Export (0) Print
Expand All

Constants for CryptEncodeObject and CryptDecodeObject

The CryptEncodeObject, CryptEncodeObjectEx, CryptSignAndEncodeCertificate, CryptDecodeObject, and CryptDecodeObjectEx functions are generalized encoding and decoding functions, capable of encoding and decoding Abstract Syntax Notation One (ASN.1) encoded certificates, certificate revocation lists (CRLs), certificate trust lists (CTLs), and certificate requests.

The following table lists the predefined constants, extensions, and attributes used with encode and decode operations and the data structure to be pointed to by the pvStructInfo parameter.

Note  Some predefined constants and OID strings have the same meaning. When they do, either can be used as the lpszStuctType parameter.

Constant/valueDescription
CMC_ADD_ATTRIBUTES
(LPCSTR) 63

The pvStructInfo parameter is a pointer to a CMC_ADD_ATTRIBUTES_INFO structure.

CMC_ADD_EXTENSIONS
(LPCSTR) 62

The pvStructInfo parameter is a pointer to a CMC_ADD_EXTENSIONS_INFO structure.

X509_ALGORITHM_IDENTIFIER
(LPCSTR) 74

The pvStructInfo parameter is a pointer to a CRYPT_ALGORITHM_IDENTIFIER structure.

X509_ALTERNATE_NAME
(LPCSTR) 12

The pvStructInfo parameter is a pointer to a CERT_ALT_NAME_INFO structure. For details, see Remarks.

X509_ANY_STRING
X509_NAME_VALUE

The pvStructInfo parameter is a pointer to a CERT_NAME_VALUE structure.

szOID_APPLICATION_CERT_POLICIES
"1.3.6.1.4.1.311.21.10"

The pvStructInfo parameter is a pointer to a CERT_POLICY_QUALIFIER_INFO structure.

szOID_APPLICATION_POLICY_CONSTRAINTS
"1.3.6.1.4.1.311.21.12"

The pvStructInfo parameter is a pointer to a CERT_POLICY_CONSTRAINTS_INFO structure.

szOID_APPLICATION_POLICY_MAPPINGS
"1.3.6.1.4.1.311.21.11"

The pvStructInfo parameter is a pointer to a CERT_POLICY_MAPPINGS_INFO structure.

PKCS_ATTRIBUTE
(LPCSTR) 22

The pvStructInfo parameter is a pointer to a CRYPT_ATTRIBUTE structure.

X509_AUTHORITY_INFO_ACCESS
(LPCSTR) 32

The pvStructInfo parameter is a pointer to a CERT_AUTHORITY_INFO_ACCESS structure. For details, see Remarks.

szOID_AUTHORITY_INFO_ACCESS
"1.3.6.1.5.5.7.1.1"

The pvStructInfo parameter is a pointer to a CERT_AUTHORITY_INFO_ACCESS structure. For details, see Remarks.

X509_SUBJECT_INFO_ACCESS
X509_AUTHORITY_INFO_ACCESS

The pvStructInfo parameter is a pointer to a CERT_AUTHORITY_INFO_ACCESS structure.

szOID_SUBJECT_INFO_ACCESS
"1.3.6.1.5.5.7.1.11"

The pvStructInfo parameter is a pointer to a CERT_AUTHORITY_INFO_ACCESS structure.

X509_AUTHORITY_KEY_ID
(LPCSTR) 9

The pvStructInfo parameter is a pointer to a CERT_AUTHORITY_KEY_ID_INFO structure. For details, see Remarks.

X509_AUTHORITY_KEY_ID2
(LPCSTR) 31

The pvStructInfo parameter is a pointer to a CERT_AUTHORITY_KEY_ID2_INFO structure. For details, see Remarks.

szOID_AUTHORITY_KEY_IDENTIFIER
"2.5.29.1"

The pvStructInfo parameter is a pointer to a CERT_AUTHORITY_KEY_ID_INFO structure. For details, see Remarks.

szOID_AUTHORITY_KEY_IDENTIFIER2
"2.5.29.35"

The pvStructInfo parameter is a pointer to a CERT_AUTHORITY_KEY_ID2_INFO structure. For details, see Remarks.

X509_BASIC_CONSTRAINTS
(LPCSTR) 13

The pvStructInfo parameter is a pointer to a CERT_BASIC_CONSTRAINTS_INFO structure. For details, see Remarks.

szOID_BASIC_CONSTRAINTS
"2.5.29.10"

The pvStructInfo parameter is a pointer to a CERT_BASIC_CONSTRAINTS_INFO structure. For details, see Remarks.

X509_BASIC_CONSTRAINTS2
(LPCSTR) 15

The pvStructInfo parameter is a pointer to a CERT_BASIC_CONSTRAINTS2_INFO structure.

szOID_BASIC_CONSTRAINTS2
"2.5.29.19"

The pvStructInfo parameter is a pointer to a CERT_BASIC_CONSTRAINTS2_INFO structure.

X509_BIOMETRIC_EXT
(LPCSTR) 71

The pvStructInfo parameter is a pointer to a CERT_BIOMETRIC_EXT_INFO structure.

Windows Server 2003 and Windows XP:  This value is not supported.

szOID_BIOMETRIC_EXT
"1.3.6.1.5.5.7.1.2"

The pvStructInfo parameter is a pointer to a CERT_BIOMETRIC_EXT_INFO structure.

Windows Server 2003 and Windows XP:  This value is not supported.

X509_BITS
(LPCSTR) 26

The pvStructInfo parameter is a pointer to a CRYPT_BIT_BLOB structure.

X509_CERT
(LPCSTR) 1

The pvStructInfo parameter is a pointer to a CERT_SIGNED_CONTENT_INFO structure. For details, see Remarks.

X509_CERT_CRL_TO_BE_SIGNED
(LPCSTR) 3

The pvStructInfo parameter is a pointer to a CRL_INFO structure.

szOID_CERT_EXTENSIONS
"1.3.6.1.4.1.311.2.1.14"

The pvStructInfo parameter is a pointer to a CERT_EXTENSIONS structure.

X509_CERT_PAIR
(LPCSTR) 53

The pvStructInfo parameter is a pointer to a CERT_PAIR structure.

X509_CERT_POLICIES
(LPCSTR) 16

The pvStructInfo parameter is a pointer to a CERT_POLICIES_INFO structure.

szOID_CERT_POLICIES
"2.5.29.32"

The pvStructInfo parameter is a pointer to a CERT_POLICIES_INFO structure.

X509_CERT_REQUEST_TO_BE_SIGNED
(LPCSTR) 4

The pvStructInfo parameter is a pointer to a CERT_REQUEST_INFO structure.

X509_CERT_TO_BE_SIGNED
(LPCSTR) 2

The pvStructInfo parameter is a pointer to a CERT_INFO structure.

X509_CERTIFICATE_TEMPLATE
(LPCSTR) 64

The pvStructInfo parameter is a pointer to a CERT_TEMPLATE_EXT structure.

szOID_CERTIFICATE_TEMPLATE
"1.3.6.1.4.1.311.21.7"

The pvStructInfo parameter is a pointer to a CERT_TEMPLATE_EXT structure.

X509_CHOICE_OF_TIME
(LPCSTR) 30

The pvStructInfo parameter is a pointer to a FILETIME variable. For details, see Remarks.

PKCS_CONTENT_INFO
(LPCSTR) 33

The pvStructInfo parameter is a pointer to a CRYPT_CONTENT_INFO structure. For details, see Remarks.

PKCS_CONTENT_INFO_SEQUENCE_OF_ANY
(LPCSTR) 23

The pvStructInfo parameter is a pointer to a CRYPT_CONTENT_INFO_SEQUENCE_OF_ANY structure. For details, see Remarks.

X509_CRL_DIST_POINTS
(LPCSTR) 35

The pvStructInfo parameter is a pointer to a CRL_DIST_POINTS_INFO structure. For details, see Remarks.

szOID_CRL_DIST_POINTS
2.5.29.31

The pvStructInfo parameter is a pointer to a CRL_DIST_POINTS_INFO structure. For details, see Remarks.

szOID_CRL_NUMBER
"2.5.29.20"

The pvStructInfo parameter is a pointer to an int variable.

X509_CRL_REASON_CODE
X509_ENUMERATED

The pvStructInfo parameter is a pointer to an integer that contains the enumerated value. For details, see Remarks.

szOID_CRL_REASON_CODE
"2.5.29.21"

The pvStructInfo parameter is a pointer to an integer that contains the enumerated value. For details, see Remarks.

szOID_CRL_VIRTUAL_BASE
"1.3.6.1.4.1.311.21.3"

The pvStructInfo parameter is a pointer to an int variable.

X509_CROSS_CERT_DIST_POINTS
(LPCSTR) 58

The pvStructInfo parameter is a pointer to a CROSS_CERT_DIST_POINTS_INFO structure.

szOID_CROSS_CERT_DIST_POINTS
"1.3.6.1.4.1.311.10.9.1"

The pvStructInfo parameter is a pointer to a CROSS_CERT_DIST_POINTS_INFO structure.

RSA_CSP_PUBLICKEYBLOB
(LPCSTR) 19

The pvStructInfo parameter is a pointer to a Diffie-Hellman Version 3 Public Key BLOBs or DSS Version 3 Public Key BLOBs structure. For details, see Remarks.

PKCS_CTL
(LPCSTR) 37

The pvStructInfo parameter is a pointer to a CTL_INFO structure.

CMC_DATA
(LPCSTR) 59

The pvStructInfo parameter is a pointer to a CMC_DATA_INFO structure.

szOID_DELTA_CRL_INDICATOR
"2.5.29.27"

The pvStructInfo parameter is a pointer to an int variable.

X509_DSS_PARAMETERS
(LPCSTR) 39

The pvStructInfo parameter is a pointer to a CERT_DSS_PARAMETERS structure.

X509_DSS_PUBLICKEY
X509_MULTI_BYTE_UINT

The pvStructInfo parameter is a pointer to a CRYPT_UINT_BLOB structure.

X509_DSS_SIGNATURE
(LPCSTR) 40

The pvStructInfo parameter is a pointer to an array of 40 bytes. For details, see Remarks.

szOID_ECC_PUBLIC_KEY
"1.2.840.10045.2.1"

The pvStructInfo parameter is a pointer to an LPSTR of the object identifier dot representation.

X509_ECC_SIGNATURE
(LPCSTR) 47

The pvStructInfo parameter is a pointer to a CERT_ECC_SIGNATURE structure. For details, see Remarks.

X509_ECC_PRIVATE_KEY
(LPCSTR) 82

The pvStructInfo parameter is a pointer to a CRYPT_ECC_PRIVATE_KEY_INFO structure.

Windows Server 2003, Windows XP, Windows 2000, and Windows Vista:  This value is not supported.

szOID_ECDSA_SPECIFIED
"1.2.840.10045.4.3"

The pvStructInfo parameter is a pointer to a CRYPT_ALGORITHM_IDENTIFIER structure.

X509_ENHANCED_KEY_USAGE
(LPCSTR) 36

The pvStructInfo parameter is a pointer to a CERT_ENHKEY_USAGE or CTL_USAGE structure. (These structures are the same but are known by different names.)

szOID_ENHANCED_KEY_USAGE
"2.5.29.37"

The pvStructInfo parameter is a pointer to a CERT_ENHKEY_USAGE or CTL_USAGE structure. (These structures are the same but are known by different names.)

szOID_ENROLLMENT_NAME_VALUE_PAIR
"1.3.6.1.4.1.311.13.2.1"

The pvStructInfo parameter is a pointer to a CRYPT_ENROLLMENT_NAME_VALUE_PAIR structure.

X509_ENUMERATED
(LPCSTR) 29

The pvStructInfo parameter is a pointer to an integer that contains the enumerated value. For details, see Remarks.

X509_EXTENSIONS
(LPCSTR) 5

The pvStructInfo parameter is a pointer to a CERT_EXTENSIONS structure.

szOID_FRESHEST_CRL
"2.5.29.46"

The pvStructInfo parameter is a pointer to a CRL_DIST_POINTS_INFO structure.

X509_INTEGER
(LPCSTR) 27

The pvStructInfo parameter is a pointer to a signed integer of 32 bits or less.

szOID_ISSUER_ALT_NAME
"2.5.29.8"

The pvStructInfo parameter is a pointer to a CERT_ALT_NAME_INFO structure. For details, see Remarks.

szOID_ISSUER_ALT_NAME2
"2.5.29.18"

The pvStructInfo parameter is a pointer to a CERT_ALT_NAME_INFO structure.

X509_ISSUING_DIST_POINT
(LPCSTR) 54

The pvStructInfo parameter is a pointer to a CRL_ISSUING_DIST_POINT structure.

szOID_ISSUING_DIST_POINT
"2.5.29.28"

The pvStructInfo parameter is a pointer to a CRL_ISSUING_DIST_POINT structure.

X509_KEY_ATTRIBUTES
(LPCSTR) 10

The pvStructInfo parameter is a pointer to a CERT_KEY_ATTRIBUTES_INFO structure.

szOID_KEY_ATTRIBUTES
"2.5.29.2"

The pvStructInfo parameter is a pointer to a CERT_KEY_ATTRIBUTES_INFO structure.

X509_KEY_USAGE
(LPCSTR) 14

The pvStructInfo parameter is a pointer to a CRYPT_BIT_BLOB structure. For details, see Remarks.

szOID_KEY_USAGE
"2.5.29.4"

The pvStructInfo parameter is a pointer to a CRYPT_BIT_BLOB structure. For details, see Remarks.

X509_KEY_USAGE_RESTRICTION
(LPCSTR) 11

The pvStructInfo parameter is a pointer to a CERT_KEY_USAGE_RESTRICTION_INFO structure.

szOID_KEY_USAGE_RESTRICTION
"2.5.29.4"

The pvStructInfo parameter is a pointer to a CERT_KEY_USAGE_RESTRICTION_INFO structure.

X509_KEYGEN_REQUEST_TO_BE_SIGNED
(LPCSTR) 21

The pvStructInfo parameter is a pointer to a CERT_KEYGEN_REQUEST_INFO structure. For details, see Remarks.

X509_LOGOTYPE_EXT
(LPCSTR) 70

The pvStructInfo parameter is a pointer to a CERT_LOGOTYPE_EXT_INFO structure.

szOID_LOGOTYPE_EXT
"1.3.6.1.5.5.7.1.12"

The pvStructInfo parameter is a pointer to a CERT_LOGOTYPE_EXT_INFO structure.

Windows Server 2003 and Windows XP:  This value is not supported.

X509_MULTI_BYTE_INTEGER
(LPCSTR) 28

The pvStructInfo parameter is a pointer to a CRYPT_INTEGER_BLOB structure. The BLOB is in little-endian order.

X509_MULTI_BYTE_UINT
(LPCSTR) 38

The pvStructInfo parameter is a pointer to a CRYPT_UINT_BLOB structure. For details, see Remarks.

X509_NAME
(LPCSTR) 7

The pvStructInfo parameter is a pointer to a CERT_NAME_INFO structure. For details, see Remarks.

X509_NAME_CONSTRAINTS
(LPCSTR) 55

The pvStructInfo parameter is a pointer to a CERT_NAME_CONSTRAINTS_INFO structure.

szOID_NAME_CONSTRAINTS
"2.5.29.30"

The pvStructInfo parameter is a pointer to a CERT_NAME_CONSTRAINTS_INFO structure.

X509_NAME_VALUE
(LPCSTR) 6

The pvStructInfo parameter is a pointer to a CERT_NAME_VALUE structure. For details, see Remarks.

szOID_NEXT_UPDATE_LOCATION

The pvStructInfo parameter is a pointer to a CERT_ALT_NAME_INFO structure. For details, see Remarks.

X509_OBJECT_IDENTIFIER
(LPCSTR) 73

The pvStructInfo parameter is a pointer to an LPSTR of the object identifier dot representation.

Windows Server 2003 and Windows XP:  This value is not supported.

X509_OCTET_STRING
(LPCSTR) 25

The pvStructInfo parameter is a pointer to a CRYPT_DATA_BLOB structure. For details, see Remarks.

szOID_OIWSEC_dsa
"1.3.14.3.2.12"

The pvStructInfo parameter is a pointer to a CERT_DSS_PARAMETERS structure.

X509_POLICY_CONSTRAINTS
(LPCSTR) 57

The pvStructInfo parameter is a pointer to a CERT_POLICY_CONSTRAINTS_INFO structure.

szOID_POLICY_CONSTRAINTS
"2.5.29.36"

The pvStructInfo parameter is a pointer to a CERT_POLICY_CONSTRAINTS_INFO structure.

X509_POLICY_MAPPINGS
(LPCSTR) 56

The pvStructInfo parameter is a pointer to a CERT_POLICY_MAPPINGS_INFO structure.

szOID_POLICY_MAPPINGS
"2.5.29.33"

The pvStructInfo parameter is a pointer to a CERT_POLICY_MAPPINGS_INFO structure.

X509_PUBLIC_KEY_INFO
(LPCSTR) 8

The pvStructInfo parameter is a pointer to a CERT_PUBLIC_KEY_INFO structure.

PKCS_RC2_CBC_PARAMETERS
(LPCSTR) 41

The pvStructInfo parameter is a pointer to a CRYPT_RC2_CBC_PARAMETERS structure.

CMC_RESPONSE
(LPCSTR) 60

The pvStructInfo parameter is a pointer to a CMC_RESPONSE_INFO structure.

CNG_RSA_PUBLIC_KEY_BLOB
(LPCSTR) 72

The pvStructInfo parameter is a pointer to a BCRYPT_RSAKEY_BLOB immediately followed by the exponent and the modulus bytes. For details, see Remarks.

CNG_RSA_PRIVATE_KEY_BLOB
LPCSTR) 83

The pvStructInfo parameter is a pointer to a private BCRYPT_RSAKEY_BLOB structure.

Windows Server 2003, Windows XP, Windows 2000, and Windows Vista:  This value is not supported.

szOID_RSA_signingTime
"1.2.840.113549.1.9.5"

The pvStructInfo parameter is a pointer to a FILETIME variable. For details, see Remarks.

szOID_RSA_SMIMECapabilities
"1.2.840.113549.1.9.15"

The pvStructInfo parameter is a pointer to a CRYPT_SMIME_CAPABILITIES structure. For details, see Remarks.

PKCS_RSA_SSA_PSS_PARAMETERS
(LPCSTR) 75

The pvStructInfo parameter is a pointer to a CRYPT_RSA_SSA_PSS_PARAMETERS structure. For details, see Remarks.

Windows Server 2003 and Windows XP:  This value is not supported.

szOID_RSA_SSA_PSS
"1.2.840.113549.1.1.10"

The pvStructInfo parameter is a pointer to a CRYPT_RSA_SSA_PSS_PARAMETERS structure. For details, see Remarks.

Windows Server 2003 and Windows XP:  This value is not supported.

PKCS_RSAES_OAEP_PARAMETERS
(LPCSTR) 76

The pvStructInfo parameter is a pointer to a CRYPT_RSAES_OAEP_PARAMETERS structure. For details, see Remarks.

Windows Server 2003 and Windows XP:  This value is not supported.

ECC_CMS_SHARED_INFO
(LPCSTR) 77

The pvStructInfo parameter is a pointer to a CRYPT_ECC_CMS_SHARED_INFO structure.

Windows Server 2003 and Windows XP:  This value is not supported.

szOID_RSAES_OAEP
"1.2.840.113549.1.1.7"

The pvStructInfo parameter is a pointer to a CRYPT_RSAES_OAEP_PARAMETERS structure. For details, see Remarks.

Windows Server 2003 and Windows XP:  This value is not supported.

X509_SEQUENCE_OF_ANY
(LPCSTR) 34

The pvStructInfo parameter is a pointer to a CRYPT_SEQUENCE_OF_ANY structure. For details, see Remarks.

PKCS7_SIGNER_INFO
(LPCSTR) 500

The pvStructInfo parameter is a pointer to a CMSG_SIGNER_INFO structure.

CMS_SIGNER_INFO
(LPCSTR) 501

The pvStructInfo parameter is a pointer to a CMSG_CMS_SIGNER_INFO structure.

PKCS_SMIME_CAPABILITIES
(LPCSTR) 42

The pvStructInfo parameter is a pointer to a CRYPT_SMIME_CAPABILITIES structure. For details, see Remarks.

CMC_STATUS
(LPCSTR) 61

The pvStructInfo parameter is a pointer to a CMC_STATUS_INFO structure.

szOID_SUBJECT_ALT_NAME
"2.5.29.7"

The pvStructInfo parameter is a pointer to a CERT_ALT_NAME_INFO structure. For details, see Remarks.

szOID_SUBJECT_ALT_NAME2
"2.5.29.17"

The pvStructInfo parameter is a pointer to a CERT_ALT_NAME_INFO structure.

szOID_SUBJECT_KEY_IDENTIFIER
"2.5.29.14"

The pvStructInfo parameter is a pointer to a CRYPT_DATA_BLOB structure. For details, see Remarks.

PKCS_TIME_REQUEST
(LPCSTR) 18

The pvStructInfo parameter is a pointer to a CRYPT_TIME_STAMP_REQUEST_INFO structure.

X509_UNICODE_ANY_STRING
X509_UNICODE_NAME_VALUE

The pvStructInfo parameter is a pointer to a CERT_NAME_VALUE structure. For details, see Remarks.

X509_UNICODE_NAME
(LPCSTR) 20

The pvStructInfo parameter is a pointer to a CERT_NAME_INFO structure. For details, see Remarks.

X509_UNICODE_NAME_VALUE
(LPCSTR) 24

The pvStructInfo parameter is a pointer to a CERT_NAME_VALUE structure. For details, see Remarks.

PKCS_UTC_TIME
(LPCSTR) 17

The pvStructInfo parameter is a pointer to a FILETIME variable. For details, see Remarks.

OCSP_SIGNED_REQUEST
(LPCSTR) 65

The pvStructInfo parameter is a pointer to a OCSP_SIGNED_REQUEST_INFO variable.

Windows Server 2003 and Windows XP:  This value is not supported.

OCSP_REQUEST
(LPCSTR) 66

The pvStructInfo parameter is a pointer to a OCSP_REQUEST_INFO variable.

Windows Server 2003 and Windows XP:  This value is not supported.

OCSP_RESPONSE
(LPCSTR) 67

The pvStructInfo parameter is a pointer to a OCSP_RESPONSE_INFO variable.

Windows Server 2003 and Windows XP:  This value is not supported.

OCSP_BASIC_SIGNED_RESPONSE
(LPCSTR) 68

The pvStructInfo parameter is a pointer to a OCSP_BASIC_SIGNED_RESPONSE_INFO variable.

Windows Server 2003 and Windows XP:  This value is not supported.

OCSP_BASIC_RESPONSE
(LPCSTR) 69

The pvStructInfo parameter is a pointer to a OCSP_BASIC_RESPONSE_INFO variable.

Windows Server 2003 and Windows XP:  This value is not supported.

PKCS_RSA_PRIVATE_KEY
(LPCSTR) 43

The pvStructInfo parameter is a pointer to an RSA private key BLOB. For more information, see Diffie-Hellman Version 3 Private Key BLOBs and DSS Version 3 Private Key BLOBs.

PKCS_PRIVATE_KEY_INFO
(LPCSTR) 44

The pvStructInfo parameter is a pointer to a CRYPT_PRIVATE_KEY_INFO structure.

PKCS_ENCRYPTED_PRIVATE_KEY_INFO
(LPCSTR) 45

The pvStructInfo parameter is a pointer to a CRYPT_ENCRYPTED_PRIVATE_KEY_INFO structure.

Remarks

The following table provides further details about specific lpszStructType values.

ValueDescription
X509_ALTERNATE_NAME

szOID_ISSUER_ALT_NAME

szOID_SUBJECT_ALT_NAME

Before encoding, the LPWSTR name choices are converted to IA5 strings. If the string contains an IA5 string that is not valid, GetLastError returns CRYPT_E_INVALID_IA5_STRING, and *pcbEncoded is updated with the error location of the character that is not valid.

Error location indices are returned in *pcbEncoded as follows:

Bit 0 is the least significant bit of the DWORD.

The VALUE_INDEX of the error is located in bits 0 through 15. This is the Unicode character index.

The ENTRY_INDEX of the error is located in bits 16 through 23.

Macros GET_CERT_ALT_NAME_VALUE_ERR_INDEX(X) and GET_CERT_ALT_NAME_ENTRY_ERR_INDEX(X) are defined to provide for easy reading of the bitmapped fields for VALUE_INDEX and ENTRY_INDEX from the DWORD that contains them:

The szOID_SUBJECT_ALT_NAME has been superseded by szOID_SUBJECT_ALT_NAME2. New certificate servers are implementing the latter.

X509_AUTHORITY_INFO_ACCESS

szOID_AUTHORITY_INFO_ACCESS

szOID_AUTHORITY_KEY_IDENTIFIER2

X509_AUTHORITY_KEY_ID2

If an encode function returns CRYPT_E_INVALID_IA5_STRING as GetLastError, the error location returned in *pcbEncoded consists of:

ENTRY_INDEX – 8 bits << 16

VALUE_INDEX – 16 bits (Unicode character index)

Error location indices are returned in *pcbEncoded as follows:

Bit 0 is the least significant bit of the DWORD.

The VALUE_INDEX of the error is located in bits 0 through 15. This is the Unicode character index.

The ENTRY_INDEX of the error is located in bits 16 through 23.

Macros GET_CERT_ALT_NAME_VALUE_ERR_INDEX(X) and GET_CERT_ALT_NAME_ENTRY_ERR_INDEX(X) are defined to provide for easy reading of the bitmapped fields for VALUE_INDEX and ENTRY_INDEX from the DWORD that contains them.

X509_AUTHORITY_KEY_ID

szOID_AUTHORITY_KEY_IDENTIFIER

The X509_AUTHORITY_KEY_ID has been superseded by X509_AUTHORITY_KEY_ID2. New certificate servers are implementing the latter.
X509_BASIC_CONSTRAINTS

szOID_BASIC_CONSTRAINTS

The X509_BASIC_CONSTRAINTS has been superseded by X509_BASIC_CONSTRAINTS2. New certificate servers are implementing the latter.
X509_CERTThe CERT_SIGNED_CONTENT_INFO structure contains the encoded content to be signed, its signature, and signature algorithm. The ToBeSigned member is an encoded CERT_INFO, CRL_INFO, CERT_REQUEST_INFO, or CERT_KEYGEN_REQUEST_INFO output from a previous call to CryptEncodeObject for one of the following lpszStructType values:
  • X509_CERT_CRL_TO_BE_SIGNED
  • X509_CERT_REQUEST_TO_BE_SIGNED
  • X509_CERT_TO_BE_SIGNED
  • X509_KEYGEN_REQUEST_TO_BE_SIGNED
szOID_CERT_EXTENSIONS May be used for one of the attribute types in a certificate request.
X509_CHOICE_OF_TIMEFor X509_ASN_ENCODING, if the time is after 1950 and before 2050, it is UTC time encoded with a two-digit year. Otherwise, it is Generalized time encoded with a four-digit year, The date is precise to seconds.
PKCS_CONTENT_INFOFor X509_ASN_ENCODING, encoded as a PKCS #7 ContentInfo structure. The CRYPT_DER_BLOB points to the already encoded ANY content.
PKCS_CONTENT_INFO_SEQUENCE_OF_ANYFor X509_ASN_ENCODING, encoded as a PKCS #7 ContentInfo structure wrapping a sequence of ANY. The value of the contentType member is pszObjId, while the content field is the following structure:

SequenceOfAny ::= SEQUENCE OF ANY

The CRYPT_DER_BLOB points to the already encoded ANY content.

X509_CRL_DIST_POINTS

szOID_CRL_DIST_POINTS

If the encode function fails with GetLastError returning CRYPT_E_INVALID_IA5_STRING, *pcbEncoded is updated with the error location of the character that is not valid:

CRL_ISSUER_BIT – 1 bit << 31 (0 for FullName, 1 for CRLIssuer)

POINT_INDEX – 7 bits << 24

ENTRY_INDEX – 8 bits << 16

VALUE_INDEX – 16 bits (Unicode character index)

Error location indices are returned in *pcbEncoded as follows:

Bit 0 is the least significant bit of the DWORD.

The VALUE_INDEX of the error is located in bits 0 through 15. This is the Unicode character index.

The ENTRY_INDEX of the error is located in bits 16 through 23.

Macros GET_CERT_ALT_NAME_VALUE_ERR_INDEX(X) and GET_CERT_ALT_NAME_ENTRY_ERR_INDEX(X) are defined to provide for easy reading of the bitmapped fields for VALUE_INDEX and ENTRY_INDEX from the DWORD that contains them.

szOID_CRL_NUMBER Used with base certificate revocation lists (CRLs) only. This is a monotonically increasing sequence number for each CRL issued by a certification authority.
X509_CRL_REASON_CODE

szOID_CRL_REASON_CODE

X509_ENUMERATED

The Integer can be set to one of the following enumerated values.

Reason code: CRL_REASON_UNSPECIFIED

Value: 0

Reason code: CRL_REASON_KEY_COMPROMISE

Value: 1

Reason code: CRL_REASON_CA_COMPROMISE

Value: 2

Reason code: CRL_REASON_AFFILIATION_CHANGED

Value: 3

Reason code: CRL_REASON_SUPERSEDED

Value: 4

Reason code: CRL_REASON_CESSATION_OF_OPERATION

Value: 5

Reason code: CRL_REASON_CERTIFICATE_HOLD

Value: 6

Reason code: CRL_REASON_REMOVE_FROM_CRL

Value: 8

szOID_CRL_VIRTUAL_BASE Used with Delta CRLs only. It contains the base CRL Number of the corresponding base CRL.
X509_CROSS_CERT_DIST_POINTS

szOID_CROSS_CERT_DIST_POINTS

For CRYPT_E_INVALID_IA5_STRING, the error location is returned in *pcbEncoded by CryptEncodeObject(X509_CRL_DIST_POINTS)

Error location consists of:

  • POINT_INDEX – 8 bits << 24
  • ENTRY_INDEX – 8 bits << 16
  • VALUE_INDEX – 16 bits (Unicode character index)

For more information about ENTRY_INDEX and VALUE_INDEX error location defined constants, see X509_ALTERNATE_NAME.

RSA_CSP_PUBLICKEYBLOBThe CryptExportKey function outputs the above pvStructInfo value for a dwBlobType of PUBLICKEYBLOB. The CryptImportKey function expects the above pvStructInfo value when importing a public key.

If dwCertEncodingType is X509_ASN_ENCODING, the RSA_CSP_PUBLICKEYBLOB is encoded as a PKCS #1 RSAPublicKey consisting of a SEQUENCE of a modulus INTEGER and a publicExponent INTEGER. The modulus is encoded as being an unsigned integer.

For the decode functions, pvStructInfo points to a public key BLOB immediately followed by a RSAPUBKEY and the modulus bytes. (For information about public key BLOBs, see CRYPT_INTEGER_BLOB.) The CryptExportKey outputs the pvStructInfo value for a dwBlobType of PUBLICKEYBLOB. The CryptImportKey function expects the pvStructInfo value when importing a public key.

If dwCertEncodingType is X509_ASN_ENCODING, the RSA_CSP_PUBLICKEYBLOB is encoded as a PKCS #1 RSAPublicKey consisting of a SEQUENCE of a modulus INTEGER and a publicExponent INTEGER. When decoded, if the modulus was encoded as an unsigned integer with a leading 0 byte, the 0 byte is removed before converting to the CSP modulus bytes. Because PKCS #1 does not have any intended key usage information, the aiKeyAlg field of the PUBLICKEYSTRUC structure is always set to CALG_RSA_KEYX.

szOID_DELTA_CRL_INDICATOR Used with Delta CRLs only. This is marked critical and contains the minimum base CRL Number that can be used with a delta CRL.
X509_DSS_SIGNATUREThe bytes are ordered as output by the DSS CSP's CryptSignHash where the lower 20 bytes are the R value, and the higher 20 bytes are the S value. The R and S values are treated as unsigned integers and encoded as a sequence of them.
X509_ECC_SIGNATUREUses the same encode and decode function as X509_DH_PARAMETERS. The CERT_ECC_SIGNATURE structure is identical to the CERT_DH_PARAMETERS structure except for the names of the fields.
X509_ENUMERATEDUsed when encoding any arbitrary enumeration such as the X509_CRL_REASON_CODE.
szOID_FRESHEST_CRL Used with base CRLs only. This is formatted identically to a CDP extension holding URLs to fetch the delta CRL.
X509_ISSUING_DIST_POINT

szOID_ISSUING_DIST_POINT

For CRYPT_E_INVALID_IA5_STRING, the error location is returned in *pcbEncoded by CryptEncodeObject(X509_ISSUING_DIST_POINT)

Error location consists of:

  • ENTRY_INDEX – 8 bits << 16
  • VALUE_INDEX – 16 bits (Unicode character index)

For more information about ENTRY_INDEX and VALUE_INDEX error location defined constants, see X509_ALTERNATE_NAME.

X509_KEY_USAGE

szOID_KEY_USAGE

The bit definitions used for the IntendedKeyUsage member of the CERT_KEY_ATTRIBUTES_INFO structure are used.
X509_KEYGEN_REQUEST_TO_BE_SIGNEDFor the decode functions, the pbEncoded member is the output of one of the encode functions using the X509_CERT lpszStructType. This output includes the "to be signed" data plus its signature.

For the encode functions, the pbEncoded member is the "to be signed" data only.

X509_MULTI_BYTE_UINTBefore encoding, a leading 0x00 is inserted. After decoding, the leading 0x00 is removed.
X509_NAMEUsed to decode/encode the Issuer and Subject members in a CERT_INFO structure.
X509_NAME_CONSTRAINTS

szOID_NAME_CONSTRAINTS

For CRYPT_E_INVALID_IA5_STRING, the error location is returned in *pcbEncoded by CryptEncodeObject(X509_NAME_CONSTRAINTS)

Error location consists of:

  • EXCLUDED_SUBTREE_BIT – 1 bit << 31

    (0 for permitted, 1 for excluded)

  • ENTRY_INDEX – 8 bits << 16
  • VALUE_INDEX – 16 bits (Unicode character index)

For more information about ENTRY_INDEX and VALUE_INDEX error location defined constants, see X509_ALTERNATE_NAME.

X509_UNICODE_ANY_STRING

X509_UNICODE_NAME_VALUE

For the encode functions, the pbData member of the structure pointed to points to the Unicode string. If the cbData member is zero, the Unicode string has a terminating null character; otherwise, cbData is the Unicode string byte count. The byte count is twice the character count.

If the Unicode string contains a character that is not valid for the specified dwValueType, *pcbEncoded is updated with the Unicode character index of the first character that is not valid. GetLastError returns:

CRYPT_E_INVALID_NUMERIC_STRING

CRYPT_E_INVALID_PRINTABLE_STRING

CRYPT_E_INVALID_IA5_STRING

The Unicode string is converted before being encoded according to the specified dwValueType. If dwValueType is set to 0, GetLastError returns E_INVALIDARG.

If the dwValueType does not indicate a character string, CryptEncodeObject returns FALSE with GetLastError returning CRYPT_E_NOT_CHAR_STRING.

For the decode functions, the pbData member points to a null-terminated Unicode string and the cbData member contains the byte count of the Unicode string excluding the terminating null character. dwValueType contains the type used to encoded the object. It is not forced to CERT_RDN_UNICODE_STRING. The encoded value is converted to the Unicode string according to the dwValueType.

If the encoded object is not one of the character string types, the decode function returns FALSE with GetLastError returning CRYPT_E_NOT_CHAR_STRING.

Decode noncharacter strings by using a lpszStructType of X509_ANY_STRING.

szOID_NEXT_UPDATE_LOCATION Used with certificate trust lists (CTLs) to get the location for the most recent, time valid CTL. Commonly, the choice used in the CERT_ALT_NAME_INFO is a URL that indicates the location.
X509_OCTET_STRINGThe structure contains a sequence of bytes. It is used with some encryption algorithms that require an initialization vector in the form of an octet string.
CNG_RSA_PUBLIC_KEY_BLOB

The corresponding pvStructInfo points to a BCRYPT_RSAKEY_BLOB immediately followed by the exponent and the modulus bytes. Both the exponent and modulus are in big-endian format. The private key fields consisting of cbPrime1 and cbPrime2 are set to zero.

If the dwCertEncodingType parameter equals X509_ASN_ENCODING, then the CNG_RSA_PUBLIC_KEY_BLOB is encoded as a PKCS #1 RSA public key that consists of a sequence of a modulus and a publicExponent.

PKCS_RSA_SSA_PSS_PARAMETERS

szOID_RSA_SSA_PSS

For encoding, use the following defaults if the CRYPT_RSA_SSA_PSS_PARAMETERS structure fields are set to NULL or zero.

Field: HashAlgorithm.pszObjId

Default: szOID_OIWSEC_sha1

Field: MaskGenAlgorithm.pszObjId

Default: szOID_RSA_MGF1

Field: MaskGenAlgorithm.HashAlgorithm.pszObjId

Default: HashAlgorithm.pszObjId

Field: dwSaltLength

Default: cbHash

Field: dwTrailerField

Default: PKCS_RSA_SSA_PSS_TRAILER_FIELD_BC

For encoding, only the HashAlgorithm.pszObjId field will need to be set. For decoding, all of fields are explicitly set.

PKCS_RSAES_OAEP_PARAMETERS

szOID_RSAES_OAEP

For encoding, use the following defaults if the CRYPT_RSAES_OAEP_PARAMETERS structure fields are set to NULL or zero.

Field: HashAlgorithm.pszObjId

Default: szOID_OIWSEC_sha1

Field: MaskGenAlgorithm.pszObjId

Default: szOID_RSA_MGF1

Field: MaskGenAlgorithm.HashAlgorithm.pszObjId

Default: HashAlgorithm.pszObjId

Field: PSourceAlgorithm.pszObjId

Default: szOID_RSA_PSPECIFIED

Field: PSourceAlgorithm.EncodingParameters.cbData

Default: 0

Field: PSourceAlgorithm.EncodingParameters.pbData

Default: NULL

For encoding, only the HashAlgorithm.pszObjId field will need to be set. For decoding, all fields are explicitly set.

X509_SEQUENCE_OF_ANYThe CRYPT_DER_BLOBs point to the already encoded ANY content.
PKCS_SMIME_CAPABILITIES

szOID_RSA_SMIMECapabilities

These lpszStructType values work differently for encode functions. Because of the Secure/Multipurpose Internet Mail Extensions (S/MIME) specifications, if the Parameters.cbData is zero, the encoded parameters are omitted and not encoded as a NULL (05 00).
szOID_SUBJECT_KEY_IDENTIFIER The CRYPT_INTEGER_BLOB structure contains an octet string, an arbitrary sequence of bytes.
X509_UNICODE_NAMEFor decode functions, the relative distinguished name (RDN) attribute values are Unicode strings except for the dwValueTypes of CERT_RDN_ENCODED_BLOB or CERT_RDN_OCTET_STRING. These dwValueTypes are the same as for an X509_NAME. These values are not converted to Unicode.

The RDN attribute value's pbData member points to a null-terminated Unicode string. The RDN attribute value's cbData member contains the byte count of the Unicode string excluding the terminating null character. The RDN attribute value's dwValueType member contains the type used in the encoded object. It is not forced to CERT_RDN_UNICODE_STRING. The encoded value is converted to the Unicode string according to the dwValueType.

For the encode functions, the RDN attribute values are Unicode strings except for the dwValueTypes of CERT_RDN_ENCODED_BLOB or CERT_RDN_OCTET_STRING. These dwValueTypes are the same as for a X509_NAME. These values are not expected to be Unicode.

For the remaining string dwValueTypes, the relative distinguished name (RDN) attribute value's pbData member points to the Unicode string. If the RDN attribute value's cbData member is zero, the Unicode string has a terminating null character. Otherwise, the RDN attribute value's cbData member is the Unicode string byte count. The byte count is twice the character count, and it excludes the terminating null character.

If the RDN attribute value's dwValueType member is CERT_RDN_ANY_TYPE, the pszObjId is used to find an acceptable dwValueType. If the Unicode string contains a character that is not valid for the found or specified dwValueType, *pcbEncoded is updated with the error location of the character that is not valid. For a character that is not valid, GetLastError returns:

CRYPT_E_INVALID_NUMERIC_STRING

CRYPT_E_INVALID_PRINTABLE_STRING

CRYPT_E_INVALID_IA5_STRING

The Unicode string is converted before being encoded according to the specified dwValueType or the object identifier's dwValueType.

The encode functions error location indices are returned in *pcbEncoded as follows:

The VALUE_INDEX of the error is located in bits 0 through 15.

The ATTR_INDEX of the error is located in bits 16 through 21.

The RDN_INDEX of the error is located in bits 22 through 31.

Bit 0 is the least significant bit of the DWORD.

The GET_CERT_UNICODE_RDN_ERR_INDEX(X), GET_CERT_UNICODE_ATTR_ERR_INDEX(X), and GET_CERT_UNICODE_VALUE_ERR_INDEX(X) defined macros provide easy reading of the bitmapped fields for VALUE_INDEX, ATTR_INDEX, and RDN_INDEX from the DWORD that contains them.

PKCS_UTC_TIME

szOID_RSA_signingTime

For X509_ASN_ENCODING, UTC time encoded precise to seconds and using a two-digit year.

 

Requirements

Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]

Header

Wincrypt.h

See also

CRYPT_INTEGER_BLOB

 

 

Community Additions

ADD
Show:
© 2014 Microsoft