Cryptography Structures

The following structures are used by cryptography functions. Cryptography structures are categorized according to usage as follows:

CryptXML Structures

The following structures are used by the CryptXML Functions.

Structure Description
CRYPT_XML_ALGORITHM Specifies the algorithm used to sign or transform the message.
CRYPT_XML_ALGORITHM_INFO Contains algorithm information.
CRYPT_XML_BLOB Contains an arbitrary array of bytes.
CRYPT_XML_CRYPTOGRAPHIC_INTERFACE Passed to the CryptXmlDllGetInterface function pointer to expose the implemented CryptXML functions.
CRYPT_XML_DATA_BLOB Contains XML encoded data.
CRYPT_XML_DATA_PROVIDER Specifies the interface to the XML data provider.
CRYPT_XML_DOC_CTXT Defines document context information.
CRYPT_XML_ISSUER_SERIAL Contains an X.509 issued distinguished name–serial number pair.
CRYPT_XML_KEY_DSA_KEY_VALUE Defines a Digital Signature Algorithm (DSA) key value. The CRYPT_XML_KEY_DSA_KEY_VALUE structure is used as an element of the key value union in the CRYPT_XML_KEY_VALUE structure.
CRYPT_XML_KEY_ECDSA_KEY_VALUE Defines an Elliptic Curve Digital Signature Algorithm (ECDSA) key value. The CRYPT_XML_KEY_ECDSA_KEY_VALUE structure is used as an element of the key value union in the CRYPT_XML_KEY_VALUE structure.
CRYPT_XML_KEY_INFO Encapsulates key information data.
CRYPT_XML_KEY_INFO_ITEM Encapsulates key information data that corresponds to a KeyInfo element. The KeyInfo element enables the recipient to obtain the key needed to validate the signature.
CRYPT_XML_KEY_RSA_KEY_VALUE Defines an RSA key value. The CRYPT_XML_KEY_RSA_KEY_VALUE structure is used as element of the key value union in the CRYPT_XML_KEY_VALUE structure.
CRYPT_XML_KEY_VALUE Contains a single public key that may be useful in validating the signature.
CRYPT_XML_KEYINFO_PARAM Is used by the CryptXmlSign function to specify the members of the KeyInfo element to be encoded.
CRYPT_XML_OBJECT Describes an Object element in the signature.
CRYPT_XML_PROPERTY Contains information about a CryptXML property.
CRYPT_XML_REFERENCE Contains information used to populate the Reference element.
CRYPT_XML_REFERENCES Defines an array of CRYPT_XML_REFERENCE structures.
CRYPT_XML_SIGNATURE Contains information used to populate the Signature element.
CRYPT_XML_SIGNED_INFO Returns information about the signature validation status, summary status information about a SignedInfo element, or summary status information about an array of Reference elements.
CRYPT_XML_TRANSFORM_CHAIN_CONFIG Defines application defined transforms which are allowed for use in the XML digital signature.
CRYPT_XML_TRANSFORM_INFO Contains information that is used when applying the data transform.
CRYPT_XML_X509DATA Represents the sequence of choices in the X509Data element.
CRYPT_XML_X509DATA_ITEM Represents X.509 data that is to be encoded in an X509Data named element.

 

General Cryptography Structures

The following structures are used by the Base Cryptography Functions.

Structure Description
CMS_DH_KEY_INFO Used with the KP_CMS_DH_KEY_INFO parameter in the CryptSetKeyParam function to contain Diffie-Hellman key information.
CMS_KEY_INFO This structure is not used.
CRYPT_AES_128_KEY_STATE Specifies the 128-bit symmetric key information for an Advanced Encryption Standard (AES) cipher.
CRYPT_AES_256_KEY_STATE Specifies the 256-bit symmetric key information for an AES cipher.
CRYPT_ALGORITHM_IDENTIFIER Contains the object identifier (OID) of the algorithm and any needed parameters for that algorithm.
CRYPT_ATTRIBUTE Specifies an attribute that has one or more values.
CRYPT_ATTRIBUTE_TYPE_VALUE Contains a single attribute value.
CRYPT_ATTRIBUTES Contains an array of attributes.
CRYPT_BIT_BLOB Contains an array of bytes.
CRYPT_BLOB_ARRAY Contains an array of CRYPT_DATA_BLOB structures.
CRYPT_CONTENT_INFO Contains data encoded in the PKCS #7 ContentInfo data format.
CRYPT_CONTENT_INFO_SEQUENCE_OF_ANY Contains information representing the Netscape certificate sequence of certificates.
CRYPT_DEFAULT_CONTEXT_MULTI_OID_PARA Used with the CryptInstallDefaultContext function to contain an array of object identifier strings.
CRYPT_ECC_CMS_SHARED_INFO Represents key-encryption key information when using Elliptic Curve Cryptography (ECC) in the Cryptographic Message Syntax (CMS) EnvelopedData content type.
CRYPT_ENCRYPTED_PRIVATE_KEY_INFO Contains the information of an encrypted PKCS #8 private key.
CRYPT_ENROLLMENT_NAME_VALUE_PAIR This structure is used to create certificate requests on behalf of a user.
CRYPT_INTEGER_BLOB Contains the data of various kinds of binary large objects under names appropriate to type.
CRYPT_KEY_LIMITS Supports the unimplemented CryptGetLocalKeyLimits function and is not used. It will be removed in a future version of Wincrypt.h.
CRYPT_KEY_PROV_INFO Contains fields that are passed as the arguments to CryptAcquireContext to acquire a handle to a particular key container within a particular cryptographic service provider (CSP), or to create or destroy a key container.
CRYPT_KEY_PROV_PARAM Contains data to be passed as the arguments to CryptSetProvParam.
CRYPT_KEY_SIGN_MESSAGE_PARA Contains information about the CSP and algorithms used to sign a message.
CRYPT_KEY_VERIFY_MESSAGE_PARA Contains information needed to verify signed messages without a certificate for the signer.
CRYPT_MASK_GEN_ALGORITHM Identifies the algorithm used to generate an RSA PKCS #1 v2.1 signature mask.
CRYPT_OBJECT_LOCATOR_PROVIDER_TABLE Contains pointers to functions implemented by an object location provider.
CRYPT_PKCS8_EXPORT_PARAMS Contains information identifying a private key and a pointer to a callback function.
CRYPT_PKCS8_IMPORT_PARAMS Contains a PKCS #8 private key and two pointers to callback functions.
CRYPT_PKCS12_PBE_PARAMS Contains parameters used to create an encryption key, initialization vector (IV), or Message Authentication Code (MAC) key for a PKCS #12 password based encryption algorithm.
CRYPT_PRIVATE_KEY_INFO Contains the information of a PKCS #8 private key.
CRYPT_PSOURCE_ALGORITHM Identifies the algorithm and (optionally) the value of the label for an RSAES-OAEP key encryption.
CRYPT_RETRIEVE_AUX_INFO Contains optional time synchronization information to pass to the CryptRetrieveObjectByUrl function.
CRYPT_RSA_SSA_PSS_PARAMETERS Contains the parameters for an RSA PKCS #1 v2.1 signature.
CRYPT_RSAES_OAEP_PARAMETERS Contains the parameters for an RSAES-OAEP key encryption.
CRYPT_SEQUENCE_OF_ANY Contains an arbitrary list of encoded BLOBs.
CRYPT_SMART_CARD_ROOT_INFO Contains the smart card and session IDs associated with a certificate context.
CRYPT_TIME_STAMP_REQUEST_INFO This structure is used for time stamping.
CRYPT_URL_INFO Contains information about groupings of URLs.
CRYPT_X942_OTHER_INFO Contains additional key generation information.
CRYPTNET_URL_CACHE_FLUSH_INFO Contains expiry information used by the Cryptnet URL Cache (CUC) service to maintain a URL cache entry.
CRYPTNET_URL_CACHE_PRE_FETCH_INFO Contains update information used by the Cryptnet URL Cache (CUC) service to maintain a URL cache entry.
CRYPTNET_URL_CACHE_RESPONSE_INFO Contains response information used by the Cryptnet URL Cache (CUC) service to maintain a URL cache entry.
CRYPT_INTEGER_BLOB This structure is used for an arbitrary array of bytes.
CRYPTPROTECT_PROMPTSTRUCT Provides the text of a prompt and information about when and where that prompt is to be displayed when using the CryptProtectData and CryptUnprotectData functions.
CRYPTUI_INITDIALOG_STRUCT Supports the CRYPTUI_VIEWCERTIFICATE_STRUCT structure.
CRYPTUI_SELECTCERTIFICATE_STRUCT Contains information about the dialog box displayed by the CryptUIDlgSelectCertificate function.
CRYPTUI_VIEWCERTIFICATE_STRUCT Contains information about a certificate to view. It is used in the CryptUIDlgViewCertificate function.
CRYPTUI_VIEWSIGNERINFO_STRUCT Contains information for the CryptUIDlgViewSignerInfo function.
CRYPTUI_WIZ_EXPORT_CERTCONTEXT_INFO Contains information that controls the operation of the CryptUIWizExport function when a certificate is the object being exported.
CRYPTUI_WIZ_EXPORT_INFO Contains information that controls the operation of the CryptUIWizExport function.
CRYPTUI_WIZ_IMPORT_SRC_INFO Contains the subject to import into the CryptUIWizImport function.
DHPRIVKEY_VER3 Contains information specific to the particular private key contained in the key BLOB.
DHPUBKEY Contains information specific to the particular Diffie-Hellman public key contained in the key BLOB.
DHPUBKEY_VER3 Contains information specific to the particular public key contained in the key BLOB.
Diffie-Hellman Version 3 Private Key BLOBs Used to export and import information about a DH private key.
Diffie-Hellman Version 3 Public Key BLOBs Used to export and import information about a DH public key.
DSS Version 3 Private Key BLOBs Used to export and import information about a DH private key.
DSS Version 3 Public Key BLOBs Used to export and import information about a DH public key.
DSSPRIVKEY_VER3 Contains information specific to the particular private key contained in the key BLOB.
DSSPUBKEY Contains information specific to the particular public key contained in the key BLOB.
DSSPUBKEY_VER3 Contains information specific to the particular public key contained in the key BLOB.
DSSSEED Holds the seed and counter values that can be used to verify the primes of the DSS public key.
HMAC_INFO Specifies the hash algorithm and the inner and outer strings that are to be used to calculate the Hash-Based Message Authentication Code (HMAC) hash.
KEYSVC_BLOB Defines a key service BLOB.
KEYSVC_UNICODE_STRING Defines a key service Unicode string.
OCSP_BASIC_RESPONSE_ENTRY Contains the current certificate status for a single certificate.
OCSP_BASIC_RESPONSE_INFO Contains a basic OCSP response as specified by RFC 2560.
OCSP_BASIC_REVOKED_INFO Contains the reason a certificate was revoked.
OCSP_BASIC_SIGNED_RESPONSE_INFO Contains a basic OCSP response with a signature.
OCSP_CERT_ID Contains information to identify a certificate in an OCSP request or response.
OCSP_REQUEST_ENTRY Contains information about a single certificate in an OCSP request.
OCSP_REQUEST_INFO Contains information for an OCSP request as specified by RFC 2560.
OCSP_RESPONSE_INFO Indicates the success or failure of the corresponding OCSP request. For successful requests, it contains the type and value of response information.
OCSP_SIGNATURE_INFO Contains a signature for an OCSP request or response.
OCSP_SIGNED_REQUEST_INFO Contains information for an OCSP request with optional signature information.
PROV_ENUMALGS Returned by calls to CryptGetProvParam or CPGetProvParam.
PROV_ENUMALGS_EX Returned by calls to CryptGetProvParam or CPGetProvParam.
PUBLICKEYSTRUC Indicates a key's BLOB type and the algorithm that the key uses.
ROOT_INFO_LUID Contains a locally unique identifier (LUID) for Cryptographic Smart Card Root Information.
RSAPUBKEY Contains information specific to the particular public key contained in the key BLOB.
SCHANNEL_ALG Contains algorithm and key size information.
SIGNER_ATTR_AUTHCODE Specifies attributes for an Authenticode signature.
SIGNER_BLOB_INFO Specifies a BLOB to sign.
SIGNER_CERT Specifies a certificate used to sign a document. The certificate can be stored in a Software Publisher Certificate (SPC) file or in a certificate store.
SIGNER_CERT_STORE_INFO Specifies the certificate store used to sign a document.
SIGNER_CONTEXT Contains a signed BLOB.
SIGNER_FILE_INFO Specifies a file to sign.
SIGNER_PROVIDER_INFO Specifies the CSP and private key information used to create a digital signature.
SIGNER_SIGNATURE_INFO Contains information about a digital signature.
SIGNER_SPC_CHAIN_INFO Specifies a Software Publisher Certificate (SPC) and certificate chain used to sign a document.
SIGNER_SUBJECT_INFO Specifies a subject to sign.

 

Common Certificate Structures

The following structures are used by many of the certificate functions.

Structure Description
CERT_BIOMETRIC_DATA Contains information about biometric data.
CERT_BIOMETRIC_EXT_INFO Contains a set of biometric information.
CERT_CONTEXT Contains both the encoded and decoded representations of a certificate.
CERT_CRL_CONTEXT_PAIR Contains a certificate context and an associated CRL context.
CERT_DH_PARAMETERS Contains parameters associated with a Diffie-Hellman public key algorithm.
CERT_DSS_PARAMETERS Contains parameters associated with a DSS public key algorithm.
CERT_ECC_SIGNATURE Contains the r and s values for an Elliptic Curve Digital Signature Algorithm (ECDSA) signature.
CERT_EXTENSION Contains the extension information for a certificate, certificate revocation list (CRL) or certificate trust list (CTL).
CERT_EXTENSIONS Contains an array of extensions.
CERT_GENERAL_SUBTREE Used in CERT_NAME_CONSTRAINTS_INFO structure, this structure provides the identity of a certificate that can be included or excluded.
CERT_HASHED_URL Contains a hashed URL.
CERT_ID Used as a flexible means of uniquely identifying a certificate.
CERT_INFO Contains a certificate's information.
CERT_KEY_CONTEXT Contains data for the pvData member of a Value member of CERT_EXTENSION structure associated with a CERT_KEY_CONTEXT_PROP_ID property.
CERT_KEYGEN_REQUEST_INFO Contains information stored in the Netscape Keygen request.
CERT_LDAP_STORE_OPENED_PARA Used with the CertOpenStore function when the CERT_STORE_PROV_LDAP provider is specified by using the CERT_LDAP_STORE_OPENED_FLAG flag to specify both the existing LDAP session to use to perform the query as well as the LDAP query string.
CERT_LOGOTYPE_AUDIO Contains information about an audio logotype.
CERT_LOGOTYPE_AUDIO_INFO Contains more detailed information about an audio logotype.
CERT_LOGOTYPE_DATA Contains logotype data.
CERT_LOGOTYPE_DETAILS Contains additional information about a logotype.
CERT_LOGOTYPE_EXT_INFO Contains a set of logotype information.
CERT_LOGOTYPE_IMAGE Contains information about an image logotype.
CERT_LOGOTYPE_IMAGE_INFO Contains more detailed information about an image logotype.
CERT_LOGOTYPE_INFO Contains information about logotype data.
CERT_LOGOTYPE_REFERENCE Contains logotype reference information.
CERT_NAME_CONSTRAINTS_INFO Contains information about certificates that are specifically permitted or excluded from trust.
CERT_NAME_INFO Contains subject or issuer names. The information is represented as an array of CERT_RDN structures.
CERT_NAME_VALUE Contains a relative distinguished name (RDN) attribute value.
CERT_OTHER_LOGOTYPE_INFO Contains information about logo types that are not predefined.
CERT_PAIR Contains a certificate and its pair cross certificate.
CERT_PHYSICAL_STORE_INFO Contains information on physical certificate stores.
CERT_POLICY_CONSTRAINTS_INFO Contains established policies for accepting certificates as trusted.
CERT_POLICY_MAPPING Contains a mapping between issuer domain and subject domain policy OIDs.
CERT_POLICY_MAPPINGS_INFO Provides mapping between the policy OIDs of two domains.
CERT_PUBLIC_KEY_INFO Contains a public key and its algorithm.
CERT_QC_STATEMENT Represents a single statement in a sequence of one or more statements for inclusion in a Qualified Certificate (QC) statements extension.
CERT_QC_STATEMENTS_EXT_INFO Contains a sequence of one or more statements that make up the Qualified Certificate (QC) statements extension for a QC.
CERT_RDN Contains a relative distinguished name (RDN) consisting of an array of CERT_RDN_ATTR structures.
CERT_RDN_ATTR Contains a single attribute of a relative distinguished name (RDN).
CERT_REQUEST_INFO Contains information for a certificate request.
CERT_REVOCATION_CRL_INFO Contains information updated by a CRL revocation type handler.
CERT_REVOCATION_PARA This structure can optionally be passed to CertVerifyRevocation to assist in finding the issuer of the context to be verified.
CERT_REVOCATION_STATUS Contains information on the revocation status of the certificate.
CERT_SELECT_STRUCT Contains criteria upon which to select certificates that are presented in a certificate selection dialog box. This structure is used in the CertSelectCertificate function.
CERT_SIGNED_CONTENT_INFO Contains encoded content to be signed and a BLOB to hold the signature.
CERT_STORE_PROV_FIND_INFO This structure is used by many of the store provider callback functions.
CERT_STORE_PROV_INFO Contains information returned by the installed CertDllOpenStoreProv when a store is opened with CertOpenStore.
CERT_STRONG_SIGN_PARA Contains parameters used to check for strong signatures on certificates, CRLs, OCSP reponses, and PKCS #7 messages.
CERT_STRONG_SIGN_SERIALIZED_INFO Contains the signature algorithm/hash algorithm and public key algorithm/bit length pairs that can be used for strong signing.
CERT_SUBJECT_INFO_ACCESS This is a synonym for the CERT_AUTHORITY_INFO_ACCESS structure.
CERT_SYSTEM_STORE_INFO Contains information used by functions that work with system stores.
CERT_SYSTEM_STORE_RELOCATE_PARA Contains data to be passed to CertOpenStore when that function's dwFlags parameter is set to CERT_SYSTEM_STORE_RELOCATE_FLAG.
CERT_TEMPLATE_EXT This structure is a certificate template.
CERT_X942_DH_PARAMETERS Contains parameters associated with a Diffie-Hellman public key algorithm.
CERT_X942_DH_VALIDATION_PARAMS This structure is optionally pointed to by a member of the CERT_X942_DH_PARAMETERS structure and contains additional seed information.
CMC_ADD_ATTRIBUTES_INFO Contains certificate attributes to be added to a certificate.
CMC_ADD_EXTENSIONS_INFO Contains certificate extension control attributes to be added to a certificate.
CMC_DATA_INFO This structure provides a means of communicating different pieces of tagged information.
CMC_PEND_INFO This structure is a possible member of a CMC_STATUS_INFO structure.
CMC_RESPONSE_INFO This structure provides a means of communicating different pieces of tagged information.
CMC_STATUS_INFO Contains status information about Certificate Management Messages over CMS.
CMC_TAGGED_ATTRIBUTE This structure is used in the CMC_DATA_INFO and CMC_RESPONSE_INFO structures.
CMC_TAGGED_CERT_REQUEST This structure is used in the CMC_TAGGED_REQUEST structure.
CMC_TAGGED_CONTENT_INFO This structure is used in the CMC_DATA_INFO and CMC_RESPONSE_INFO structures.
CMC_TAGGED_OTHER_MSG This structure is used in the CMC_DATA_INFO and CMC_RESPONSE_INFO structures.
CMC_TAGGED_REQUEST This structure is used in the CMC_DATA_INFO structures to request a certificate.
CRL_CONTEXT Contains both the encoded and decoded representations of a CRL.
CRL_ENTRY Contains information on a single revoked certificate. It is a member of a CRL_INFO structure.
CRL_INFO Contains the information of a certificate revocation list (CRL).
CRL_ISSUING_DIST_POINT Contains information about the kinds of certificates listed in a CRL.
CROSS_CERT_DIST_POINTS_INFO This structure provides information used to update dynamic cross certificates.
CTL_ANY_SUBJECT_INFO Contains a SubjectAlgorithm to be matched in the CTL and the SubjectIdentifier to be matched in one of the CTL entries in calls to CertFindSubjectInCTL.
CTL_CONTEXT Contains both the encoded and decoded representations of a CTL.
CTL_ENTRY This structure is an element of a certificate trust list (CTL).
CTL_FIND_SUBJECT_PARA Contains data used by CertFindCTLInStore with a dwFindType of CTL_FIND_SUBJECT to find a certificate trust list (CTL).
CTL_FIND_USAGE_PARA This structure is a member of the CTL_FIND_SUBJECT_PARA structure and it is used by CertFindCTLInStore.
CTL_INFO Contains the information stored in a certificate trust list (CTL).
CTL_MODIFY_REQUEST Contains a request to modify a certificate trust list. This structure is used in the CertModifyCertificatesToTrust function.
CTL_USAGE Contains an array of Object Identifiers (OIDs) for certificate trust list (CTL) extensions.
CTL_VERIFY_USAGE_PARA Contains parameters used by CertVerifyCTLUsage to establish the validity of a CTL's usage.
CTL_VERIFY_USAGE_STATUS Contains information about a certificate trust list (CTL) returned by CertVerifyCTLUsage.

 

X.509 Certificate Extension Structures

The following structures are associated with X.509 CERT_EXTENSION structures.

Structure Description
CERT_ACCESS_DESCRIPTION This structure is a member of a CERT_AUTHORITY_INFO_ACCESS structure.
CERT_ALT_NAME_ENTRY Contains an alternative name in one of a variety of name forms.
CERT_ALT_NAME_INFO Used in encoding and decoding extensions for subject or issuer certificates, certificate revocation list (CRLs), and certificate trust list (CTLs).
CERT_AUTHORITY_INFO_ACCESS Represents authority information access and subject information access certificate extensions and specifies how to access additional information and services for the subject or the issuer of that certificate.
CERT_AUTHORITY_KEY_ID_INFO Identifies the key used to sign a certificate or CRL.
CERT_AUTHORITY_KEY_ID2_INFO Identifies the key used to sign a certificate or CRL. It differs from the CERT_AUTHORITY_KEY_ID_INFO structure in that the certificate issuer is a CERT_ALT_NAME_INFO instead of a CERT_NAME_BLOB.
CERT_BASIC_CONSTRAINTS_INFO Contains information indicating whether the certified subject can act as a CA, an end-entity, or both.
CERT_BASIC_CONSTRAINTS2_INFO Contains information indicating whether the certified subject can act as a CA or an end entity.
CERT_KEY_ATTRIBUTES_INFO Contains optional additional information about the public key being certified.
CERT_KEY_USAGE_RESTRICTION_INFO Contains restrictions imposed on the usage of a certificate's public key.
CERT_POLICIES_INFO Contains an array of CERT_POLICY_INFO.
CERT_POLICY_ID Contains a list of certificate policies that the certificate expressly supports, together with optional qualifier information pertaining to these policies.
CERT_POLICY_INFO Contains an object identifier (OID) specifying a policy and an optional array of policy qualifiers.
CERT_POLICY_QUALIFIER_INFO Contains an object identifier (OID) specifying the qualifier and qualifier-specific supplemental information.
CERT_PRIVATE_KEY_VALIDITY Indicates a valid time span for the private key corresponding to a certificate's public key.
CRL_DIST_POINT Identifies a single CRL distribution point that a certificate user can reference to determine whether certificates have been revoked.
CRL_DIST_POINT_NAME Identifies a location from which the CRL can be obtained.
CRL_DIST_POINTS_INFO Contains a list of CRL distribution points a certificate user can reference to determine whether the certificate has been revoked.

 

These structures can be encoded into the Value member of a CERT_EXTENSION structure by using the CryptEncodeObject and CryptEncodeObjectEx functions. They are created and returned by the CryptDecodeObject and CryptDecodeObjectEx functions when the Value member of a CERT_EXTENSION structure is decoded.

The structure encoded or created depends on the pszObjId string member of the CERT_EXTENSION structure.

Current extension predefined constants and OIDs along with the structure associated with each are shown in the following table.

Note

The predefined constant (column 1) and its corresponding OID (column 2) may be used interchangeably.

 

Predefined constant Object identifier (OID) Data structure
X509_AUTHORITY_INFO_ACCESS szOID_AUTHORITY_INFO_ACCESS CERT_AUTHORITY_INFO_ACCESS
X509_AUTHORITY_KEY_ID szOID_AUTHORITY_KEY_IDENTIFIER CERT_AUTHORITY_KEY_ID_INFO
X509_ALTERNATE_NAME szOID_SUBJECT_ALT_NAME – Or –
szOID_ISSUER_ALT_NAME
CERT_ALT_NAME_INFO
X509_BASIC_CONSTRAINTS szOID_BASIC_CONSTRAINTS CERT_BASIC_CONSTRAINTS_INFO
X509_BASIC_CONSTRAINTS2 szOID_BASIC_CONSTRAINTS2 CERT_BASIC_CONSTRAINTS2_INFO
X509_CERT_POLICIES szOID_CERT_POLICIES CERT_POLICIES_INFO
X509_KEY_ATTRIBUTES szOID_KEY_ATTRIBUTES CERT_KEY_ATTRIBUTES_INFO
X509_KEY_USAGE szOID_KEY_USAGE CRYPT_BIT_BLOB
X509_KEY_USAGE_RESTRICTION szOID_KEY_USAGE_RESTRICTION CERT_KEY_USAGE_RESTRICTION_INFO
None szOID_POLICY_MAPPINGS Not implemented
None szOID_SUBJECT_DIR_ATTRS Not implemented

 

Message Structures

The following structures are used by the cryptographic message functions.

Structure Description
CMSG_CMS_RECIPIENT_INFO This structure is used with the CryptMsgGetParam function to get information on a key transport, key agreement, or mail list envelope message recipient.
CMSG_CMS_SIGNER_INFO This structure contains the content of the defined SignerInfo in signed or signed and enveloped messages.
CMSG_CNG_CONTENT_DECRYPT_INFO Contains all the relevant information passed between CryptMsgControl and OID installable functions for the import and decryption of a Cryptography API: Next Generation (CNG) content encryption key (CEK).
CMSG_CONTENT_ENCRYPT_INFO Contains information shared between the PFN_CMSG_GEN_CONTENT_ENCRYPT_KEY, PFN_CMSG_EXPORT_KEY_TRANS, PFN_CMSG_EXPORT_KEY_AGREE, and PFN_CMSG_EXPORT_MAIL_LISTobject identifier (OID) installable functions used for the encryption and export of a content encryption key.
CMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR_PARA This structure is used to add an unauthenticated attribute to a signer of a signed message.
CMSG_CTRL_DECRYPT_PARA This structure contains information used to decrypt an enveloped message for a key transport recipient. This structure is passed to CryptMsgControl if the dwCtrlType parameter is CMSG_CTRL_DECRYPT.
CMSG_CTRL_DEL_SIGNER_UNAUTH_ATTR_PARA This structure is used to delete an unauthenticated attribute of a signer of a signed message.
CMSG_CTRL_KEY_AGREE_DECRYPT_PARA This structure contains information about a key agreement recipient.
CMSG_CTRL_KEY_TRANS_DECRYPT_PARA This structure containing information about a key transport message recipient.
CMSG_CTRL_MAIL_LIST_DECRYPT_PARA This structure contains information on a mail list message recipient.
CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA This structure contains information used to verify a message signature. It contains the signer index and signer public key. The signer public key can be the signer's CERT_PUBLIC_KEY_INFOstructure, certificate context, or chain context.
CMSG_ENVELOPED_ENCODE_INFO This structure contains information needed to encode an enveloped message. It is passed to CryptMsgOpenToEncode if dwMsgType is CMSG_ENVELOPED.
CMSG_ENVELOPED_HASHED_INFO This structure is used with hashed messages. It is passed to CryptMsgOpenToEncode if dwMsgType is CMSG_ENVELOPED.
CMSG_KEY_AGREE_ENCRYPT_INFO Contains encryption information applicable to all key agreement recipients of an enveloped message.
CMSG_KEY_AGREE_KEY_ENCRYPT_INFO Contains the encrypted key for a key agreement recipient of an enveloped message.
CMSG_KEY_TRANS_ENCRYPT_INFO Contains encryption information for a key transport recipient of enveloped data.
CMSG_MAIL_LIST_ENCRYPT_INFO Contains encryption information for a mailing list recipient of enveloped data.
CMSG_KEY_AGREE_RECIPIENT_ENCODE_INFO This structure contains information on a message recipient using key agreement key management.
CMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO This structure contains encoded key transport information for a message recipient.
CMSG_KEY_TRANS_RECIPIENT_INFO This structure contains information used in key transport algorithms.
CMSG_MAIL_LIST_RECIPIENT_ENCODE_INFO This structure is used with previously distributed symmetric keys for decrypting the content key encryption key (KEK).
CMSG_MAIL_LIST_RECIPIENT_INFO This structure contains information used for previously distributed symmetric key-encryption keys (KEK).
CMSG_RC2_AUX_INFO This structure contains the bit length of the key for RC2 encryption algorithms. The pvEncryptionAuxInfo member in CMSG_ENVELOPED_ENCODE_INFOcan be set to point to an instance of this structure.
CMSG_RC4_AUX_INFO This structure contains the bit length of the key for RC4 encryption algorithms. The pvEncryptionAuxInfo member in CMSG_ENVELOPED_ENCODE_INFOcan be set to point to an instance of this structure.
CMSG_RECIPIENT_ENCODE_INFO This structure contains information a message recipient's content encryption key management type.
CMSG_RECIPIENT_ENCRYPTED_KEY_ENCODE_INFO This structure contains information on a message receiver used to decrypt the session key needed to decrypt the message contents. This structure is used with CMS low level messages using any of the key management methods.
CMSG_RECIPIENT_ENCRYPTED_KEY_INFO This structure contains information used for an individual key agreement recipient.
CMSG_SIGNED_ENCODE_INFO This structure contains information to be passed to CryptMsgOpenToEncode if dwMsgType is CMSG_SIGNED.
CMSG_SIGNER_ENCODE_INFO This structure contains signer information. It is passed to CryptMsgCountersign, CryptMsgCountersignEncoded, and optionally to CryptMsgOpenToEncode as a member of the CMSG_SIGNED_ENCODE_INFO structure, if the dwMsgType parameter is CMSG_SIGNED.
CMSG_SIGNER_INFO This structure contains the content of the PKCS #7 defined SignerInfo in signed messages.
CMSG_SP3_COMPATIBLE_AUX_INFO This structure contains information needed for SP3 compatible encryption.
CMSG_STREAM_INFO This structure is used to enable processing stream data rather than single block processing. Stream processing is most often used when processing large messages. Stream-process messages can originate from any serialized source such as a file on a hard disk, a server, or a CD ROM.
CRYPT_DECRYPT_MESSAGE_PARA Contains information for decrypting messages.
CRYPT_ENCRYPT_MESSAGE_PARA Contains information used to encrypt messages.
CRYPT_HASH_MESSAGE_PARA Contains data for hashing messages.
CRYPT_SIGN_MESSAGE_PARA Contains information for signing messages using a specified signing certificate context.
CRYPT_VERIFY_MESSAGE_PARA Contains information needed to verify a signed message.

 

OID Support Structures

The following structures are used by the OID Support Functions.

Structure Description
CRYPT_OID_FUNC_ENTRY Contains an object identifier (OID) and a pointer to its related function. It is used with CryptInstallOIDFunctionAddress
CRYPT_OID_INFO Contains information about an object identifier (OID).
CRYPT_RC2_CBC_PARAMETERS Contains information used with szOID_RSA_RC2CBC encryption.
CRYPT_SMIME_CAPABILITIES Contains a prioritized array of supported capabilities.
CRYPT_SMIME_CAPABILITY Specifies a single capability and its associated parameters.

 

Certificate Chain Structures

The following structures are used in building certificate chains used to establish trust in a certificate.

Structure Description
AUTHENTICODE_EXTRA_CERT_CHAIN_POLICY_PARA Holds policy information used in the verification of certificate chains for files.
AUTHENTICODE_EXTRA_CERT_CHAIN_POLICY_STATUS Holds additional Authenticode policy information for chain verification of files.
AUTHENTICODE_TS_EXTRA_CERT_CHAIN_POLICY_PARA Contains time stamp policy information that can be used in certificate chain verification of files.
CERT_CHAIN_CONTEXT Contains an array of simple certificate chains and a trust status structure that indicates summary validity data on all of the connected simple chains.
CERT_CHAIN_ELEMENT This structure is a single element in a simple certificate chain.
CERT_CHAIN_ENGINE_CONFIG Sets parameters for building a nondefault certificate chain engine.
CERT_CHAIN_FIND_BY_ISSUER_PARA Holds information used in CertFindChainInStore to build certificate chains.
CERT_CHAIN_PARA Establishes the searching and matching criteria to be used in building a certificate chain.
CERT_CHAIN_POLICY_PARA Contains information used in CertVerifyCertificateChainPolicy to establish policy criteria for the verification of certificate chains.
CERT_CHAIN_POLICY_STATUS Holds certificate chain status information returned by CertVerifyCertificateChainPolicy from the verification of certificate chains.
CERT_REVOCATION_INFO Indicates the revocation status of a certificate in a CERT_CHAIN_ELEMENT.
CERT_SELECT_CHAIN_PARA Contains the parameters used for building and selecting chains.
CERT_SIMPLE_CHAIN Contains an array of chain elements and a summary trust status for the chain that the array represents.
CERT_SELECTUI_INPUT Used by the CertSelectionGetSerializedBlob function to serialize the certificates contained in a store or an array of certificate chains. The returned serialized BLOB can be passed to the CredUIPromptForWindowsCredentials function.
CERT_TRUST_LIST_INFO Indicates valid usage of a CTL.
CERT_TRUST_STATUS Contains trust information about a certificate in a certificate chain, summary trust information about a simple chain of certificates, or summary information about an array of simple chains.
CERT_USAGE_MATCH Provides parameters for finding issuer certificates used to build a certificate chain.
CTL_USAGE_MATCH Provides parameters for finding certificate trust lists (CTL) used to build a certificate chain.
SSL_EXTRA_CERT_CHAIN_POLICY_PARA Holds policy information used in the verification of Secure Sockets Layer (SSL) client/server certificate chains.

 

CSP Structures

The following structures are used with cryptographic service provider (CSP) functions.

Structure Description
BLOBHEADER Indicates a key's BLOB type and the algorithm that the key uses.
VTableProvStruc Contains pointers to callback functions that can be used by CSP functions.
PLAINTEXTKEYBLOB Contains parameter header information for a plaintext key.

 

WinTrust Structures

The following structures are used with the WinVerifyTrust function.

Structure Description
CRYPT_PROVIDER_DEFUSAGE Used by the WintrustGetDefaultForUsage function to retrieve callback information for a provider's default usage.
CRYPT_PROVIDER_REGDEFUSAGE Used by the WintrustAddDefaultForUsage function to register callback information about a provider's default usage.
SPC_INDIRECT_DATA_CONTENT Stores the digest and other attributes of an Authenticode-signed file.
WINTRUST_BLOB_INFO Used when calling WinVerifyTrust to verify a memory BLOB.
WINTRUST_CATALOG_INFO Used when calling WinVerifyTrust to verify a member of a Microsoft catalog.
WINTRUST_CERT_INFO Used when calling WinVerifyTrust to verify a CERT_CONTEXT.
WINTRUST_DATA Used when calling WinVerifyTrust to pass necessary information into the trust providers
WINTRUST_FILE_INFO Used when calling WinVerifyTrust to verify an individual file.
WINTRUST_SGNR_INFO Used when calling WinVerifyTrust to verify a CMSG_SIGNER_INFO structure.

 

SIP Structures

The following structures are used by subject interface package (SIPP functions.

Structure Description
SIP_ADD_NEWPROVIDER Defines an SIP.
SIP_CAP_SET Defines the capabilities of an SIP.
SIP_DISPATCH_INFO Contains a set of pointers to SIP functions.
SIP_INDIRECT_DATA Contains a digest of the hashed subject information.
SIP_SUBJECTINFO Specifies SIP subject information.