Cryptography Structures


WINTRUST_DATA Structure

[The WINTRUST_DATA structure is available for use in the operating systems specified in the Requirements section. It may be altered or unavailable in subsequent versions.]

The WINTRUST_DATA structure is used when calling WinVerifyTrust to pass necessary information into the trust providers.

Syntax

C++ 
typedef struct _WINTRUST_DATA {
  DWORD  cbStruct;
  LPVOID pPolicyCallbackData;
  LPVOID pSIPClientData;
  DWORD  dwUIChoice;
  DWORD  fdwRevocationChecks;
  DWORD  dwUnionChoice;
  union {
    struct WINTRUST_FILE_INFO_ *pFile;
    struct WINTRUST_CATALOG_INFO_ *pCatalog;
    struct WINTRUST_BLOB_INFO_ *pBlob;
    struct WINTRUST_SGNR_INFO_ *pSgnr;
    struct WINTRUST_CERT_INFO_ *pCert;
  } ;
  DWORD  dwStateAction;
  HANDLE hWVTStateData;
  WCHAR *pwszURLReference;
  DWORD  dwProvFlags;
  DWORD  dwUIContext;
}WINTRUST_DATA, *PWINTRUST_DATA;

Members

cbStruct

The size, in bytes, of this structure.

pPolicyCallbackData

A pointer to a data buffer used to pass policy-specific data to a policy provider. This member can be NULL.

pSIPClientData

A pointer to a data buffer used to pass subject interface package (SIP)-specific data to a SIP provider. This member can be NULL.

dwUIChoice

Specifies the kind of user interface (UI) to be used. This member must be one of the following values.

ValueMeaning
WTD_UI_ALL
1

Display all UI.

WTD_UI_NONE
2

Display no UI.

WTD_UI_NOBAD
3

Do not display any negative UI.

WTD_UI_NOGOOD
4

Do not display any positive UI.

 

fdwRevocationChecks

Certificate revocation check options. This member can be set to add revocation checking to that done by the selected policy provider. This member must be one of the following values.

ValueMeaning
WTD_REVOKE_NONE
0

No additional revocation checking will be done when the WTD_REVOKE_NONE flag is used in conjunction with the HTTPSPROV_ACTION value set in the pgActionID parameter of the WinVerifyTrust function. To ensure the WinVerifyTrust function does not attempt any network retrieval when verifying code signatures, WTD_CACHE_ONLY_URL_RETRIEVAL must be set in the dwProvFlags parameter.

WTD_REVOKE_WHOLECHAIN
1

Revocation checking will be done on the whole chain.

 

dwUnionChoice

Specifies the union member to be used and, thus, the type of object for which trust will be verified. This member must be one of the following values.

ValueMeaning
WTD_CHOICE_FILE
1

Use the file pointed to by pFile.

WTD_CHOICE_CATALOG
2

Use the catalog pointed to by pCatalog.

WTD_CHOICE_BLOB
3

Use the BLOB pointed to by pBlob.

WTD_CHOICE_SIGNER
4

Use the WINTRUST_SGNR_INFO structure pointed to by pSgnr.

WTD_CHOICE_CERT
5

Use the certificate pointed to by pCert.

 

pFile

A pointer to a WINTRUST_FILE_INFO structure.

pCatalog

A pointer to a WINTRUST_CATALOG_INFO structure.

pBlob

A pointer to a WINTRUST_BLOB_INFO structure.

pSgnr

A pointer to a WINTRUST_SGNR_INFO structure.

pCert

A pointer to a WINTRUST_CERT_INFO structure.

dwStateAction

Specifies the action to be taken. This can be one of the following values.

ValueMeaning
WTD_STATEACTION_IGNORE
0x00000000

Ignore the hWVTStateData member.

WTD_STATEACTION_VERIFY
0x00000001

Verify the trust. The hWVTStateData member will receive a handle to the state data. This handle must be freed by specifying the WTD_STATEACTION_CLOSE action in a subsequent call.

WTD_STATEACTION_CLOSE
0x00000002

Free the hWVTStateData member previously allocated with the WTD_STATEACTION_VERIFY action. This action must be specified for every use of the WTD_STATEACTION_VERIFY action.

WTD_STATEACTION_AUTO_CACHE
0x00000003

Write the catalog data to a WINTRUST_DATA structure and then cache that structure. This action only applies when the dwUnionChoice member contains WTD_CHOICE_CATALOG.

WTD_STATEACTION_AUTO_CACHE_FLUSH
0x00000004

Flush any cached catalog data. This action only applies when the dwUnionChoice member contains WTD_CHOICE_CATALOG.

 

hWVTStateData

A handle to the state data. The contents of this member depends on the value of the dwStateAction member.

pwszURLReference

Reserved for future use. Set to NULL.

dwProvFlags

DWORD value that specifies trust provider settings. This can be a bitwise combination of zero or more of the following values.

ValueMeaning
WTD_USE_IE4_TRUST_FLAG
1 (0x1)

The trust is verified in the same manner as implemented by Internet Explorer 4.0.

WTD_NO_IE4_CHAIN_FLAG
2 (0x2)

The Internet Explorer 4.0 chain functionality is not used.

WTD_NO_POLICY_USAGE_FLAG
4 (0x4)

The default verification of the policy provider, such as code signing for Authenticode, is not performed, and the certificate is assumed valid for all usages.

WTD_REVOCATION_CHECK_NONE
16 (0x10)

Revocation checking is not performed.

WTD_REVOCATION_CHECK_END_CERT
32 (0x20)

Revocation checking is performed on the end certificate only.

WTD_REVOCATION_CHECK_CHAIN
64 (0x40)

Revocation checking is performed on the entire certificate chain.

WTD_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT
128 (0x80)

Revocation checking is performed on the entire certificate chain, excluding the root certificate.

WTD_SAFER_FLAG
256 (0x100)

SAFER semantics are used. Applies only if the WINTRUST_ACTION_GENERIC_VERIFY_V2 action is specified in the call to WinVerifyTrust or WinVerifyTrustEx. The SAFER semantics provide the following functionality:

  • WinVerifyTrust or WinVerifyTrustEx return TRUST_E_NOSIGNATURE if the subject is not signed, the subject has no signature, or the signer certificate could not be found. No user interface elements are presented to the user for these cases.
  • WinVerifyTrust or WinVerifyTrustEx search the code hash and publisher databases even if WTD_UI_NONE has been specified by dwUIChoice. The default is to search these databases only when UI has been enabled or user trust has been disabled.
WTD_HASH_ONLY_FLAG
512 (0x200)

Only the hash is verified.

WTD_USE_DEFAULT_OSVER_CHECK
1024 (0x400)

The default operating system version checking is performed.

WTD_LIFETIME_SIGNING_FLAG
2048 (0x800)

The time validity of the time stamp chain is checked. If this flag is not set, all time stamped signatures are considered valid forever. Setting this flag limits the valid lifetime of the signature to the lifetime of the certificate. This allows time stamped signatures to expire.

WTD_CACHE_ONLY_URL_RETRIEVAL
4096 (0x1000)

Use only the local cache for revocation checks. Prevents revocation checks over the network.

Windows XP and Windows 2000:  This value is not supported.

 

dwUIContext

A DWORD value that specifies the user interface context for the WinVerifyTrust function. This causes the text in the Authenticode dialog box to match the action taken on the file. This can be one of the following values.

ValueMeaning
WTD_UICONTEXT_EXECUTE
0

Use when calling WinVerifyTrust for a file that is to be run. This is the default value.

WTD_UICONTEXT_INSTALL
1

Use when calling WinVerifyTrust for a file that is to be installed.

 

Requirements

Minimum supported clientWindows 2000 Professional
Minimum supported serverWindows 2000 Server
HeaderWintrust.h

Send comments about this topic to Microsoft

Build date: 11/16/2009

Tags :


Page view tracker