Upgrade your Internet Experience
Microsoft.com
Welcome Sign in
Microsoft Developer Network
Click to Rate and Give Feedback
MSDN
MSDN Library
Security
Cryptography

  Switch on low bandwidth view
Cryptography Structures

The following structures are used by cryptography functions. Cryptography structures are categorized according to usage as follows:

CrypXML Structures

The following structures are used by the CryptXML Functions.

StructureDescription
CRYPT_XML_ALGORITHMSpecifies the algorithm used to sign or transform the message.
CRYPT_XML_ALGORITHM_INFOContains algorithm information.
CRYPT_XML_BLOBContains an arbitrary array of bytes.
CRYPT_XML_CRYPTOGRAPHIC_INTERFACEPassed to the CryptXmlDllGetInterface function pointer to expose the implemented CryptXML functions.
CRYPT_XML_DATA_BLOBContains XML encoded data.
CRYPT_XML_DATA_PROVIDERSpecifies the interface to the XML data provider.
CRYPT_XML_DOC_CTXTDefines document context information.
CRYPT_XML_ISSUER_SERIALContains an X.509 issued distinguished name–serial number pair.
CRYPT_XML_KEY_DSA_KEY_VALUEDefines a Digital Signature Algorithm (DSA) key value. The CRYPT_XML_KEY_DSA_KEY_VALUE structure is used as an element of the key value union in the CRYPT_XML_KEY_VALUE structure.
CRYPT_XML_KEY_ECDSA_KEY_VALUEDefines an Elliptic Curve Digital Signature Algorithm (ECDSA) key value. The CRYPT_XML_KEY_ECDSA_KEY_VALUE structure is used as an element of the key value union in the CRYPT_XML_KEY_VALUE structure.
CRYPT_XML_KEY_INFOEncapsulates key information data.
CRYPT_XML_KEY_INFO_ITEMEncapsulates key information data that corresponds to a <KeyInfo> element. The <KeyInfo> element enables the recipient to obtain the key needed to validate the signature.
CRYPT_XML_KEY_RSA_KEY_VALUEDefines an RSA key value. The CRYPT_XML_KEY_RSA_KEY_VALUE structure is used as element of the key value union in the CRYPT_XML_KEY_VALUE structure.
CRYPT_XML_KEY_VALUEContains a single public key that may be useful in validating the signature.
CRYPT_XML_KEYINFO_PARAMIs used by the CryptXmlSign function to specify the members of the <KeyInfo> element to be encoded.
CRYPT_XML_OBJECTDescribes an <Object> element in the signature.
CRYPT_XML_PROPERTYContains information about a CryptXML property.
CRYPT_XML_REFERENCEContains information used to populate the <Reference> element.
CRYPT_XML_REFERENCESDefines an array of CRYPT_XML_REFERENCE structures.
CRYPT_XML_SIGNATUREContains information used to populate the <Signature> element.
CRYPT_XML_SIGNED_INFOReturns information about the signature validation status, summary status information about a <SignedInfo> element, or summary status information about an array of <Reference> elements.
CRYPT_XML_TRANSFORM_CHAIN_CONFIGDefines application defined transforms which are allowed for use in the XML digital signature.
CRYPT_XML_TRANSFORM_INFOContains information that is used when applying the data transform.
CRYPT_XML_X509DATARepresents the sequence of choices in the <X509Data> element.
CRYPT_XML_X509DATA_ITEMRepresents X.509 data that is to be encoded in an X509Data named element.

 

General Cryptography Structures

The following structures are used by the Base Cryptography Functions.

StructureDescription
CMS_DH_KEY_INFOUsed with the KP_CMS_DH_KEY_INFO parameter in the CryptSetKeyParam function to contain Diffie-Hellman key information.
CMS_KEY_INFOThis structure is not used.
CRYPT_AES_128_KEY_STATESpecifies the 128-bit symmetric key information for an Advanced Encryption Standard (AES) cipher.
CRYPT_AES_256_KEY_STATESpecifies the 256-bit symmetric key information for an AES cipher.
CRYPT_ALGORITHM_IDENTIFIERContains the object identifier (OID) of the algorithm and any needed parameters for that algorithm.
CRYPT_ATTRIBUTESpecifies an attribute that has one or more values.
CRYPT_ATTRIBUTE_TYPE_VALUEContains a single attribute value.
CRYPT_ATTRIBUTESContains an array of attributes.
CRYPT_BIT_BLOBContains an array of bytes.
CRYPT_BLOB_ARRAYContains an array of CRYPT_DATA_BLOB structures.
CRYPT_CONTENT_INFOContains data encoded in the PKCS #7 ContentInfo data format.
CRYPT_CONTENT_INFO_SEQUENCE_OF_ANYContains information representing the Netscape certificate sequence of certificates.
CRYPT_DEFAULT_CONTEXT_MULTI_OID_PARAUsed with the CryptInstallDefaultContext function to contain an array of object identifier strings.
CRYPT_ECC_CMS_SHARED_INFORepresents key-encryption key information when using Elliptic Curve Cryptography (ECC) in the Cryptographic Message Syntax (CMS) EnvelopedData content type.
CRYPT_ENCRYPTED_PRIVATE_KEY_INFOContains the information of an encrypted PKCS #8 private key.
CRYPT_ENROLLMENT_NAME_VALUE_PAIRThis structure is used to create certificate requests on behalf of a user.
CRYPT_INTEGER_BLOBContains the data of various kinds of binary large objects under names appropriate to type.
CRYPT_KEY_LIMITSSupports the unimplemented CryptGetLocalKeyLimits function and is not used. It will be removed in a future version of Wincrypt.h.
CRYPT_KEY_PROV_INFOContains fields that are passed as the arguments to CryptAcquireContext to acquire a handle to a particular key container within a particular cryptographic service provider (CSP), or to create or destroy a key container.
CRYPT_KEY_PROV_PARAMContains data to be passed as the arguments to CryptSetProvParam.
CRYPT_KEY_SIGN_MESSAGE_PARAContains information about the CSP and algorithms used to sign a message.
CRYPT_KEY_VERIFY_MESSAGE_PARA Contains information needed to verify signed messages without a certificate for the signer.
CRYPT_MASK_GEN_ALGORITHMIdentifies the algorithm used to generate an RSA PKCS #1 v2.1 signature mask.
CRYPT_PKCS8_EXPORT_PARAMSContains information identifying a private key and a pointer to a callback function.
CRYPT_PKCS8_IMPORT_PARAMSContains a PKCS #8 private key and two pointers to callback functions.
CRYPT_PKCS12_PBE_PARAMSContains parameters used to create an encryption key, initialization vector (IV), or Message Authentication Code (MAC) key for a PKCS#12 password based encryption algorithm.
CRYPT_PRIVATE_KEY_INFOContains the information of a PKCS #8 private key.
CRYPT_PSOURCE_ALGORITHMIdentifies the algorithm and (optionally) the value of the label for an RSAES-OAEP key encryption.
CRYPT_RETRIEVE_AUX_INFOContains optional time synchronization information to pass to the CryptRetrieveObjectByUrl function.
CRYPT_RSA_SSA_PSS_PARAMETERSContains the parameters for an RSA PKCS #1 v2.1 signature.
CRYPT_RSAES_OAEP_PARAMETERSContains the parameters for an RSAES-OAEP key encryption.
CRYPT_SEQUENCE_OF_ANYContains an arbitrary list of encoded BLOBs.
CRYPT_SMART_CARD_ROOT_INFOContains the smart card and session IDs associated with a certificate context.
CRYPT_TIME_STAMP_REQUEST_INFOThis structure is used for time stamping.
CRYPT_URL_INFOContains information about groupings of URLs.
CRYPT_X942_OTHER_INFOContains additional key generation information.
CRYPTNET_URL_CACHE_FLUSH_INFOContains expiry information used by the Cryptnet URL Cache (CUC) service to maintain a URL cache entry.
CRYPTNET_URL_CACHE_PRE_FETCH_INFOContains update information used by the Cryptnet URL Cache (CUC) service to maintain a URL cache entry.
CRYPTNET_URL_CACHE_RESPONSE_INFOContains response information used by the Cryptnet URL Cache (CUC) service to maintain a URL cache entry.
CRYPT_INTEGER_BLOBThis structure is used for an arbitrary array of bytes.
CRYPTPROTECT_PROMPTSTRUCTProvides the text of a prompt and information about when and where that prompt is to be displayed when using the CryptProtectData and CryptUnprotectData functions.
CRYPTUI_INITDIALOG_STRUCTSupports the CRYPTUI_VIEWCERTIFICATE_STRUCT structure.
CRYPTUI_SELECTCERTIFICATE_STRUCTContains information about the dialog box displayed by the CryptUIDlgSelectCertificate function.
CRYPTUI_VIEWCERTIFICATE_STRUCTContains information about a certificate to view. It is used in the CryptUIDlgViewCertificate function.
CRYPTUI_VIEWSIGNERINFO_STRUCTContains information for the CryptUIDlgViewSignerInfo function.
CRYPTUI_WIZ_EXPORT_CERTCONTEXT_INFOContains information that controls the operation of the CryptUIWizExport function when a certificate is the object being exported.
CRYPTUI_WIZ_EXPORT_INFOContains information that controls the operation of the CryptUIWizExport function.
CRYPTUI_WIZ_IMPORT_SRC_INFOContains the subject to import into the CryptUIWizImport function.
DHPRIVKEY_VER3Contains information specific to the particular private key contained in the key BLOB.
DHPUBKEYContains information specific to the particular Diffie-Hellman public key contained in the key BLOB.
DHPUBKEY_VER3Contains information specific to the particular public key contained in the key BLOB.
Diffie-Hellman Version 3 Private Key BLOBsUsed to export and import information about a DH private key.
Diffie-Hellman Version 3 Public Key BLOBsUsed to export and import information about a DH public key.
DSS Version 3 Private Key BLOBsUsed to export and import information about a DH private key.
DSS Version 3 Public Key BLOBsUsed to export and import information about a DH public key.
DSSPRIVKEY_VER3Contains information specific to the particular private key contained in the key BLOB.
DSSPUBKEYContains information specific to the particular public key contained in the key BLOB.
DSSPUBKEY_VER3Contains information specific to the particular public key contained in the key BLOB.
DSSSEEDHolds the seed and counter values that can be used to verify the primes of the DSS public key.
HMAC_INFOSpecifies the hash algorithm and the inner and outer strings that are to be used to calculate the Hash-Based Message Authentication Code (HMAC) hash.
KEYSVC_BLOBDefines a key service BLOB.
KEYSVC_UNICODE_STRINGDefines a key service Unicode string.
OCSP_BASIC_RESPONSE_ENTRYContains the current certificate status for a single certificate.
OCSP_BASIC_RESPONSE_INFOContains a basic OCSP response as specified by RFC 2560.
OCSP_BASIC_REVOKED_INFOContains the reason a certificate was revoked.
OCSP_BASIC_SIGNED_RESPONSE_INFOContains a basic OCSP response with a signature.
OCSP_CERT_IDContains information to identify a certificate in an OCSP request or response.
OCSP_REQUEST_ENTRYContains information about a single certificate in an OCSP request.
OCSP_REQUEST_INFOContains information for an OCSP request as specified by RFC 2560.
OCSP_RESPONSE_INFOIndicates the success or failure of the corresponding OCSP request. For successful requests, it contains the type and value of response information.
OCSP_SIGNATURE_INFOContains a signature for an OCSP request or response.
OCSP_SIGNED_REQUEST_INFOContains information for an OCSP request with optional signature information.
PROV_ENUMALGSReturned by calls to CryptGetProvParam or CPGetProvParam.
PROV_ENUMALGS_EXReturned by calls to CryptGetProvParam or CPGetProvParam.
PUBLICKEYSTRUCIndicates a key's BLOB type and the algorithm that the key uses.
ROOT_INFO_LUIDContains a locally unique identifier (LUID) for Cryptographic Smart Card Root Information.
RSAPUBKEYContains information specific to the particular public key contained in the key BLOB.
SCHANNEL_ALGContains algorithm and key size information.
SIGNER_ATTR_AUTHCODESpecifies attributes for an Authenticode signature.
SIGNER_BLOB_INFOSpecifies a BLOB to sign.
SIGNER_CERTSpecifies a certificate used to sign a document. The certificate can be stored in a Software Publisher Certificate (SPC) file or in a certificate store.
SIGNER_CERT_STORE_INFOSpecifies the certificate store used to sign a document.
SIGNER_CONTEXTContains a signed BLOB.
SIGNER_FILE_INFOSpecifies a file to sign.
SIGNER_PROVIDER_INFOSpecifies the CSP and private key information used to create a digital signature.
SIGNER_SIGNATURE_INFOContains information about a digital signature.
SIGNER_SPC_CHAIN_INFOSpecifies a Software Publisher Certificate (SPC) and certificate chain used to sign a document.
SIGNER_SUBJECT_INFOSpecifies a subject to sign.

 

Common Certificate Structures

The following structures are used by many of the certificate functions.

StructureDescription
CERT_BIOMETRIC_DATAContains information about biometric data.
CERT_BIOMETRIC_EXT_INFOContains a set of biometric information.
CERT_CONTEXTContains both the encoded and decoded representations of a certificate.
CERT_CRL_CONTEXT_PAIRContains a certificate context and an associated CRL context.
CERT_DH_PARAMETERSContains parameters associated with a Diffie-Hellman public key algorithm.
CERT_DSS_PARAMETERSContains parameters associated with a DSS public key algorithm.
CERT_ECC_SIGNATUREContains the r and s values for an Elliptic Curve Digital Signature Algorithm (ECDSA) signature.
CERT_EXTENSIONContains the extension information for a certificate, certificate revocation list (CRL) or certificate trust list (CTL).
CERT_EXTENSIONSContains an array of extensions.
CERT_GENERAL_SUBTREEUsed in CERT_NAME_CONSTRAINTS_INFO structure, this structure provides the identity of a certificate that can be included or excluded.
CERT_HASHED_URLContains a hashed URL.
CERT_IDUsed as a flexible means of uniquely identifying a certificate.
CERT_INFOContains a certificate's information.
CERT_KEY_CONTEXTContains data for the pvData member of a Value member of CERT_EXTENSION structure associated with a CERT_KEY_CONTEXT_PROP_ID property.
CERT_KEYGEN_REQUEST_INFOContains information stored in the Netscape Keygen request.
CERT_LDAP_STORE_OPENED_PARAUsed with the CertOpenStore function when the CERT_STORE_PROV_LDAP provider is specified by using the CERT_LDAP_STORE_OPENED_FLAG flag to specify both the existing LDAP session to use to perform the query as well as the LDAP query string.
CERT_LOGOTYPE_AUDIOContains information about an audio logotype.
CERT_LOGOTYPE_AUDIO_INFOContains more detailed information about an audio logotype.
CERT_LOGOTYPE_DATAContains logotype data.
CERT_LOGOTYPE_DETAILSContains additional information about a logotype.
CERT_LOGOTYPE_EXT_INFOContains a set of logotype information.
CERT_LOGOTYPE_IMAGEContains information about an image logotype.
CERT_LOGOTYPE_IMAGE_INFOContains more detailed information about an image logotype.
CERT_LOGOTYPE_INFOContains information about logotype data.
CERT_LOGOTYPE_REFERENCEContains logotype reference information.
CERT_NAME_CONSTRAINTS_INFOContains information about certificates that are specifically permitted or excluded from trust.
CERT_NAME_INFOContains subject or issuer names. The information is represented as an array of CERT_RDN structures.
CERT_NAME_VALUEContains a relative distinguished name (RDN) attribute value.
CERT_OTHER_LOGOTYPE_INFOContains information about logo types that are not predefined.
CERT_PAIRContains a certificate and its pair cross certificate.
CERT_PHYSICAL_STORE_INFOContains information on physical certificate stores.
CERT_POLICY_CONSTRAINTS_INFOContains established policies for accepting certificates as trusted.
CERT_POLICY_MAPPINGContains a mapping between issuer domain and subject domain policy OIDs.
CERT_POLICY_MAPPINGS_INFOProvides mapping between the policy OIDs of two domains.
CERT_PUBLIC_KEY_INFOContains a public key and its algorithm.
CERT_QC_STATEMENTRepresents a single statement in a sequence of one or more statements for inclusion in a Qualified Certificate (QC) statements extension.
CERT_QC_STATEMENTS_EXT_INFOContains a sequence of one or more statements that comprise the Qualified Certificate (QC) statements extension for a QC.
CERT_RDNContains a relative distinguished name (RDN) consisting of an array of CERT_RDN_ATTR structures.
CERT_RDN_ATTRContains a single attribute of a relative distinguished name (RDN).
CERT_REQUEST_INFOContains information for a certificate request.
CERT_REVOCATION_CRL_INFOContains information updated by a CRL revocation type handler.
CERT_REVOCATION_PARAThis structure can optionally be passed to CertVerifyRevocation to assist in finding the issuer of the context to be verified.
CERT_REVOCATION_STATUSContains information on the revocation status of the certificate.
CERT_SELECT_STRUCTContains criteria upon which to select certificates that are presented in a certificate selection dialog box. This structure is used in the CertSelectCertificate function.
CERT_SIGNED_CONTENT_INFOContains encoded content to be signed and a BLOB to hold the signature.
CERT_STORE_PROV_FIND_INFOThis structure is used by many of the store provider callback functions.
CERT_STORE_PROV_INFOContains information returned by the installed CertDllOpenStoreProv when a store is opened with CertOpenStore.
CERT_SUBJECT_INFO_ACCESSThis is a synonym for the CERT_AUTHORITY_INFO_ACCESS structure.
CERT_SYSTEM_STORE_INFOContains information used by functions that work with system stores.
CERT_SYSTEM_STORE_RELOCATE_PARAContains data to be passed to CertOpenStore when that function's dwFlags parameter is set to CERT_SYSTEM_STORE_RELOCATE_FLAG.
CERT_TEMPLATE_EXTThis structure is a certificate template.
CERT_X942_DH_PARAMETERSContains parameters associated with a Diffie-Hellman public key algorithm.
CERT_X942_DH_VALIDATION_PARAMSThis structure is optionally pointed to by a member of the CERT_X942_DH_PARAMETERS structure and contains additional seed information.
CMC_ADD_ATTRIBUTES_INFOContains certificate attributes to be added to a certificate.
CMC_ADD_EXTENSIONS_INFOContains certificate extension control attributes to be added to a certificate.
CMC_DATA_INFOThis structure provides a means of communicating different pieces of tagged information.
CMC_PEND_INFOThis structure is a possible member of a CMC_STATUS_INFO structure.
CMC_RESPONSE_INFOThis structure provides a means of communicating different pieces of tagged information.
CMC_STATUS_INFOContains status information about Certificate Management Messages over CMS.
CMC_TAGGED_ATTRIBUTEThis structure is used in the CMC_DATA_INFO and CMC_RESPONSE_INFO structures.
CMC_TAGGED_CERT_REQUESTThis structure is used in the CMC_TAGGED_REQUEST structure.
CMC_TAGGED_CONTENT_INFOThis structure is used in the CMC_DATA_INFO and CMC_RESPONSE_INFO structures.
CMC_TAGGED_OTHER_MSGThis structure is used in the CMC_DATA_INFO and CMC_RESPONSE_INFO structures.
CMC_TAGGED_REQUESTThis structure is used in the CMC_DATA_INFO structures to request a certificate.
CRL_CONTEXTContains both the encoded and decoded representations of a CRL.
CRL_ENTRYContains information on a single revoked certificate. It is a member of a CRL_INFO structure.
CRL_INFOContains the information of a certificate revocation list (CRL).
CRL_ISSUING_DIST_POINTContains information about the kinds of certificates listed in a CRL.
CROSS_CERT_DIST_POINTS_INFOThis structure provides information used to update dynamic cross certificates.
CTL_ANY_SUBJECT_INFOContains a SubjectAlgorithm to be matched in the CTL and the SubjectIdentifier to be matched in one of the CTL entries in calls to CertFindSubjectInCTL.
CTL_CONTEXTContains both the encoded and decoded representations of a CTL.
CTL_ENTRYThis structure is an element of a certificate trust list (CTL).
CTL_FIND_SUBJECT_PARAContains data used by CertFindCTLInStore with a dwFindType of CTL_FIND_SUBJECT to find a certificate trust list (CTL).
CTL_FIND_USAGE_PARAThis structure is a member of the CTL_FIND_SUBJECT_PARA structure and it is used by CertFindCTLInStore.
CTL_INFOContains the information stored in a certificate trust list (CTL).
CTL_MODIFY_REQUESTContains a request to modify a certificate trust list. This structure is used in the CertModifyCertificatesToTrust function.
CTL_USAGEContains an array of Object Identifiers (OIDs) for certificate trust list (CTL) extensions.
CTL_VERIFY_USAGE_PARAContains parameters used by CertVerifyCTLUsage to establish the validity of a CTL's usage.
CTL_VERIFY_USAGE_STATUSContains information about a certificate trust list (CTL) returned by CertVerifyCTLUsage.

 

X.509 Certificate Extension Structures

The following structures are associated with X.509 CERT_EXTENSION structures.

StructureDescription
CERT_ACCESS_DESCRIPTIONThis structure is a member of a CERT_AUTHORITY_INFO_ACCESS structure.
CERT_ALT_NAME_ENTRYContains an alternative name in one of a variety of name forms.
CERT_ALT_NAME_INFOUsed in encoding and decoding extensions for subject or issuer certificates, certificate revocation list (CRLs), and certificate trust list (CTLs).
CERT_AUTHORITY_INFO_ACCESSRepresents authority information access and subject information access certificate extensions and specifies how to access additional information and services for the subject or the issuer of that certificate.
CERT_AUTHORITY_KEY_ID_INFOIdentifies the key used to sign a certificate or CRL.
CERT_AUTHORITY_KEY_ID2_INFOIdentifies the key used to sign a certificate or CRL. It differs from the CERT_AUTHORITY_KEY_ID_INFO structure in that the certificate issuer is a CERT_ALT_NAME_INFO instead of a CERT_NAME_BLOB.
CERT_BASIC_CONSTRAINTS_INFOContains information indicating whether the certified subject can act as a CA, an end-entity, or both.
CERT_BASIC_CONSTRAINTS2_INFOContains information indicating whether the certified subject can act as a CA or an end entity.
CERT_KEY_ATTRIBUTES_INFOContains optional additional information about the public key being certified.
CERT_KEY_USAGE_RESTRICTION_INFOContains restrictions imposed on the usage of a certificate's public key.
CERT_POLICIES_INFOContains an array of CERT_POLICY_INFO.
CERT_POLICY_IDContains a list of certificate policies that the certificate expressly supports, together with optional qualifier information pertaining to these policies.
CERT_POLICY_INFOContains an object identifier (OID) specifying a policy and an optional array of policy qualifiers.
CERT_POLICY_QUALIFIER_INFOContains an object identifier (OID) specifying the qualifier and qualifier-specific supplemental information.
CERT_PRIVATE_KEY_VALIDITYIndicates a valid time span for the private key corresponding to a certificate's public key.
CRL_DIST_POINTIdentifies a single CRL distribution point that a certificate user can reference to determine whether certificates have been revoked.
CRL_DIST_POINT_NAMEIdentifies a location from which the CRL can be obtained.
CRL_DIST_POINTS_INFOContains a list of CRL distribution points a certificate user can reference to determine whether the certificate has been revoked.

 

These structures can be encoded into the Value member of a CERT_EXTENSION structure by using the CryptEncodeObject and CryptEncodeObjectEx functions. They are created and returned by the CryptDecodeObject and CryptDecodeObjectEx functions when the Value member of a CERT_EXTENSION structure is decoded.

The structure encoded or created depends on the pszObjId string member of the CERT_EXTENSION structure.

Current extension predefined constants and OIDs along with the structure associated with each are shown in the following table.

Note  The predefined constant (column 1) and its corresponding OID (column 2) may be used interchangeably.

Predefined constantObject identifier (OID)Data structure
X509_AUTHORITY_INFO_ACCESSszOID_AUTHORITY_INFO_ACCESSCERT_AUTHORITY_INFO_ACCESS
X509_AUTHORITY_KEY_IDszOID_AUTHORITY_KEY_IDENTIFIERCERT_AUTHORITY_KEY_ID_INFO
X509_ALTERNATE_NAMEszOID_SUBJECT_ALT_NAME

– Or –

szOID_ISSUER_ALT_NAME

CERT_ALT_NAME_INFO
X509_BASIC_CONSTRAINTSszOID_BASIC_CONSTRAINTSCERT_BASIC_CONSTRAINTS_INFO
X509_BASIC_CONSTRAINTS2szOID_BASIC_CONSTRAINTS2CERT_BASIC_CONSTRAINTS2_INFO
X509_CERT_POLICIESszOID_CERT_POLICIESCERT_POLICIES_INFO
X509_KEY_ATTRIBUTESszOID_KEY_ATTRIBUTESCERT_KEY_ATTRIBUTES_INFO
X509_KEY_USAGEszOID_KEY_USAGECRYPT_BIT_BLOB
X509_KEY_USAGE_RESTRICTIONszOID_KEY_USAGE_RESTRICTIONCERT_KEY_USAGE_RESTRICTION_INFO
NoneszOID_POLICY_MAPPINGSNot implemented
NoneszOID_SUBJECT_DIR_ATTRSNot implemented

 

Message Structures

The following structures are used by the cryptographic message functions.

StructureDescription
CMSG_CMS_RECIPIENT_INFOThis structure is used with the CryptMsgGetParam function to get information on a key transport, key agreement, or mail list envelope message recipient.
CMSG_CMS_SIGNER_INFOThis structure contains the content of the defined SignerInfo in signed or signed and enveloped messages.
CMSG_CNG_CONTENT_DECRYPT_INFOContains all the relevant information passed between CryptMsgControl and OID installable functions for the import and decryption of a Cryptography API: Next Generation (CNG) content encryption key (CEK).
CMSG_CONTENT_ENCRYPT_INFOContains information shared between the PFN_CMSG_GEN_CONTENT_ENCRYPT_KEY, PFN_CMSG_EXPORT_KEY_TRANS, PFN_CMSG_EXPORT_KEY_AGREE, and PFN_CMSG_EXPORT_MAIL_LISTobject identifier (OID) installable functions used for the encryption and export of a content encryption key.
CMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR_PARAThis structure is used to add an unauthenticated attribute to a signer of a signed message.
CMSG_CTRL_DECRYPT_PARAThis structure contains information used to decrypt an enveloped message for a key transport recipient. This structure is passed to CryptMsgControl if the dwCtrlType parameter is CMSG_CTRL_DECRYPT.
CMSG_CTRL_DEL_SIGNER_UNAUTH_ATTR_PARAThis structure is used to delete an unauthenticated attribute of a signer of a signed message.
CMSG_CTRL_KEY_AGREE_DECRYPT_PARAThis structure contains information about a key agreement recipient.
CMSG_CTRL_KEY_TRANS_DECRYPT_PARAThis structure containing information about a key transport message recipient.
CMSG_CTRL_MAIL_LIST_DECRYPT_PARAThis structure contains information on a mail list message recipient.
CMSG_CTRL_VERIFY_SIGNATURE_EX_PARAThis structure contains information used to verify a message signature. It contains the signer index and signer public key. The signer public key can be the signer's CERT_PUBLIC_KEY_INFO structure, certificate context, or chain context.
CMSG_ENVELOPED_ENCODE_INFOThis structure contains information needed to encode an enveloped message. It is passed to CryptMsgOpenToEncode if dwMsgType is CMSG_ENVELOPED.
CMSG_ENVELOPED_HASHED_INFOThis structure is used with hashed messages. It is passed to CryptMsgOpenToEncode if dwMsgType is CMSG_ENVELOPED.
CMSG_KEY_AGREE_ENCRYPT_INFOContains encryption information applicable to all key agreement recipients of an enveloped message.
CMSG_KEY_AGREE_KEY_ENCRYPT_INFOContains the encrypted key for a key agreement recipient of an enveloped message.
CMSG_KEY_TRANS_ENCRYPT_INFOContains encryption information for a key transport recipient of enveloped data.
CMSG_MAIL_LIST_ENCRYPT_INFOContains encryption information for a mailing list recipient of enveloped data.
CMSG_KEY_AGREE_RECIPIENT_ENCODE_INFOThis structure contains information on a message recipient using key agreement key management.
CMSG_KEY_TRANS_RECIPIENT_ENCODE_INFOThis structure contains encoded key transport information for a message recipient.
CMSG_KEY_TRANS_RECIPIENT_INFOThis structure contains information used in key transport algorithms.
CMSG_MAIL_LIST_RECIPIENT_ENCODE_INFOThis structure is used with previously distributed symmetric keys for decrypting the content key encryption key (KEK).
CMSG_MAIL_LIST_RECIPIENT_INFOThis structure contains information used for previously distributed symmetric key-encryption keys (KEK).
CMSG_RC2_AUX_INFOThis structure contains the bit length of the key for RC2 encryption algorithms. The pvEncryptionAuxInfo member in CMSG_ENVELOPED_ENCODE_INFO can be set to point to an instance of this structure.
CMSG_RC4_AUX_INFOThis structure contains the bit length of the key for RC4 encryption algorithms. The pvEncryptionAuxInfo member in CMSG_ENVELOPED_ENCODE_INFO can be set to point to an instance of this structure.
CMSG_RECIPIENT_ENCODE_INFOThis structure contains information a message recipient's content encryption key management type.
CMSG_RECIPIENT_ENCRYPTED_KEY_ENCODE_INFOThis structure contains information on a message receiver used to decrypt the session key needed to decrypt the message contents. This structure is used with CMS low level messages using any of the key management methods.
CMSG_RECIPIENT_ENCRYPTED_KEY_INFOThis structure contains information used for an individual key agreement recipient.
CMSG_SIGNED_ENCODE_INFOThis structure contains information to be passed to CryptMsgOpenToEncode if dwMsgType is CMSG_SIGNED.
CMSG_SIGNER_ENCODE_INFOThis structure contains signer information. It is passed to CryptMsgCountersign, CryptMsgCountersignEncoded, and optionally to CryptMsgOpenToEncode as a member of the CMSG_SIGNED_ENCODE_INFO structure, if the dwMsgType parameter is CMSG_SIGNED.
CMSG_SIGNER_INFOThis structure contains the content of the PKCS #7 defined SignerInfo in signed messages.
CMSG_SP3_COMPATIBLE_AUX_INFOThis structure contains information needed for SP3 compatible encryption.
CMSG_STREAM_INFOThis structure is used to enable processing stream data rather than single block processing. Stream processing is most often used when processing large messages. Stream-process messages can originate from any serialized source such as a file on a hard disk, a server, or a CD ROM.
CRYPT_DECRYPT_MESSAGE_PARAContains information for decrypting messages.
CRYPT_ENCRYPT_MESSAGE_PARAContains information used to encrypt messages.
CRYPT_HASH_MESSAGE_PARAContains data for hashing messages.
CRYPT_SIGN_MESSAGE_PARAContains information for signing messages using a specified signing certificate context.
CRYPT_VERIFY_MESSAGE_PARAContains information needed to verify a signed message.

 

OID Support Structures

The following structures are used by the OID Support Functions.

StructureDescription
CRYPT_OID_FUNC_ENTRYContains an object identifier (OID) and a pointer to its related function. It is used with CryptInstallOIDFunctionAddress
CRYPT_OID_INFOContains information about an object identifier (OID).
CRYPT_RC2_CBC_PARAMETERSContains information used with szOID_RSA_RC2CBC encryption.
CRYPT_SMIME_CAPABILITIESContains a prioritized array of supported capabilities.
CRYPT_SMIME_CAPABILITYSpecifies a single capability and its associated parameters.

 

Certificate Chain Structures

The following structures are used in building certificate chains used to establish trust in a certificate.

StructureDescription
AUTHENTICODE_EXTRA_CERT_CHAIN_POLICY_PARAHolds policy information used in the verification of certificate chains for files.
AUTHENTICODE_EXTRA_CERT_CHAIN_POLICY_STATUSHolds additional Authenticode policy information for chain verification of files.
AUTHENTICODE_TS_EXTRA_CERT_CHAIN_POLICY_PARAContains time stamp policy information that can be used in certificate chain verification of files.
CERT_CHAIN_CONTEXTContains an array of simple certificate chains and a trust status structure that indicates summary validity data on all of the connected simple chains.
CERT_CHAIN_ELEMENTThis structure is a single element in a simple certificate chain.
CERT_CHAIN_ENGINE_CONFIGSets parameters for building a nondefault certificate chain engine.
CERT_CHAIN_FIND_BY_ISSUER_PARAHolds information used in CertFindChainInStore to build certificate chains.
CERT_CHAIN_PARAEstablishes the searching and matching criteria to be used in building a certificate chain.
CERT_CHAIN_POLICY_PARAContains information used in CertVerifyCertificateChainPolicy to establish policy criteria for the verification of certificate chains.
CERT_CHAIN_POLICY_STATUSHolds certificate chain status information returned by CertVerifyCertificateChainPolicy from the verification of certificate chains.
CERT_REVOCATION_INFOIndicates the revocation status of a certificate in a CERT_CHAIN_ELEMENT.
CERT_SIMPLE_CHAINContains an array of chain elements and a summary trust status for the chain that the array represents.
CERT_TRUST_LIST_INFOIndicates valid usage of a CTL.
CERT_TRUST_STATUSContains trust information about a certificate in a certificate chain, summary trust information about a simple chain of certificates, or summary information about an array of simple chains.
CERT_USAGE_MATCHProvides parameters for finding issuer certificates used to build a certificate chain.
CTL_USAGE_MATCHProvides parameters for finding certificate trust lists (CTL) used to build a certificate chain.
SSL_EXTRA_CERT_CHAIN_POLICY_PARAHolds policy information used in the verification of Secure Sockets Layer (SSL) client/server certificate chains.

 

CSP Structures

The following structures are used with cryptographic service provider (CSP) functions.

StructureDescription
BLOBHEADERIndicates a key's BLOB type and the algorithm that the key uses.
VTableProvStrucContains pointers to callback functions that can be used by CSP functions.

 

WinTrust Structures

The following structures are used with the WinVerifyTrust function.

StructureDescription
WINTRUST_BLOB_INFOUsed when calling WinVerifyTrust to verify a memory BLOB.
WINTRUST_CATALOG_INFOUsed when calling WinVerifyTrust to verify a member of a Microsoft catalog.
WINTRUST_CERT_INFOUsed when calling WinVerifyTrust to verify a CERT_CONTEXT.
WINTRUST_DATAUsed when calling WinVerifyTrust to pass necessary information into the trust providers
WINTRUST_FILE_INFOUsed when calling WinVerifyTrust to verify an individual file.
WINTRUST_SGNR_INFOUsed when calling WinVerifyTrust to verify a CMSG_SIGNER_INFO structure.

 

Send comments about this topic to Microsoft

Build date: 6/26/2009

Tags What's this?: Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations
© 2009 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Page view tracker