Select Method
Allows the selection of certificates from the system store.
procedure Select(Filter: String; PrivateKeyNeeded: Boolean; MaxCount: Integer);
Remarks
This function allows the user to select certificates from the system store by Filter and save them to SelectedCertificates. PrivateKeyNeeded specifies whether the method only should consider certificates having associated private keys. MaxCount limits the number of certificates selected.
The supported filters are listed below. Split the name and value of a specific filter with colon (:). Use | separator to pass more than one filter. During the search, the filters are joined using OR logic.
- subjectkeyid: the subject key identifier, in hexadecimal format.
- cakeyid: the key identifier of the issuing certificate, in hexadecimal format.
- serialnumber: the serial number of the certificate, in hexadecimal format.
- keyusage: certificate key usage flags. Use bitwise OR to specify several key usage flags using the values shown below.
- fingerprint: certificate fingerprint in hexadecimal format. MD5, SHA1, SHA256, and SHA512 fingerprints are supported.
- email: the e-mail parameter of the certificate subject.
- subject: the subject of the certificate, either as an RDN, or as its common name parameter.
- issuer: the issuer of the certificate, either as an RDN or a common name.
- ui (Windows system stores only): whether to use UI dialog to select a certificate. Supported values: true, false, 1, 0. All other filters are ignored if this filter is specified.
- * (asterisk): selects all certificates. This filter should always be used as a single character, not as a name:value pair.
Examples of filters
ui:1 - use Windows certificate selection dialog to let the user select a certificate visually.
* - select all certificates.
email:user@server.com - select all certificates with subject RDNs containing this e-mail address.
fingerprint:0a1b3c4d5e6f708192a3b4c5d6e7f8091a2b3c4d - select all certificates with this SHA1 fingerprint.
subject:/C=US/O=Big Company Inc/CN=Signing Certificate - select all certificates with the specified subject RDN.
keyusage:3|email:user@server.com - select all certificates with key usages of Digital Signature or Non-Repudiation, or those having this e-mail address in their subject.
Key usage flags
| ckuUnknown | 0x00000 | Unknown key usage |
| ckuDigitalSignature | 0x00001 | Digital signature |
| ckuNonRepudiation | 0x00002 | Non-repudiation |
| ckuKeyEncipherment | 0x00004 | Key encipherment |
| ckuDataEncipherment | 0x00008 | Data encipherment |
| ckuKeyAgreement | 0x00010 | Key agreement |
| ckuKeyCertSign | 0x00020 | Certificate signing |
| ckuCRLSign | 0x00040 | Revocation signing |
| ckuEncipherOnly | 0x00080 | Encipher only |
| ckuDecipherOnly | 0x00100 | Decipher only |
| ckuServerAuthentication | 0x00200 | Server authentication |
| ckuClientAuthentication | 0x00400 | Client authentication |
| ckuCodeSigning | 0x00800 | Code signing |
| ckuEmailProtection | 0x01000 | Email protection |
| ckuTimeStamping | 0x02000 | Timestamping |
| ckuOCSPSigning | 0x04000 | OCSP signing |
| ckuSmartCardLogon | 0x08000 | Smartcard logon |
| ckuKeyPurposeClientAuth | 0x10000 | Kerberos - client authentication |
| ckuKeyPurposeKDC | 0x20000 | Kerberos - KDC |