Windows Dev Center

ISignerCertificate interface

The ISignerCertificate interface represents a signing certificate that enables you to sign a certificate request. When you initialize the interface, the Certificate Enrollment Control retrieves the signing certificate from the personal store and uses it to find an associated private key. You can use the private key to sign a PKCS #7 or a CMC request but not a PKCS #10 request. PKCS #10 requests must be signed by using the private key associated with the public key included in the request. Self-signed certificates can be signed by using the private key associated with the request or the private key associated with the signing certificate. This is summarized in the following table.

Request type (Interface)Signing certificates
PKCS #7

(IX509CertificateRequestPkcs7)

1
PKCS #10

(IX509CertificateRequestPkcs10)

0
CMC

(IX509CertificateRequestCmc)

0 or more
Self-signed

(IX509CertificateRequestCertificate)

0 or 1

 

When signing a CMC request, the data to be signed consists of a Distinguished Encoding Rules (DER) encoded CmcData object wrapped in a CMS SignedData object. The encryptedDigest field of the SignerInfo object contains a signature, and multiple SignerInfo objects can be associated with the request.


---------------------------------------------------------------------
-- CMC request data
---------------------------------------------------------------------

CmcData ::= SEQUENCE 
{
controlSequence     SEQUENCE OF TaggedAttribute,
reqSequence         SEQUENCE OF TaggedRequest,
cmsSequence         SEQUENCE OF TaggedContentInfo,
otherMsgSequence    SEQUENCE OF TaggedOtherMs
}

---------------------------------------------------------------------
-- SignedData object that wraps the CMC request
---------------------------------------------------------------------

SignedData ::= SEQUENCE 
{
   version             INTEGER,
   digestAlgorithms    DigestAlgorithmIdentifiers,
   contentInfo         ContentInfo,
   certificates        [0] IMPLICIT Certificates OPTIONAL,
   crls                [1] IMPLICIT CertificateRevocationLists OPTIONAL,
   signerInfos         SignerInfos
}

DigestAlgorithmIdentifiers ::=  SET OF DigestAlgorithmIdentifier 
DigestAlgorithmIdentifiersNC ::= SET OF DigestAlgorithmIdentifierNC

SignerInfos ::= SET OF SignerInfo

SignerInfo ::= SEQUENCE 
{
    version                     INTEGER,
    sid                         CertIdentifier,
    digestAlgorithm             DigestAlgorithmIdentifier,
    authenticatedAttributes     [0] IMPLICIT Attributes OPTIONAL,
    digestEncryptionAlgorithm   DigestEncryptionAlgId,
    encryptedDigest             EncryptedDigest,
    unauthenticatedAttributes   [1] IMPLICIT Attributes OPTIONAL
}

Each ISignerCertificate object is associated with one IX509SignatureInformation object that identifies the hashing and public key algorithms used. This object is created and initialized when the ISignerCertificate object is initialized.

Members

The ISignerCertificate interface inherits from the IDispatch interface. ISignerCertificate also has these types of members:

Methods

The ISignerCertificate interface has these methods.

MethodDescription
Initialize

Initializes the object from a signing certificate.

 

Properties

The ISignerCertificate interface has these properties.

PropertyDescription

Certificate

Retrieves a DER-encoded byte array that contains the certificate.

ParentWindow

Specifies or retrieves the ID of the window used to display the signing certificate information.

Pin

Specifies a personal identification number that authenticates smart card users.

PrivateKey

Retrieves the private key associated with the ISignerCertificate object.

SignatureInformation

Retrieves an IX509SignatureInformation object that contains information about the certificate signature.

Silent

Specifies or retrieves a Boolean value that indicates whether the user is notified when the private key is used to sign a certificate request.

UIContextMessage

Specifies or retrieves a string that contains user interface text associated with the signing certificate.

 

Requirements

Minimum supported client

Windows Vista [desktop apps only]

Minimum supported server

Windows Server 2008 [desktop apps only]

Header

CertEnroll.h

DLL

CertEnroll.dll

See also

IDispatch
CertEnroll Interfaces
ISignerCertificates

 

 

Community Additions

ADD
Show:
© 2015 Microsoft