CERT_STRONG_SIGN_SERIALIZED_INFO structure (wincrypt.h)

Contains the signature algorithm/hash algorithm and public key algorithm/bit length pairs that can be used for strong signing. This structure is used by the CERT_STRONG_SIGN_PARA structure.

Syntax

typedef struct _CERT_STRONG_SIGN_SERIALIZED_INFO {
  DWORD  dwFlags;
  LPWSTR pwszCNGSignHashAlgids;
  LPWSTR pwszCNGPubKeyMinBitLengths;
} CERT_STRONG_SIGN_SERIALIZED_INFO, *PCERT_STRONG_SIGN_SERIALIZED_INFO;

Members

dwFlags

By default, certificate strong signing parameters do not apply to certificate revocation lists (CRLs) or online certificate status protocol (OCSP) responses. You can set one or both of the following values to enable strong signing on CRLs and OCSP responses.

Value Meaning
CERT_STRONG_SIGN_ENABLE_CRL_CHECK
0x1
Enable strong signing of CRLs.
CERT_STRONG_SIGN_ENABLE_OCSP_CHECK
0x2
Enable strong signing of OCSP responses.

pwszCNGSignHashAlgids

Pointer to a null-terminated Unicode string that contains a set of signature algorithm/hash algorithm pairs. A Unicode semicolon (L";") separates the pairs. This is shown by the following example.

L"RSA/SHA256;RSA/SHA384;ECDSA/SHA256;ECDSA/SHA384"

The following signature algorithms are supported:

  • L"RSA" (BCRYPT_RSA_ALGORITHM)
  • L"DSA" (BCRYPT_DSA_ALGORITHM)
  • L"ECDSA" (SSL_ECDSA_ALGORITHM)

The following signature algorithms are not supported:

  • L"ECDSA_P256" (BCRYPT_ECDSA_P256_ALGORITHM)
  • L"ECDSA_P384" (BCRYPT_ECDSA_P384_ALGORITHM)
  • L"ECDSA_P521" (BCRYPT_ECDSA_P521_ALGORITHM)

The following hash algorithms are supported:

  • L"MD5" (BCRYPT_MD5_ALGORITHM)
  • L"SHA1" (BCRYPT_SHA1_ALGORITHM)
  • L"SHA256" (BCRYPT_SHA256_ALGORITHM)
  • L"SHA256" (BCRYPT_SHA256_ALGORITHM)
  • L"SHA512" (BCRYPT_SHA512_ALGORITHM)

pwszCNGPubKeyMinBitLengths

Pointer to a null-terminated Unicode string that contains a set of public key algorithm/bit length pairs. A Unicode semicolon (L";") separates the pairs. This is shown by the following example.

L”RSA/2048;ECDSA/256”

The following public key algorithms are supported:

  • L"RSA" (BCRYPT_RSA_ALGORITHM)
  • L"DSA" (BCRYPT_DSA_ALGORITHM)
  • L"ECDSA" (SSL_ECDSA_ALGORITHM)

Remarks

This structure is used by the CERT_STRONG_SIGN_PARA structure which is directly referenced by the following functions:

Also, CERT_STRONG_SIGN_PARA is indirectly referenced by the following:

Requirements

Requirement Value
Minimum supported client Windows 8 [desktop apps only]
Minimum supported server Windows Server 2012 [desktop apps only]
Header wincrypt.h

See also

CERT_STRONG_SIGN_PARA