CryptQueryObject function (wincrypt.h)
Syntax
BOOL CryptQueryObject(
[in] DWORD dwObjectType,
[in] const void *pvObject,
[in] DWORD dwExpectedContentTypeFlags,
[in] DWORD dwExpectedFormatTypeFlags,
[in] DWORD dwFlags,
[out] DWORD *pdwMsgAndCertEncodingType,
[out] DWORD *pdwContentType,
[out] DWORD *pdwFormatType,
[out] HCERTSTORE *phCertStore,
[out] HCRYPTMSG *phMsg,
[out] const void **ppvContext
);
Parameters
[in] dwObjectType
Indicates the type of the object to be queried. This must be one of the following values.
| Value | Meaning |
|---|---|
|
The object is stored in a structure in memory. |
|
The object is stored in a file. |
[in] pvObject
A pointer to the object to be queried. The type of data pointer depends on the contents of the dwObjectType parameter.
| dwObjectType value | Meaning |
|---|---|
|
This parameter is a pointer to a CERT_BLOB, or similar, structure that contains the object to query. |
|
This parameter is a pointer to a null-terminated Unicode string that contains the path and name of the file to query. |
[in] dwExpectedContentTypeFlags
Indicates the expected content type. This can be one of the following values.
| Value | Meaning |
|---|---|
|
The content can be any type. This does not include the CERT_QUERY_CONTENT_FLAG_PFX_AND_LOAD flag.
If this flag is specified, this function will attempt to obtain information about the object, trying different content types until the proper content type is found or the content types are exhausted. This is obviously inefficient, so this flag should only be used if the content type is not known. |
|
The content is a single certificate. |
|
The content is an Abstract Syntax Notation One (ASN.1) encoded X509_CERT_PAIR (an encoded certificate pair that contains either forward, reverse, or forward and reverse cross certificates). |
|
The content is a single CRL. |
|
The content is a single CTL. |
|
The content is a PFX (PKCS #12) packet, but it will not be loaded by this function. You can use the PFXImportCertStore function to load this into a store. |
|
The content is a PFX (PKCS #12) packet and will be loaded by this function subject to the conditions specified in the following note.
Note
If the PFX packet contains an embedded password that is not an empty string or NULL, and the password was not protected to an Active Directory (AD) principal that includes the calling user, this function will not be able to decrypt the PFX packet. The packet can be decrypted, however, if the password used when the PFX packet was created was encrypted to an AD principal and the user, as part of that principal, has permission to decrypt the password. For more information, see the pvPara parameter and the PKCS12_PROTECT_TO_DOMAIN_SIDS flag of the PFXExportCertStoreEx function. You can protect PFX passwords to an AD principal beginning in Windows 8 and Windows Server 2012. |
|
The content is a PKCS #7 signed message. |
|
The content is an embedded PKCS #7 signed message. |
|
The content is a PKCS #7 unsigned message. |
|
The content is a PKCS #10 message. |
|
The content is a serialized single certificate. |
|
The content is a serialized single CRL. |
|
The content is serialized single CTL. |
|
The content is a serialized store. |
[in] dwExpectedFormatTypeFlags
Indicates the expected format of the returned type. This can be one of the following values.
| Value | Meaning |
|---|---|
|
The content can be returned in any format. |
|
The content should be returned in ASCII hex-encoded format with a "{ASN}" prefix. |
|
The content should be returned in Base64 encoded format. |
|
The content should be returned in binary format. |
[in] dwFlags
This parameter is reserved for future use and must be set to zero.
[out] pdwMsgAndCertEncodingType
A pointer to a DWORD value that receives the type of encoding used in the message. If this information is not needed, set this parameter to NULL.
This parameter can receives a combination of one or more of the following values.
| Value | Meaning |
|---|---|
|
Specifies PKCS 7 message encoding. |
|
Specifies X.509 certificate encoding. |
[out] pdwContentType
A pointer to a DWORD value that receives the actual type of the content. If this information is not needed, set this parameter to NULL. The returned content type can be one of the following values.
| Value | Meaning |
|---|---|
|
The content is a single certificate. |
|
The content is an ASN.1 encoded X509_CERT_pair. |
|
The content is a single CRL. |
|
The content is a single CTL. |
|
The content is a PFX (PKCS #12) packet. This function only verifies that the object is a PKCS #12 packet. The PKCS #12 packet is not loaded into a certificate store. |
|
The content is a PFX (PKCS #12) packet, and it has been loaded into a certificate store.
Windows Server 2003 and Windows XP: This value is not supported. |
|
The content is a PKCS #7 signed message. |
|
The content is an embedded PKCS #7 signed message. |
|
The content is a PKCS #7 unsigned message. |
|
The content is a PKCS #10 message. |
|
The content is a serialized single certificate. |
|
The content is a serialized single CRL. |
|
The content is a serialized single CTL. |
|
The content is a serialized store. |
[out] pdwFormatType
A pointer to a DWORD value that receives the actual format type of the content. If this information is not needed, set this parameter to NULL. The returned format type can be one of the following values.
| Value | Meaning |
|---|---|
|
The content is in ASCII hex-encoded format with an "{ASN}" prefix. |
|
The content is in Base64 encoded format. |
|
The content is in binary format. |
[out] phCertStore
A pointer to an HCERTSTORE value that receives a handle to a certificate store that includes all of the certificates, CRLs, and CTLs in the object.
This parameter only receives a certificate store handle when the dwContentType parameter receives one of the following values. This parameter receives NULL for all other content types.
CERT_QUERY_CONTENT_CERT
CERT_QUERY_CONTENT_CRL
CERT_QUERY_CONTENT_CTL
CERT_QUERY_CONTENT_PFX_AND_LOAD
CERT_QUERY_CONTENT_PKCS7_SIGNED
CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED
CERT_QUERY_CONTENT_SERIALIZED_CERT
CERT_QUERY_CONTENT_SERIALIZED_CRL
CERT_QUERY_CONTENT_SERIALIZED_CTL
CERT_QUERY_CONTENT_SERIALIZED_STORE
When you have finished using the handle, free it by passing the handle to the CertCloseStore function.
If this information is not needed, set this parameter to NULL.
[out] phMsg
A pointer to an HCRYPTMSG value that receives the handle of an opened message.
This parameter only receives a message handle when the dwContentType parameter receives one of the following values. This parameter receives NULL for all other content types.
CERT_QUERY_CONTENT_PKCS7_SIGNED
CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED
CERT_QUERY_CONTENT_PKCS7_UNSIGNED
When you have finished using the handle, free it by passing the handle to the CryptMsgClose function.
If this information is not needed, set this parameter to NULL.
[out] ppvContext
A pointer to a pointer that receives additional information about the object.
The format of this data depends on the value received by the dwContentType parameter. The following table lists the format of the data for the specified dwContentType value.
| dwContentType value | Meaning |
|---|---|
|
This parameter receives a pointer to a CERT_CONTEXT structure. When you have finished using the structure, free it by passing this pointer to the CertFreeCertificateContext function. |
|
This parameter receives a pointer to a CRL_CONTEXT structure. When you have finished using the structure, free it by passing this pointer to the CertFreeCRLContext function. |
|
This parameter receives a pointer to a CTL_CONTEXT structure. When you have finished using the structure, free it by passing this pointer to the CertFreeCTLContext function. |
|
This parameter receives a pointer to a CERT_CONTEXT structure. When you have finished using the structure, free it by passing this pointer to the CertFreeCertificateContext function. |
|
This parameter receives a pointer to a CRL_CONTEXT structure. When you have finished using the structure, free it by passing this pointer to the CertFreeCRLContext function. |
|
This parameter receives a pointer to a CTL_CONTEXT structure. When you have finished using the structure, free it by passing this pointer to the CertFreeCTLContext function. |
If this information is not needed, set this parameter to NULL.
Return value
If the function succeeds, the function returns nonzero.
If the function fails, it returns zero. For extended error information, call GetLastError.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows XP [desktop apps | UWP apps] |
| Minimum supported server | Windows Server 2003 [desktop apps | UWP apps] |
| Target Platform | Windows |
| Header | wincrypt.h |
| Library | Crypt32.lib |
| DLL | Crypt32.dll |
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for