CryptDecodeObject function

The CryptDecodeObject function decodes a structure of the type indicated by the lpszStructType parameter. The use of CryptDecodeObjectEx is recommended as an API that performs the same function with significant performance improvements.


BOOL WINAPI CryptDecodeObject(
  _In_          DWORD  dwCertEncodingType,
  _In_          LPCSTR lpszStructType,
  _In_    const BYTE   *pbEncoded,
  _In_          DWORD  cbEncoded,
  _In_          DWORD  dwFlags,
  _Out_         void   *pvStructInfo,
  _Inout_       DWORD  *pcbStructInfo


dwCertEncodingType [in]

Type of encoding used. It is always acceptable to specify both the certificate and message encoding types by combining them with a bitwise-OR operation as shown in the following example:


Currently defined encoding types are:

Note  Either a certificate or message encoding type is required. X509_ASN_ENCODING is the default. If that type is indicated, it is used. Otherwise, if the PKCS7_ASN_ENCODING type is indicated, it is used.
lpszStructType [in]

A pointer to an OID defining the structure type. If the high-order word of the lpszStructType parameter is zero, the low-order word specifies the integer identifier for the type of the specified structure. Otherwise, this parameter is a long pointer to a null-terminated string.

For more information about object identifier strings, their predefined constants and corresponding structures, see Constants for CryptEncodeObject and CryptDecodeObject.

pbEncoded [in]

A pointer to the encoded structure to be decoded.

cbEncoded [in]

Number of bytes pointed to by pbEncoded.

dwFlags [in]

The following flags are defined. They can be combined with a bitwise-OR operation.


This flag can be set to indicate that "no copy" optimization is enabled. This optimization, where applicable, updates the pvStructInfo parameter to point to content residing within pbEncoded instead of making a copy of the content and appending it to pvStructInfo. For applicable cases, less memory needs to be allocated by the calling application and execution is faster because a copy is not being made. Note that the trade-off when performing a "no copy" decoding is that pbEncoded cannot be freed until pvStructInfo is freed.


This flag is applicable when decoding X509_UNICODE_NAME, X509_UNICODE_NAME_VALUE, or X509_UNICODE_ANY_STRING. By default, CERT_RDN_T61_STRING encoded values are initially decoded as UTF8. If the UTF8 decoding fails, then the value is decoded as eight-bit characters. If this flag is set, it skips the initial attempt to decode the value as UTF8 and decodes the value as eight-bit characters.


By default, the contents of the buffer pointed to by pbEncoded included the signed content and the signature. If this flag is set, the buffer includes only the "to be signed" content. This flag is applicable to X509_CERT_TO_BE_SIGNED, X509_CERT_CRL_TO_BE_SIGNED, X509_CRT_REQUEST_TO_BE_SIGNED, and X509_KEYGEN_REQUEST_TO_BE_SIGNED objects.


When this flag is set, the OID stings are allocated in Crypt32.dll and shared instead of being copied into the returned data structure. This flag can be set if Crypt32.dll is not unloaded before the caller is unloaded.


By default, the signature bytes are reversed. If this flag is set, this byte reversal is inhibited.


pvStructInfo [out]

A pointer to a buffer to receive the decoded structure. When the buffer that is specified is not large enough to receive the decoded structure, the function sets the ERROR_MORE_DATA code and stores the required buffer size, in bytes, in the variable pointed to by pcbStructInfo.

This parameter can be NULL to retrieve the size of this information for memory allocation purposes. For more information, see Retrieving Data of Unknown Length.

pcbStructInfo [in, out]

A pointer to a DWORD value specifying the size, in bytes, of the buffer pointed to by the pvStructInfo parameter. When the function returns, this DWORD value contains the size of the decoded data copied to pvStructInfo. The size contained in the variable pointed to by pcbStructInfo can indicate a size larger than the decoded structure, as the decoded structure can include pointers to other structures. This size is the sum of the size needed by the decoded structure and other structures pointed to.

Note  When processing the data returned in the buffer, applications must use the actual size of the data returned. The actual size can be slightly smaller than the size of the buffer specified on input. (On input, buffer sizes are usually specified large enough to ensure that the largest possible output data fits in the buffer.) On output, the variable pointed to by this parameter is updated to reflect the actual size of the data copied to the buffer.

Return value

If the function succeeds, the return value is nonzero (TRUE).

If the function fails, the return value is zero (FALSE). For extended error information, call GetLastError. Some possible error codes are listed in the following table.

Return codeDescription

An error was encountered while decoding.


A decoding function could not be found for the specified dwCertEncodingType and lpszStructType


If the buffer specified by the pvStructInfo parameter is not large enough to hold the returned data, the function sets the ERROR_MORE_DATA code and stores the required buffer size, in bytes, in the variable pointed to by pcbStructInfo.


If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information about these errors, see ASN.1 Encoding/Decoding Return Values.


When encoding a cryptographic object using the preferred CryptEncodeObjectEx function, the terminating NULL character is included. When decoding, using the preferred CryptDecodeObjectEx function, the terminating NULL character is not retained.


For an example that uses this function, see Example C Program: ASN.1 Encoding and Decoding.


Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]







See also

Object Encoding and Decoding Functions