createCNGCustomCMC
The createCNGCustomCMC sample creates a CMC request object from an inner nested PKCS #10 request. The inner request is created by using an asymmetric private key. The private key is created by using the Cryptography API: Next Generation (CNG) cryptographic provider and the algorithm specified on the command line. Custom options such as export policy and key protection level are also set on the private key.
Location
When you install the Microsoft Windows Software Development Kit (SDK), the sample is installed, by default, in the %ProgramFiles%\Microsoft SDKs\Windows\v7.0\Samples\Security\X509 Certificate Enrollment\VC\createCNGCustomCMC folder.
Discussion
The createCNGCustomCMC sample:
- Processes the following command line arguments:
- The name of a CNG cryptographic service provider (CSP).
- The name of the algorithm used to generate an asymmetric private key.
- The name of the algorithm used to hash the certificate request.
- An output file in which to save the certificate request.
- An optional string (AlternateSignature) which, if present, specifies that a discrete rather than a combined signature algorithm be used. For more information, see the AlternateSignatureAlgorithm property.
- Creates an IX509PrivateKey object and sets the following properties:
- Creates an asymmetric private key.
- Creates an IX509CertificateRequestPkcs10 object and initializes it by using the private key.
- Creates an IX509CertificateRequestCmc object and initializes it by using the PKCS #10 request object created in step 4.
- Sets the alternate signature algorithm flag to VARIANT_TRUE or VARIANT_FALSE depending on whether an alternate signature string is specified on the command line. For more information, see AlternateSignatureAlgorithm.
- Creates a hashing algorithm object identifier (OID) from the algorithm name specified on the command line and sets the OID on the CMC request object.
- Signs the certificate request and encodes it by using Distinguished Encoding Rules (DER).
- Retrieves a string that contains the encoded CMC certificate request and saves it to a file. The EncodeToFileW function is defined in EnrollCommon.cpp.
Related topics
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for