Historical Content Alert

This is a historical content for Windows NT 4.0 product and is presented for informative purposes only. All content in this directory is copyrighted and owned by Microsoft.


Historically, Authenticode has exported the private key to a .PVK file on a floppy and removed the keys from the registry. By default, private keys are not generated such that they can be exported, and many cryptographic service providers do not support the exporting of keys. However, if the cryptographic service provider (CSP) can support exporting of private keys, and it is desired to do so, setting the PVKFileName property will attempt to generate the private keys as exportable and write the private key (as well as the public key) to the file specified by the PVKFileName property. As a by product, the private key is removed from the CSP. The filename specified by the property can be any accessible file. By default, no .PVK file is generated and the keys are not generated as exportable.

If the .PVK file already exists, the user is notified, and prompted for permission to overwrite.

Note The GenKeyFlags property also has a flag which controls whether the private key can be exported. Care must be taken when using both the GenKeyFlags property and the PVKFileName property together. If the PVKFileName property is set first, and then the GenKeyFlags property is set with the CRYPT_EXPORTABLE flag set to false, it will wipe out the setting of the CRYPT_EXPORTABLE flag to true from the setting of the PVKFileName property. Therefore, it is recommended that the user set the GenKeyFlags property before the PVKFileName property when they are used together.

Alternatively, the user could determine the current value of the CRYPT_EXPORTABLE bit in the GenKeyFlags property, and then OR this value into any changes that are made to the GenKeyFlags property to insure that the bit is not wiped out, or the user could specifically set the CRYPT_EXPORTABLE bit when updating the GenKeyFlags property if that condition is known to be desired.

Data Type


[C++] BSTR

Defined Values

Any valid filename supported by the operating system in use.

Affects the behavior of the following methods:


Access Methods

[VB] "="operator

[C++] HRESULT get_PVKFileName (BSTR);


Value Meaning
S_OK The property read/write completed successfully.

Share this article: