XML Digital Signature Cryptographic Extensions

CryptXML allows developers to extend natively supported cryptographic algorithms by registering a system wide cryptographic extension DLL. Extension DLLs extend the algorithms supported by SignatureMethod and DigestMethod XML elements. Extension DLLs can support algorithms that encode additional parameters into the XML digital signature.

All extensions DLLs must support the CryptXmlDllGetInterface function, which returns a pointer to a CRYPT_XML_CRYPTOGRAPHIC_INTERFACE structure. This structure provides function pointers to implemented cryptographic extension functions. The functions supported depend on the type of cryptographic algorithm supported and whether the algorithm must encode parameters into the XML digital signature.

Cryptographic extensions functions include the following function pointers:

Required functions

• CryptXmlDllGetInterface
• CryptXmlDllGetAlgorithmInfo

Digest Method functions

• CryptXmlDllCloseDigest
• CryptXmlDllCreateDigest
• CryptXmlDllDigestData
• CryptXmlDllFinalizeDigest

Signature Method Functions

• CryptXmlDllSignData
• CryptXmlDllVerifySignature
• CryptXmlDllCreateKey
• CryptXmlDllEncodeKeyValue

For algorithms with default encoded parameters

• CryptXmlDllEncodeAlgorithm

Cryptographic extension DLLs are registered on a system-wide basis. Administrator privileges are required to register a cryptographic extension DLL.

All CryptXML cryptographic extensions are registered by the URI value set in the SignatureMethod or the algorithm attribute field of the DigestMethod element.

The registry paths for the extension DLLs are as follows:

32-bit

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\CryptXML\URI\{uri}

64-bit

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\CryptXML\URI\{uri}

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\Microsoft\Cryptography\CryptXML\URI\{uri}

Each key contains the following settings.

Name	Type	Data
DLL	Expandable string	Required. The absolute path to the XML Cryptographic Provider DLL. **Note: **We recommend that cryptographic extension DLLs be located in directories that can only be written to by applications with administrative privilege. LoadLibrary is used to load the cryptographic extension DLL.
Name	String	Optional. The display name associated with this URI.
GroupId	DWORD	Required. The group identifier associated with this cryptographic algorithm. Possible values include the following:CRYPT_XML_GROUP_ID_HASH<strong> = 1 CRYPT_XML_GROUP_ID_SIGN<strong> = 2
CNGAlgid	String	Required. The CNG algorithm name to be passed to BCrypt or NCrypt functions.
CNGExtraAlgid	String	Optional. An extra algorithm string, other than the string in the CNGAlgid member, that can be passed to the CNG functions. For the signature algorithms (CRYPT_XML_GROUP_ID_SIGN), this member is the public key algorithm string to pass to the CNG functions. For the other values of GroupId, set the pwszCNGExtraAlgid member to the empty string, L"".

 

Related topics

XML Digital Signature Cryptographic Algorithms