileName property

ICEnroll.PVKFileName

ICEnroll.put_PVKFileName

ICEnroll2 interface [Security]

PVKFileName property

ICEnroll2.PVKFileName

ICEnroll2::get_PVKFileName

ICEnroll2::put_PVKFileName

ICEnroll3 interface [Security]

PVKFileName property

ICEnroll3.PVKFileName

ICEnroll3::get_PVKFileName

ICEnroll3::put_PVKFileName

ICEnroll4 interface [Security]

PVKFileName property

ICEnroll4.PVKFileName

ICEnroll4::PVKFileName

ICEnroll4::get_PVKFileName

ICEnroll4::put_PVKFileName

ICEnroll::get_PVKFileName

ICEnroll::put_PVKFileName

PVKFileName property [Security]

PVKFileName property [Security]

CEnroll object

PVKFileName property [Security]

ICEnroll interface

PVKFileName property [Security]

ICEnroll2 interface

PVKFileName property [Security]

ICEnroll3 interface

PVKFileName property [Security]

ICEnroll4 interface

put_PVKFileName

security.icenroll4_pvkfilename

xenroll/ICEnroll2::PVKFileName

xenroll/ICEnroll2::get_PVKFileName

xenroll/ICEnroll2::put_PVKFileName

xenroll/ICEnroll3::PVKFileName

xenroll/ICEnroll3::get_PVKFileName

xenroll/ICEnroll3::put_PVKFileName

xenroll/ICEnroll4::PVKFileName

xenroll/ICEnroll4::get_PVKFileName

xenroll/ICEnroll4::put_PVKFileName

xenroll/ICEnroll::PVKFileName

xenroll/ICEnroll::get_PVKFileName

xenroll/ICEnroll::put_PVKFileName

security\icenroll4_pvkfilename.htm

security

3f841bb2-6cfd-4712-bb71-5c3d9d462fab

12/05/2018

CEnroll object [Security],PVKFileName property, ICEnroll interface [Security],PVKFileName property, ICEnroll.PVKFileName, ICEnroll.put_PVKFileName, ICEnroll2 interface [Security],PVKFileName property, ICEnroll2.PVKFileName, ICEnroll2::get_PVKFileName, ICEnroll2::put_PVKFileName, ICEnroll3 interface [Security],PVKFileName property, ICEnroll3.PVKFileName, ICEnroll3::get_PVKFileName, ICEnroll3::put_PVKFileName, ICEnroll4 interface [Security],PVKFileName property, ICEnroll4.PVKFileName, ICEnroll4::PVKFileName, ICEnroll4::get_PVKFileName, ICEnroll4::put_PVKFileName, ICEnroll::get_PVKFileName, ICEnroll::put_PVKFileName, PVKFileName property [Security], PVKFileName property [Security],CEnroll object, PVKFileName property [Security],ICEnroll interface, PVKFileName property [Security],ICEnroll2 interface, PVKFileName property [Security],ICEnroll3 interface, PVKFileName property [Security],ICEnroll4 interface, put_PVKFileName, security.icenroll4_pvkfilename, xenroll/ICEnroll2::PVKFileName, xenroll/ICEnroll2::get_PVKFileName, xenroll/ICEnroll2::put_PVKFileName, xenroll/ICEnroll3::PVKFileName, xenroll/ICEnroll3::get_PVKFileName, xenroll/ICEnroll3::put_PVKFileName, xenroll/ICEnroll4::PVKFileName, xenroll/ICEnroll4::get_PVKFileName, xenroll/ICEnroll4::put_PVKFileName, xenroll/ICEnroll::PVKFileName, xenroll/ICEnroll::get_PVKFileName, xenroll/ICEnroll::put_PVKFileName

xenroll.h

Windows

Windows XP [desktop apps only]

Windows Server 2003 [desktop apps only]

Uuid.lib

Xenroll.dll

Windows

19H1

ICEnroll::put_PVKFileName

xenroll/ICEnroll::put_PVKFileName

c++

APIRef

kbSyntax

COM

Xenroll.dll

ICEnroll4.PVKFileName

ICEnroll4.get_PVKFileName

ICEnroll4.put_PVKFileName

ICEnroll3.PVKFileName

ICEnroll3.get_PVKFileName

ICEnroll3.put_PVKFileName

ICEnroll2.PVKFileName

ICEnroll2.get_PVKFileName

ICEnroll2.put_PVKFileName

ICEnroll.PVKFileName

ICEnroll.get_PVKFileName

ICEnroll.put_PVKFileName

CEnroll.PVKFileName

ICEnroll::put_PVKFileName

-description

[This property is no longer available for use as of Windows Server 2008 and Windows Vista.]

The PVKFileName property sets or retrieves the name of the file that will contain exported keys.

This property was first defined in the ICEnroll interface.

This property is read/write.

-parameters

-remarks

The PVKFileName property affects the behavior of the following methods:

Exporting functionality may not be supported by the cryptographic service provider (CSP). Historically, Authenticode has exported the private key to a .pvk file on a disk and removed the keys from the registry. By default, private keys are not generated for exportation, and many cryptographic service providers do not support exporting keys. However, if the CSP supports exporting private keys, specifying a non-NULL value for the PVKFileName property causes the private keys to be generated as exportable and the private and public keys to be written to the file specified by the PVKFileName property. The private key is removed from the CSP. The file name specified by the property can be any accessible file. By default, no .pvk file is generated, and the keys are not generated as exportable.

If the .pvk file already exists, the user is notified and prompted for permission to overwrite it.

The GenKeyFlags property also has a flag that controls whether the private key can be exported. Use care when using the GenKeyFlags property and the PVKFileName property together. If the PVKFileName property is set first, the GenKeyFlags property is automatically set to CRYPT_EXPORTABLE. If the GenKeyFlags property is set (by using the put_GenKeyFlags function) without including the CRYPT_EXPORTABLE flag, then the GenKeyFlags will not be set to CRYPT_EXPORTABLE, and the generated keys will not be exportable. The following procedure demonstrates this:

Call put_PVKFileName to set the file name for the file that will receive the exported keys. The GenKeyFlags property is automatically set to CRYPT_EXPORTABLE.
Call put_GenKeyFlags with a value not set to CRYPT_EXPORTABLE, for example, zero.
GenKeyFlags is no longer set to CRYPT_EXPORTABLE (the value that was automatically set in step one).

Any keys generated by following the previous steps will be not exportable. Therefore, it is recommended that the user set the GenKeyFlags property before the PVKFileName property when they are used together.

Alternatively, the user could determine the current value of the CRYPT_EXPORTABLE bit in the GenKeyFlags property and then perform a bitwise-OR operation between this value and any changes that are made to the GenKeyFlags property to ensure that the bit is not wiped out. The user could also specifically set the CRYPT_EXPORTABLE bit when updating the GenKeyFlags property.

Examples

BSTR     bstrPVKFile = NULL;
BSTR     bstrNewPVKFile = NULL;
HRESULT  hr;

// pEnroll is previously instantiated ICEnroll interface pointer

// get the PVKFileName
hr = pEnroll->get_PVKFileName( &bstrPVKFile );
if (FAILED( hr ))
    printf("Failed get_PVKFileName - %x\n", hr );
else
    printf( "PVKFileName: %ws\n", bstrPVKFile );
// free BSTR when done
if ( NULL != bstrPVKFile )
    SysFreeString( bstrPVKFile );

// set the PVKFileName, for example, "MyKeys.pvk"
bstrNewPVKFile = SysAllocString(TEXT("FILENAMEHERE"));

hr = pEnroll->put_PVKFileName( bstrNewPVKFile );
if (FAILED( hr ))
    printf("Failed put_PVKFileName - %x\n", hr );
else
    printf( "PVKFileName set to %ws\n", bstrNewPVKFile );
// free BSTR when done
if ( NULL != bstrNewPVKFile )
    SysFreeString( bstrNewPVKFile );