KeyCredentialManager Class
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Contains methods for basic management of key credentials.
public ref class KeyCredentialManager abstract sealed/// [Windows.Foundation.Metadata.ContractVersion(Windows.Foundation.UniversalApiContract, 65536)]
/// [Windows.Foundation.Metadata.MarshalingBehavior(Windows.Foundation.Metadata.MarshalingType.Agile)]
/// [Windows.Foundation.Metadata.Threading(Windows.Foundation.Metadata.ThreadingModel.Both)]
class KeyCredentialManager final[Windows.Foundation.Metadata.ContractVersion(typeof(Windows.Foundation.UniversalApiContract), 65536)]
[Windows.Foundation.Metadata.MarshalingBehavior(Windows.Foundation.Metadata.MarshalingType.Agile)]
[Windows.Foundation.Metadata.Threading(Windows.Foundation.Metadata.ThreadingModel.Both)]
public static class KeyCredentialManagerPublic Class KeyCredentialManager- Inheritance
- Attributes
Windows requirements
| Requirements | Description |
|---|---|
| Device family |
Windows 10 (introduced in 10.0.10240.0 - for Xbox, see UWP features that aren't yet supported on Xbox)
|
| API contract |
Windows.Foundation.UniversalApiContract (introduced in v1.0)
|
Remarks
The KeyCredentialManager class provides methods to manage key credentials, which are RSA 2048-bit keys. These keys are used for secure authentication and cryptographic operations.
Key Information
- Key Type: RSA 2048-bit
- Signature Format: PKCS #1 RSA PSS with SHA256
- Attestation Data: The attestation data is a binary blob that includes metadata about the key, such as its origin and security properties.
Attestation Data Format
The attestation data is encoded in a binary format. It includes:
- Key Metadata: Information about the key's origin and properties.
- Certificate Chain: A chain of certificates that can be used to verify the authenticity of the attestation.
Verifying Attestation Data
To verify the attestation data:
- Parse the binary blob to extract the metadata and certificate chain.
- Use the certificate chain to validate the authenticity of the attestation.
- Ensure the metadata matches the expected properties of the key.
For more details, refer to the KeyCredentialManager sample.
Methods
| Name | Description |
|---|---|
| DeleteAsync(String) |
Deletes a previously provisioned user identity key for the current user and application. |
| IsSupportedAsync() |
Determines if the current device and user is capable of provisioning a key credential. |
| OpenAsync(String, ChallengeResponseKind, AttestationChallengeHandler) | |
| OpenAsync(String) |
Retrieves a key credential for the current user and application. |
| RenewAttestationAsync() |
Renews an attestation for a key credential. |
| RequestCreateAsync(String, KeyCredentialCreationOption, String, String, KeyCredentialCacheConfiguration, WindowId, ChallengeResponseKind, AttestationChallengeHandler) | |
| RequestCreateAsync(String, KeyCredentialCreationOption) |
Creates a new key credential for the current user and application. |
| RequestCreateForWindowAsync(WindowId, String, KeyCredentialCreationOption) | |