Share via


CertInit

Windows Mobile Not SupportedWindows Embedded CE Supported

11/18/2009

The CertInit function initializes internal resources for the Certification Module (CertMod).

For more information on the Certification Module, see certmod Module.

Syntax

DWORD CertInit();

Parameters

None.

Return Value

This method returns the following results.

  • TRUE
    The CertInit function successfully initialized CertMod.
  • FALSE
    The CertInit function could not initialize CertMod. This can result when you run out of memory, when a related process times-out, or when an internal operation is aborted.

Remarks

The CertInit function, along with the CertVerify function, belongs to the Certification Module, which is part of Windows Embedded CE 6.0's extensible security model. You can include this module in your image by setting SYSGEN_CERTMOD.

CertMod provides an authentication service for the FileSys Module by checking for valid certificate signatures on executable files. It does this by calling into the Evidence Generator (EvGen) module, and Cryptography (Crypto) components to look for and examine certification evidence if it is present in the executable file.

The CertInit function is only called once—when the filesys Module loads the Certification Module (Certmod.dll).

There are no Trust Levels in Windows Embedded CE 6.0, which uses a one tier security model. In this model, the FileSys module only loads an executable file if CertMod can chain it's certificate to a certificate in one of the certificate stores.

On images that do not include the CertMod module, all executable files are loaded—regardless of whether they include a certificate.

CertMod runs in association with the following standard CE 6.0 components:

  • EvGen
    The Evidence Generator, which opens files to expose their digital certificate for inspection and validation. This is an internal component is used by CertMod.
  • FileSys Module
    The File System Module, which manages the Windows Embedded CE file system.
  • Registry
    CertVerify checks the following registry key for registered certificate stores:

    [HKLM\Security\CertMod\<Certificate Store Name>]
       "AccountName" = REG_SZ:""
    

    AccountName is the name associated with the certificate. It is returned by CertVerify in the pUserName parameter if the executable file is digitally signed, and if its certificate can be chained to one of the certificates registered in one of the certificate stores, or in the Revoked List.

Requirements

Header cecertmod.h
Library Certmod.dll
Windows Embedded CE Windows Embedded CE 6.0 and later

See Also

Reference

Authentication Services Functions
CertVerify

Concepts

System Store Locations

Other Resources

File System Security Best Practices