Advanced Private Key Options

I would like to purchase a Code Signing Certificate, but can’t find any information about the Advanced Private Key Options, and therefore, am not sure what to choose.

Advanced Private Key Options:

  • CSP - I assume the default is the recommended choice
  • Key Filename

[li]In the CSP?

  • In the file:


  • Key Size


  • 2048
  • 4096


  • Exportable?
  • User protected?


  1. Why would I want the Key Filename in the CSP rather than in a file, or vice versa?

  2. Are there any benefits to choosing 2048 over 4096?

  3. Should I make my Code Signing Certificate exportable? What does this mean? How does this affect the code signing process? What if I don’t make it exportable?

  4. What happens if I don’t make the Code Signing Certificate “user protected”? What if I do? Which option is recommended and why? (I assume not making it user protected is recommended since it is not checked by default.)

  5. A description of each option and how each affects the code signing process, if at all, would be great.

Thank you.


  1. If you select “In the CSP” option then the private key and certificate will be stored into your browser and you need to export it to PFX file format and extract the pvk and spc files from the PFX file maually.

If you select “In the file” option then the private key and certificate will be separately stored under C: drive as a files by default.

  1. The higer key size the higer security, but we don’t recommend this as this will cause a compatibility issue. So choose either 1024 or 2048.

  2. Yes, If you select “In the CSP” option the private key and certificate will be stored into your browser. So if you want to use your certificate then you need to Export it along with the private key(PFX file format). If “Exportable” option is not selected then you can export only your certificate and not the private key. Without the private key the certificate becomes unusable.

  3. Nothing will happen.User Protected option provides additional protection on the use of the private key associated with the Certificate.Additional protection will ask you to OK the use of the Certificate every time the private key is used. This is not recommended as you need to confirm the use of your certificate everytime your private key is accessed.

  4. I hope the above 4 answers explain all code signing options.