XML Digital Signature Cryptographic Extensions

CryptXML allows developers to extend natively supported cryptographic algorithms by registering a system wide cryptographic extension DLL. Extension DLLs extend the algorithms supported by SignatureMethod and DigestMethod XML elements. Extension DLLs can support algorithms that encode additional parameters into the XML digital signature.

All extensions DLLs must support the CryptXmlDllGetInterface function, which returns a pointer to a CRYPT_XML_CRYPTOGRAPHIC_INTERFACE structure. This structure provides function pointers to implemented cryptographic extension functions. The functions supported depend on the type of cryptographic algorithm supported and whether the algorithm must encode parameters into the XML digital signature.

Cryptographic extensions functions include the following function pointers:

Required functions
Digest Method functions
Signature Method Functions
For algorithms with default encoded parameters

Cryptographic extension DLLs are registered on a system-wide basis. Administrator privileges are required to register a cryptographic extension DLL.

All CryptXML cryptographic extensions are registered by the URI value set in the SignatureMethod or the algorithm attribute field of the DigestMethod element.

The registry paths for the extension DLLs are as follows:

32-bit

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\CryptXML\URI\{uri}

64-bit

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\CryptXML\URI\{uri}

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\Microsoft\Cryptography\CryptXML\URI\{uri}

Each key contains the following settings.

NameTypeData

DLL

Expandable string

Required.

The absolute path to the XML Cryptographic Provider DLL.

Note  We recommend that cryptographic extension DLLs be located in directories that can only be written to by applications with administrative privilege.

LoadLibrary is used to load the cryptographic extension DLL.

Name

String

Optional.

The display name associated with this URI.

GroupId

DWORD

Required.

The group identifier associated with this cryptographic algorithm. Possible values include the following:

CRYPT_XML_GROUP_ID_HASH\ = 1

CRYPT_XML_GROUP_ID_SIGN\ = 2

CNGAlgid

String

Required.

The CNG algorithm name to be passed to BCrypt or NCrypt functions.

CNGExtraAlgid

String

Optional.

An extra algorithm string, other than the string in the CNGAlgid member, that can be passed to the CNG functions.

For the signature algorithms (CRYPT_XML_GROUP_ID_SIGN), this member is the public key algorithm string to pass to the CNG functions.

For the other values of GroupId, set the pwszCNGExtraAlgid member to the empty string, L"".

 

Related topics

XML Digital Signature Cryptographic Algorithms

 

 

Community Additions

ADD
Show:
© 2014 Microsoft