System.Security.Permissions.KeyContainerPermissionFlags

KeyContainerPermissionFlags

public enum KeyContainerPermissionFlags

Specifies the type of key container access allowed.

Create, decrypt, delete, and open a key container; export and import a key; sign files using a key; and view and change the access control list for a key container.

ChangeAcl = 8192

Change the access control list (ACL) for a key container.

Create = 1

Create a key container.

Creating a key container also creates a file on disk. It is very important that any key container that is created is removed when it is no longer in use.

Decrypt = 512

Decrypt a key container.

Decryption is a privileged operation because it uses the private key.

Delete = 4

Delete a key container.

Deleting a key container can constitute a denial of service attack because it prevents the use of files encrypted or signed with the key. Therefore, deletion is a privileged operation.

Export = 32

Export a key from a key container.

The ability to export a key is potentially harmful because it removes the exclusivity of the key.

Import = 16

Import a key into a key container.

The ability to import a key can be as harmful as the ability to delete a container because importing a key into a named key container replaces the existing key.

NoFlags = 0

No access to a key container.

Open = 2

Open a key container and use the public key.

Open does not give permission to sign or decrypt files using the private key, but it does allow a user to verify file signatures and to encrypt files. Only the owner of the key is able to decrypt these files using the private key.

Sign = 256

Sign a file using a key.

The ability to sign a file is potentially harmful because it can allow a user to sign a file using another user's key.

ViewAcl = 4096

View the access control list (ACL) for a key container.