Historically, Authenticode has exported the private key to a .PVK file on a floppy and removed the keys from the registry. By default, private keys are not generated such that they can be exported, and many cryptographic service providers do not support the exporting of keys. However, if the cryptographic service provider (CSP) can support exporting of private keys, and it is desired to do so, setting the PVKFileName property will attempt to generate the private keys as exportable and write the private key (as well as the public key) to the file specified by the PVKFileName property. As a by product, the private key is removed from the CSP. The filename specified by the property can be any accessible file. By default, no .PVK file is generated and the keys are not generated as exportable.
If the .PVK file already exists, the user is notified, and prompted for permission to overwrite.
Note The GenKeyFlags property also has a flag which controls whether the private key can be exported. Care must be taken when using both the GenKeyFlags property and the PVKFileName property together. If the PVKFileName property is set first, and then the GenKeyFlags property is set with the CRYPT_EXPORTABLE flag set to false, it will wipe out the setting of the CRYPT_EXPORTABLE flag to true from the setting of the PVKFileName property. Therefore, it is recommended that the user set the GenKeyFlags property before the PVKFileName property when they are used together.
Alternatively, the user could determine the current value of the CRYPT_EXPORTABLE bit in the GenKeyFlags property, and then OR this value into any changes that are made to the GenKeyFlags property to insure that the bit is not wiped out, or the user could specifically set the CRYPT_EXPORTABLE bit when updating the GenKeyFlags property if that condition is known to be desired.
Any valid filename supported by the operating system in use.
[C++] HRESULT get_PVKFileName (BSTR);
HRESULT put_PVKFileName (BSTR);
|The property read/write completed successfully.