IX509SignatureInformation interface

The IX509SignatureInformation interface represents information used to sign a certificate request. This includes signature, hash, and public key algorithms, and public key parameters. The signature process consists of digesting the certificate request by using a hash algorithm, encoding the digest and the hash algorithm identifier by using Distinguished Encoding Rules (DER), and signing (encrypting) the result.

The algorithms used in this process can be either discrete or combined. Discrete algorithms are represented by separate object identifiers (OIDs) for the hashing algorithm and the signing algorithm. Discrete algorithms are used when signing a PKCS #7 or CMC request. Examples include the following values.

Discrete algorithm OIDDescription
XCN_OID_NIST_sha256

(2.16.840.1.101.3.4.2.1)

National Institute of Standards and Technologies (NIST) 256-bit SHA hashing algorithm.
XCN_OID_OIWSEC_rsaSign

(1.3.14.3.2.11)

NIST OSE Implementer Workshop Security (OIWSEC) RSA signing algorithm.

 

Combined algorithms, which can be used to sign PKCS #10 requests, are represented by a single OID that identifies both the hashing and the signing algorithm. Examples include the following values.

Combined algorithm OIDDescription
XCN_OID_RSA_MD2RSA

(1.2.840.113549.1.1.2)

MD2 hashing algorithm combined with the RSA encryption algorithm from RSA Laboratories.
XCN_OID_OIWSEC_md5RSA

(1.3.14.3.2.3)

OIWSEC MD5 hashing algorithm combined with the RSA encryption algorithm.

 

The object is automatically initialized when an IX509CertificateRequestCmc, IX509CertificateRequestPkcs10, or ISignerCertificate object is initialized.

Members

The IX509SignatureInformation interface inherits from the IDispatch interface. IX509SignatureInformation also has these types of members:

Methods

The IX509SignatureInformation interface has these methods.

MethodDescription
GetSignatureAlgorithm

Retrieves the signing algorithm object identifier (OID).

SetDefaultValues

Specifies a default hashing algorithm used to create a digest of the certificate request prior to signing.

 

Properties

The IX509SignatureInformation interface has these properties.

PropertyDescription

AlternateSignatureAlgorithm

Specifies and retrieves a Boolean value that specifies whether the GetSignatureAlgorithm method should retrieve a discrete or combined algorithm OID for a PKCS #10 certificate request.

AlternateSignatureAlgorithmSet

Retrieves a Boolean value that specifies whether the AlternateSignatureAlgorithm property has been explicitly set by a caller.

HashAlgorithm

Specifies and retrieves an OID for the hashing algorithm used in the GetSignatureAlgorithm method.

NullSigned

Specifies and retrieves a Boolean value that indicates whether the certificate request is null-signed.

Parameters

Retrieves a byte array that contains the parameters associated with the signature algorithm.

PublicKeyAlgorithm

Specifies and retrieves an OID for the public key algorithm used in the GetSignatureAlgorithm method.

 

Requirements

Minimum supported client

Windows Vista [desktop apps only]

Minimum supported server

Windows Server 2008 [desktop apps only]

Header

CertEnroll.h

DLL

CertEnroll.dll

See also

IDispatch
Certificate Enrollment API
ISignerCertificate
IX509CertificateRequestCmc
IX509CertificateRequestPkcs10

 

 

Community Additions

ADD
Show: