CERT_STORE_PROV_FILE

Initializes the store with certificates read from a specified open file. This provider expects the file to contain only a serialized store and not either PKCS #7 signed messages or a single encoded certificate.

The handle of a file opened using the CreateFilefunction.

The file pointer must be positioned at the beginning of the serialized store information. After the data in the serialized store has been loaded into the certificate store, the file pointer is positioned at the beginning of any data that can follow the serialized store data in the file. If CERT_FILE_STORE_COMMIT_ENABLE is set in the dwFlagsparameter, the file handle is duplicated and the store is always committed as a serialized store. The file is not closed when the store is closed.

Note that in Windows Mobile the file handle is not duplicated, so the caller should not close the file handle until the corresponding the CertCloseStorefunction has been called.

CERT_STORE_PROV_MEMORY

Creates a certificate store in cached memory. No certificates are initially loaded into the store. Typically used to create a temporary store.

Not used.

Additional certificates or changes in properties of certificates in a memory store are not automatically saved. They can be saved to a file or to a memory BLOB (Cryptography)using the CertSaveStorefunction.

CERT_STORE_PROV_PHYSICAL

Initializes the store with certificates from a specified physical store that is a member of a logical system store.

Both the system store name and physical names.

Two names are separated with an intervening backslash (\): for example Root\.LocalMachine. Here, Root is the name of the system store and .LocalMachine is the name of the physical store. The system and physical store names are Unicode strings and cannot contain any backslashes. The high word of the dwFlagsparameter indicates the system store location, usually CERT_SYSTEM_STORE_CURRENT_USER. For more information, see the dwFlagsparameter. Some physical store locations can be opened remotely.

CERT_STORE_PROV_PKCS7

Initializes the store with certificates from an encoded PKCS #7 signed message.

Pointer to the BLOB (Cryptography)of an encoded message

The dwMsgAndCertEncodingTypeparameter must specify the encoding types to be used with both messages and certificates.

CERT_STORE_PROV_REG

Initializes the store with certificates from a registry subkey.

The handle of an open registry key, named with the prefix HKEY.

This provider opens or creates the registry subkeys Certificatesunder the key passed in the pvParaparameter. The input key is not closed by the provider. Before returning, the provider opens its own copy of the key passed in the pvParaparameter. If CERT_STORE_READONLY_FLAG is set in the low word of the dwFlagsparameter, registry subkeys are opened using RegOpenKeywith KEY_READ_ACCESS. Otherwise, registry subkeys are created using RegCreateKeywith KEY_ALL_ACCESS. Any changes to the contents of the opened store are immediately persisted to the registry. However, if CERT_STORE_READONLY_FLAG is set in the low word of the dwFlagsparameter, any attempt to add to the contents of the store or to change a context's property results in an error with the GetLastErrorfunction returning the E_ACCESSDENIED code.

CERT_STORE_PROV_SERIALIZED

Initializes the store with certificates from a memory location containing a serialized store.

Pointer to a CRYPT_DATA_BLOBserialized memory BLOB.

Not applicable.

CERT_STORE_PROV_SYSTEM

Initializes the store with certificates from the specified system store.

A system store name passed as a Unicode or ASCII string, such as MY or Root.

The system store is a logical, collection store consisting of one or more physical stores. After the system store is opened, all of the physical stores that are associated with it are also opened by calls to the CertOpenStorefunction. The high word of the dwFlagsparameter indicates the system store location, usually set to CERT_SYSTEM_STORE_CURRENT_USER.

CERT_STORE_PROV_SYSTEM_REGISTRY

Initializes the store with certificates from a physical registry store. The physical store is not opened as a collection store. Enumerations and searches go through only the certificates in that one physical store. The implementation of this provider is the same as the CERT_STORE_PROV_SYSTEM provider implemented in Windows NT 4.0.

A system store name, passed as a Unicode or ASCII string, such as MY or Root.

The high word of the dwFlagsparameter indicates the system store location, usually set to CERT_SYSTEM_STORE_CURRENT_USER.

CERT_STORE_CREATE_NEW_FLAG

A new store is created if one did not exist. The function fails if the store already exists.

If neither CERT_STORE_OPEN_EXISTING_FLAG nor CERT_STORE_CREATE_NEW_FLAG is set, a store is opened if it exists or is created and opened if it did not already exist.

CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG

The closing of a store's provider cannot be done when the CertCloseStorefunction is called but will be deferred if certificates obtained from the store are still in use. The store is actually closed when the last certificate obtained from the store is freed. Any changes made to properties of these certificates, even after the call to the CertCloseStorefunction, are persisted.

If this flag is not set and certificates obtained from the store are still in use, the properties of those certificates can be changed, but those changes are not persisted. Setting this flag causes those changes to be persisted.

Note that setting this flag causes extra overhead in doing context duplications and free operations.

If the CertCloseStorefunction is called with CERT_CLOSE_STORE_FORCE_FLAG, CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG is ignored.

When this flag is set and a non-NULL HCRYPTPROVis passed, that provider will continue to be used even after the call to the CertCloseStorefunction.

CERT_STORE_DELETE_FLAG

The store is deleted instead of being opened. The CertOpenStorefunction returns NULL for both success and failure of the deletion. To determine the success of the deletion, call the GetLastErrorfunction, which returns zero if the store was deleted and a nonzero value if it was not deleted.

CERT_STORE_ENUM_ARCHIVED_FLAG

Overrides the default procedure of skipping in enumerations all certificates with the CERT_ARCHIVED_PROP_ID property set. If this flag is set, an enumeration of the certificates in the store lists all of the certificates in the store, including those that have the CERT_ARCHIVED_PROP_ID property.

CERT_STORE_MANIFOLD_FLAG

Certificates are checked for their manifold extension. When certificates are found with the same manifold extension, the older certificates are archived by setting their CERT_ARCHIVED_PROP_ID properties.

CERT_STORE_NO_CRYPT_RELEASE_FLAG

This flag is not used when the NULL is passed in the hCryptProvparameter and the default CSP is used. The flag is valid when a non-NULL CSP handle is passed as the hCryptProvparameter. Setting the flag prevents the automatic free of a nondefault CSP when the certificate store is closed.

CERT_STORE_OPEN_EXISTING_FLAG

Only an existing store can be opened. If the store does not exist, the function fails.

CERT_STORE_READONLY_FLAG

Any attempt to change the contents of the store results in an error. When this flag is set and a registry-based store provider is being used, the registry subkeys are opened by using RegOpenKeywith KEY_READ_ACCESS. Otherwise, the registry subkeys are created by using RegCreateKeywith KEY_ALL_ACCESS.

CERT_STORE_SET_LOCALIZED_NAME_FLAG

If this flag is supported, the provider sets the store's CERT_STORE_LOCALIZED_NAME_PROP_ID property. The localized name can be retrieved by calling the CertGetStorePropertyfunction with the dwPropIDparameter set to CERT_STORE_LOCALIZED_NAME_PROP_ID. This flag is supported for providers of types CERT_STORE_PROV_FILENAME, CERT_STORE_PROV_SYSTEM, CERT_STORE_PROV_SYSTEM_REGISTRY, and CERT_STORE_PROV_PHYSICAL_W.

CERT_STORE_UPDATE_KEYID_FLAG

Within CurrentUser and LocalMachine, lists of key identifiers exist. These key identifiers have properties much like the properties of certificates. If the CERT_STORE_UPDATE_KEYID_FLAG is set, then for every key identifier in the store's location that has a CERT_KEY_PROV_INFO_PROP_ID property, that property is automatically updated from the key identifier property CERT_KEY_PROV_INFO_PROP_ID or the CERT_KEY_IDENTIFIER_PROP_ID of the certificate related to that key identifier.

CERT_SYSTEM_STORE_RELOCATE_FLAG

Overrides the default location of a system store. When it is set, the pvParaparameter must pass a pointer to a CERT_SYSTEM_STORE_RELOCATE_PARAstructure rather than a string. The structure indicates both the name of the store and its location in the registry.

CERT_SYSTEM_STORE_UNPROTECTED_FLAG

By default, when the CurrentUser Root store is opened, any SystemRegistry roots not on the protected root list are deleted from the cache before the CertOpenStorefunction returns. When this flag is set, this default is overridden and all of the roots in the SystemRegistry are returned and no check of the protected root list is made.