Certificate Extended Properties
A version of this page is also available for
4/8/2010
The data in a certificate including any extensions, is read-only and cannot be changed. However, on Microsoft run-time images, CryptoAPI certificates also have dynamic extended properties that can be added and changed.
Note
Extended properties are associated with a certificate and are not part of a certificate as issued by a certificate authority (CA). Extended properties are not available on a certificate when it is used on a non-Microsoft run-time image.
These properties include data that:
- Pertains to the private key to be used with the certificate.
- Indicates the type of hashes to be performed on the certificate.
- Provides user-defined information associated with the certificate.
On Microsoft run-time images, values for these properties are attached to and move with the certificate. Currently predefined properties identified with property IDs include:
- CERT_KEY_PROV_HANDLE_PROP_ID,
CERT_KEY_PROV_INFO_PROP_ID, and
CERT_KEY_CONTEXT_PROP_ID
These properties tie a certificate to a particular CSP and, within that CSP, to a particular private key. - CERT_SHA1_HASH_PROP_ID and
CERT_MD5_HASH_PROP_ID
These properties indicate the hashing algorithm to be used when a hashing operation is performed.