Cryptography Structures
The following structures are used by cryptography functions. Cryptography structures are categorized according to usage as follows:
- CryptXML Structures
- General Cryptography Structures
- Common Certificate Structures
- X.509 Certificate Extension Structures
- Message Structures
- OID Support Structures
- Certificate Chain Structures
- CSP Structures
- WinTrust Structures
- SIP Structures
CryptXML Structures
The following structures are used by the CryptXML Functions.
| Structure | Description |
|---|---|
| CRYPT_XML_ALGORITHM | Specifies the algorithm used to sign or transform the message. |
| CRYPT_XML_ALGORITHM_INFO | Contains algorithm information. |
| CRYPT_XML_BLOB | Contains an arbitrary array of bytes. |
| CRYPT_XML_CRYPTOGRAPHIC_INTERFACE | Passed to the CryptXmlDllGetInterface function pointer to expose the implemented CryptXML functions. |
| CRYPT_XML_DATA_BLOB | Contains XML encoded data. |
| CRYPT_XML_DATA_PROVIDER | Specifies the interface to the XML data provider. |
| CRYPT_XML_DOC_CTXT | Defines document context information. |
| CRYPT_XML_ISSUER_SERIAL | Contains an X.509 issued distinguished name–serial number pair. |
| CRYPT_XML_KEY_DSA_KEY_VALUE | Defines a Digital Signature Algorithm (DSA) key value. The CRYPT_XML_KEY_DSA_KEY_VALUE structure is used as an element of the key value union in the CRYPT_XML_KEY_VALUE structure. |
| CRYPT_XML_KEY_ECDSA_KEY_VALUE | Defines an Elliptic Curve Digital Signature Algorithm (ECDSA) key value. The CRYPT_XML_KEY_ECDSA_KEY_VALUE structure is used as an element of the key value union in the CRYPT_XML_KEY_VALUE structure. |
| CRYPT_XML_KEY_INFO | Encapsulates key information data. |
| CRYPT_XML_KEY_INFO_ITEM | Encapsulates key information data that corresponds to a KeyInfo element. The KeyInfo element enables the recipient to obtain the key needed to validate the signature. |
| CRYPT_XML_KEY_RSA_KEY_VALUE | Defines an RSA key value. The CRYPT_XML_KEY_RSA_KEY_VALUE structure is used as element of the key value union in the CRYPT_XML_KEY_VALUE structure. |
| CRYPT_XML_KEY_VALUE | Contains a single public key that may be useful in validating the signature. |
| CRYPT_XML_KEYINFO_PARAM | Is used by the CryptXmlSign function to specify the members of the KeyInfo element to be encoded. |
| CRYPT_XML_OBJECT | Describes an Object element in the signature. |
| CRYPT_XML_PROPERTY | Contains information about a CryptXML property. |
| CRYPT_XML_REFERENCE | Contains information used to populate the Reference element. |
| CRYPT_XML_REFERENCES | Defines an array of CRYPT_XML_REFERENCE structures. |
| CRYPT_XML_SIGNATURE | Contains information used to populate the Signature element. |
| CRYPT_XML_SIGNED_INFO | Returns information about the signature validation status, summary status information about a SignedInfo element, or summary status information about an array of Reference elements. |
| CRYPT_XML_TRANSFORM_CHAIN_CONFIG | Defines application defined transforms which are allowed for use in the XML digital signature. |
| CRYPT_XML_TRANSFORM_INFO | Contains information that is used when applying the data transform. |
| CRYPT_XML_X509DATA | Represents the sequence of choices in the X509Data element. |
| CRYPT_XML_X509DATA_ITEM | Represents X.509 data that is to be encoded in an X509Data named element. |
General Cryptography Structures
The following structures are used by the Base Cryptography Functions.
| Structure | Description |
|---|---|
| CMS_DH_KEY_INFO | Used with the KP_CMS_DH_KEY_INFO parameter in the CryptSetKeyParam function to contain Diffie-Hellman key information. |
| CMS_KEY_INFO | This structure is not used. |
| CRYPT_AES_128_KEY_STATE | Specifies the 128-bit symmetric key information for an Advanced Encryption Standard (AES) cipher. |
| CRYPT_AES_256_KEY_STATE | Specifies the 256-bit symmetric key information for an AES cipher. |
| CRYPT_ALGORITHM_IDENTIFIER | Contains the object identifier (OID) of the algorithm and any needed parameters for that algorithm. |
| CRYPT_ATTRIBUTE | Specifies an attribute that has one or more values. |
| CRYPT_ATTRIBUTE_TYPE_VALUE | Contains a single attribute value. |
| CRYPT_ATTRIBUTES | Contains an array of attributes. |
| CRYPT_BIT_BLOB | Contains an array of bytes. |
| CRYPT_BLOB_ARRAY | Contains an array of CRYPT_DATA_BLOB structures. |
| CRYPT_CONTENT_INFO | Contains data encoded in the PKCS #7 ContentInfo data format. |
| CRYPT_CONTENT_INFO_SEQUENCE_OF_ANY | Contains information representing the Netscape certificate sequence of certificates. |
| CRYPT_DEFAULT_CONTEXT_MULTI_OID_PARA | Used with the CryptInstallDefaultContext function to contain an array of object identifier strings. |
| CRYPT_ECC_CMS_SHARED_INFO | Represents key-encryption key information when using Elliptic Curve Cryptography (ECC) in the Cryptographic Message Syntax (CMS) EnvelopedData content type. |
| CRYPT_ENCRYPTED_PRIVATE_KEY_INFO | Contains the information of an encrypted PKCS #8 private key. |
| CRYPT_ENROLLMENT_NAME_VALUE_PAIR | This structure is used to create certificate requests on behalf of a user. |
| CRYPT_INTEGER_BLOB | Contains the data of various kinds of binary large objects under names appropriate to type. |
| CRYPT_KEY_LIMITS | Supports the unimplemented CryptGetLocalKeyLimits function and is not used. It will be removed in a future version of Wincrypt.h. |
| CRYPT_KEY_PROV_INFO | Contains fields that are passed as the arguments to CryptAcquireContext to acquire a handle to a particular key container within a particular cryptographic service provider (CSP), or to create or destroy a key container. |
| CRYPT_KEY_PROV_PARAM | Contains data to be passed as the arguments to CryptSetProvParam. |
| CRYPT_KEY_SIGN_MESSAGE_PARA | Contains information about the CSP and algorithms used to sign a message. |
| CRYPT_KEY_VERIFY_MESSAGE_PARA | Contains information needed to verify signed messages without a certificate for the signer. |
| CRYPT_MASK_GEN_ALGORITHM | Identifies the algorithm used to generate an RSA PKCS #1 v2.1 signature mask. |
| CRYPT_OBJECT_LOCATOR_PROVIDER_TABLE | Contains pointers to functions implemented by an object location provider. |
| CRYPT_PKCS8_EXPORT_PARAMS | Contains information identifying a private key and a pointer to a callback function. |
| CRYPT_PKCS8_IMPORT_PARAMS | Contains a PKCS #8 private key and two pointers to callback functions. |
| CRYPT_PKCS12_PBE_PARAMS | Contains parameters used to create an encryption key, initialization vector (IV), or Message Authentication Code (MAC) key for a PKCS #12 password based encryption algorithm. |
| CRYPT_PRIVATE_KEY_INFO | Contains the information of a PKCS #8 private key. |
| CRYPT_PSOURCE_ALGORITHM | Identifies the algorithm and (optionally) the value of the label for an RSAES-OAEP key encryption. |
| CRYPT_RETRIEVE_AUX_INFO | Contains optional time synchronization information to pass to the CryptRetrieveObjectByUrl function. |
| CRYPT_RSA_SSA_PSS_PARAMETERS | Contains the parameters for an RSA PKCS #1 v2.1 signature. |
| CRYPT_RSAES_OAEP_PARAMETERS | Contains the parameters for an RSAES-OAEP key encryption. |
| CRYPT_SEQUENCE_OF_ANY | Contains an arbitrary list of encoded BLOBs. |
| CRYPT_SMART_CARD_ROOT_INFO | Contains the smart card and session IDs associated with a certificate context. |
| CRYPT_TIME_STAMP_REQUEST_INFO | This structure is used for time stamping. |
| CRYPT_URL_INFO | Contains information about groupings of URLs. |
| CRYPT_X942_OTHER_INFO | Contains additional key generation information. |
| CRYPTNET_URL_CACHE_FLUSH_INFO | Contains expiry information used by the Cryptnet URL Cache (CUC) service to maintain a URL cache entry. |
| CRYPTNET_URL_CACHE_PRE_FETCH_INFO | Contains update information used by the Cryptnet URL Cache (CUC) service to maintain a URL cache entry. |
| CRYPTNET_URL_CACHE_RESPONSE_INFO | Contains response information used by the Cryptnet URL Cache (CUC) service to maintain a URL cache entry. |
| CRYPT_INTEGER_BLOB | This structure is used for an arbitrary array of bytes. |
| CRYPTPROTECT_PROMPTSTRUCT | Provides the text of a prompt and information about when and where that prompt is to be displayed when using the CryptProtectData and CryptUnprotectData functions. |
| CRYPTUI_INITDIALOG_STRUCT | Supports the CRYPTUI_VIEWCERTIFICATE_STRUCT structure. |
| CRYPTUI_SELECTCERTIFICATE_STRUCT | Contains information about the dialog box displayed by the CryptUIDlgSelectCertificate function. |
| CRYPTUI_VIEWCERTIFICATE_STRUCT | Contains information about a certificate to view. It is used in the CryptUIDlgViewCertificate function. |
| CRYPTUI_VIEWSIGNERINFO_STRUCT | Contains information for the CryptUIDlgViewSignerInfo function. |
| CRYPTUI_WIZ_EXPORT_CERTCONTEXT_INFO | Contains information that controls the operation of the CryptUIWizExport function when a certificate is the object being exported. |
| CRYPTUI_WIZ_EXPORT_INFO | Contains information that controls the operation of the CryptUIWizExport function. |
| CRYPTUI_WIZ_IMPORT_SRC_INFO | Contains the subject to import into the CryptUIWizImport function. |
| DHPRIVKEY_VER3 | Contains information specific to the particular private key contained in the key BLOB. |
| DHPUBKEY | Contains information specific to the particular Diffie-Hellman public key contained in the key BLOB. |
| DHPUBKEY_VER3 | Contains information specific to the particular public key contained in the key BLOB. |
| Diffie-Hellman Version 3 Private Key BLOBs | Used to export and import information about a DH private key. |
| Diffie-Hellman Version 3 Public Key BLOBs | Used to export and import information about a DH public key. |
| DSS Version 3 Private Key BLOBs | Used to export and import information about a DH private key. |
| DSS Version 3 Public Key BLOBs | Used to export and import information about a DH public key. |
| DSSPRIVKEY_VER3 | Contains information specific to the particular private key contained in the key BLOB. |
| DSSPUBKEY | Contains information specific to the particular public key contained in the key BLOB. |
| DSSPUBKEY_VER3 | Contains information specific to the particular public key contained in the key BLOB. |
| DSSSEED | Holds the seed and counter values that can be used to verify the primes of the DSS public key. |
| HMAC_INFO | Specifies the hash algorithm and the inner and outer strings that are to be used to calculate the Hash-Based Message Authentication Code (HMAC) hash. |
| KEYSVC_BLOB | Defines a key service BLOB. |
| KEYSVC_UNICODE_STRING | Defines a key service Unicode string. |
| OCSP_BASIC_RESPONSE_ENTRY | Contains the current certificate status for a single certificate. |
| OCSP_BASIC_RESPONSE_INFO | Contains a basic OCSP response as specified by RFC 2560. |
| OCSP_BASIC_REVOKED_INFO | Contains the reason a certificate was revoked. |
| OCSP_BASIC_SIGNED_RESPONSE_INFO | Contains a basic OCSP response with a signature. |
| OCSP_CERT_ID | Contains information to identify a certificate in an OCSP request or response. |
| OCSP_REQUEST_ENTRY | Contains information about a single certificate in an OCSP request. |
| OCSP_REQUEST_INFO | Contains information for an OCSP request as specified by RFC 2560. |
| OCSP_RESPONSE_INFO | Indicates the success or failure of the corresponding OCSP request. For successful requests, it contains the type and value of response information. |
| OCSP_SIGNATURE_INFO | Contains a signature for an OCSP request or response. |
| OCSP_SIGNED_REQUEST_INFO | Contains information for an OCSP request with optional signature information. |
| PROV_ENUMALGS | Returned by calls to CryptGetProvParam or CPGetProvParam. |
| PROV_ENUMALGS_EX | Returned by calls to CryptGetProvParam or CPGetProvParam. |
| PUBLICKEYSTRUC | Indicates a key's BLOB type and the algorithm that the key uses. |
| ROOT_INFO_LUID | Contains a locally unique identifier (LUID) for Cryptographic Smart Card Root Information. |
| RSAPUBKEY | Contains information specific to the particular public key contained in the key BLOB. |
| SCHANNEL_ALG | Contains algorithm and key size information. |
| SIGNER_ATTR_AUTHCODE | Specifies attributes for an Authenticode signature. |
| SIGNER_BLOB_INFO | Specifies a BLOB to sign. |
| SIGNER_CERT | Specifies a certificate used to sign a document. The certificate can be stored in a Software Publisher Certificate (SPC) file or in a certificate store. |
| SIGNER_CERT_STORE_INFO | Specifies the certificate store used to sign a document. |
| SIGNER_CONTEXT | Contains a signed BLOB. |
| SIGNER_FILE_INFO | Specifies a file to sign. |
| SIGNER_PROVIDER_INFO | Specifies the CSP and private key information used to create a digital signature. |
| SIGNER_SIGNATURE_INFO | Contains information about a digital signature. |
| SIGNER_SPC_CHAIN_INFO | Specifies a Software Publisher Certificate (SPC) and certificate chain used to sign a document. |
| SIGNER_SUBJECT_INFO | Specifies a subject to sign. |
Common Certificate Structures
The following structures are used by many of the certificate functions.
| Structure | Description |
|---|---|
| CERT_BIOMETRIC_DATA | Contains information about biometric data. |
| CERT_BIOMETRIC_EXT_INFO | Contains a set of biometric information. |
| CERT_CONTEXT | Contains both the encoded and decoded representations of a certificate. |
| CERT_CRL_CONTEXT_PAIR | Contains a certificate context and an associated CRL context. |
| CERT_DH_PARAMETERS | Contains parameters associated with a Diffie-Hellman public key algorithm. |
| CERT_DSS_PARAMETERS | Contains parameters associated with a DSS public key algorithm. |
| CERT_ECC_SIGNATURE | Contains the r and s values for an Elliptic Curve Digital Signature Algorithm (ECDSA) signature. |
| CERT_EXTENSION | Contains the extension information for a certificate, certificate revocation list (CRL) or certificate trust list (CTL). |
| CERT_EXTENSIONS | Contains an array of extensions. |
| CERT_GENERAL_SUBTREE | Used in CERT_NAME_CONSTRAINTS_INFO structure, this structure provides the identity of a certificate that can be included or excluded. |
| CERT_HASHED_URL | Contains a hashed URL. |
| CERT_ID | Used as a flexible means of uniquely identifying a certificate. |
| CERT_INFO | Contains a certificate's information. |
| CERT_KEY_CONTEXT | Contains data for the pvData member of a Value member of CERT_EXTENSION structure associated with a CERT_KEY_CONTEXT_PROP_ID property. |
| CERT_KEYGEN_REQUEST_INFO | Contains information stored in the Netscape Keygen request. |
| CERT_LDAP_STORE_OPENED_PARA | Used with the CertOpenStore function when the CERT_STORE_PROV_LDAP provider is specified by using the CERT_LDAP_STORE_OPENED_FLAG flag to specify both the existing LDAP session to use to perform the query as well as the LDAP query string. |
| CERT_LOGOTYPE_AUDIO | Contains information about an audio logotype. |
| CERT_LOGOTYPE_AUDIO_INFO | Contains more detailed information about an audio logotype. |
| CERT_LOGOTYPE_DATA | Contains logotype data. |
| CERT_LOGOTYPE_DETAILS | Contains additional information about a logotype. |
| CERT_LOGOTYPE_EXT_INFO | Contains a set of logotype information. |
| CERT_LOGOTYPE_IMAGE | Contains information about an image logotype. |
| CERT_LOGOTYPE_IMAGE_INFO | Contains more detailed information about an image logotype. |
| CERT_LOGOTYPE_INFO | Contains information about logotype data. |
| CERT_LOGOTYPE_REFERENCE | Contains logotype reference information. |
| CERT_NAME_CONSTRAINTS_INFO | Contains information about certificates that are specifically permitted or excluded from trust. |
| CERT_NAME_INFO | Contains subject or issuer names. The information is represented as an array of CERT_RDN structures. |
| CERT_NAME_VALUE | Contains a relative distinguished name (RDN) attribute value. |
| CERT_OTHER_LOGOTYPE_INFO | Contains information about logo types that are not predefined. |
| CERT_PAIR | Contains a certificate and its pair cross certificate. |
| CERT_PHYSICAL_STORE_INFO | Contains information on physical certificate stores. |
| CERT_POLICY_CONSTRAINTS_INFO | Contains established policies for accepting certificates as trusted. |
| CERT_POLICY_MAPPING | Contains a mapping between issuer domain and subject domain policy OIDs. |
| CERT_POLICY_MAPPINGS_INFO | Provides mapping between the policy OIDs of two domains. |
| CERT_PUBLIC_KEY_INFO | Contains a public key and its algorithm. |
| CERT_QC_STATEMENT | Represents a single statement in a sequence of one or more statements for inclusion in a Qualified Certificate (QC) statements extension. |
| CERT_QC_STATEMENTS_EXT_INFO | Contains a sequence of one or more statements that make up the Qualified Certificate (QC) statements extension for a QC. |
| CERT_RDN | Contains a relative distinguished name (RDN) consisting of an array of CERT_RDN_ATTR structures. |
| CERT_RDN_ATTR | Contains a single attribute of a relative distinguished name (RDN). |
| CERT_REQUEST_INFO | Contains information for a certificate request. |
| CERT_REVOCATION_CRL_INFO | Contains information updated by a CRL revocation type handler. |
| CERT_REVOCATION_PARA | This structure can optionally be passed to CertVerifyRevocation to assist in finding the issuer of the context to be verified. |
| CERT_REVOCATION_STATUS | Contains information on the revocation status of the certificate. |
| CERT_SELECT_STRUCT | Contains criteria upon which to select certificates that are presented in a certificate selection dialog box. This structure is used in the CertSelectCertificate function. |
| CERT_SIGNED_CONTENT_INFO | Contains encoded content to be signed and a BLOB to hold the signature. |
| CERT_STORE_PROV_FIND_INFO | This structure is used by many of the store provider callback functions. |
| CERT_STORE_PROV_INFO | Contains information returned by the installed CertDllOpenStoreProv when a store is opened with CertOpenStore. |
| CERT_STRONG_SIGN_PARA | Contains parameters used to check for strong signatures on certificates, CRLs, OCSP reponses, and PKCS #7 messages. |
| CERT_STRONG_SIGN_SERIALIZED_INFO | Contains the signature algorithm/hash algorithm and public key algorithm/bit length pairs that can be used for strong signing. |
| CERT_SUBJECT_INFO_ACCESS | This is a synonym for the CERT_AUTHORITY_INFO_ACCESS structure. |
| CERT_SYSTEM_STORE_INFO | Contains information used by functions that work with system stores. |
| CERT_SYSTEM_STORE_RELOCATE_PARA | Contains data to be passed to CertOpenStore when that function's dwFlags parameter is set to CERT_SYSTEM_STORE_RELOCATE_FLAG. |
| CERT_TEMPLATE_EXT | This structure is a certificate template. |
| CERT_X942_DH_PARAMETERS | Contains parameters associated with a Diffie-Hellman public key algorithm. |
| CERT_X942_DH_VALIDATION_PARAMS | This structure is optionally pointed to by a member of the CERT_X942_DH_PARAMETERS structure and contains additional seed information. |
| CMC_ADD_ATTRIBUTES_INFO | Contains certificate attributes to be added to a certificate. |
| CMC_ADD_EXTENSIONS_INFO | Contains certificate extension control attributes to be added to a certificate. |
| CMC_DATA_INFO | This structure provides a means of communicating different pieces of tagged information. |
| CMC_PEND_INFO | This structure is a possible member of a CMC_STATUS_INFO structure. |
| CMC_RESPONSE_INFO | This structure provides a means of communicating different pieces of tagged information. |
| CMC_STATUS_INFO | Contains status information about Certificate Management Messages over CMS. |
| CMC_TAGGED_ATTRIBUTE | This structure is used in the CMC_DATA_INFO and CMC_RESPONSE_INFO structures. |
| CMC_TAGGED_CERT_REQUEST | This structure is used in the CMC_TAGGED_REQUEST structure. |
| CMC_TAGGED_CONTENT_INFO | This structure is used in the CMC_DATA_INFO and CMC_RESPONSE_INFO structures. |
| CMC_TAGGED_OTHER_MSG | This structure is used in the CMC_DATA_INFO and CMC_RESPONSE_INFO structures. |
| CMC_TAGGED_REQUEST | This structure is used in the CMC_DATA_INFO structures to request a certificate. |
| CRL_CONTEXT | Contains both the encoded and decoded representations of a CRL. |
| CRL_ENTRY | Contains information on a single revoked certificate. It is a member of a CRL_INFO structure. |
| CRL_INFO | Contains the information of a certificate revocation list (CRL). |
| CRL_ISSUING_DIST_POINT | Contains information about the kinds of certificates listed in a CRL. |
| CROSS_CERT_DIST_POINTS_INFO | This structure provides information used to update dynamic cross certificates. |
| CTL_ANY_SUBJECT_INFO | Contains a SubjectAlgorithm to be matched in the CTL and the SubjectIdentifier to be matched in one of the CTL entries in calls to CertFindSubjectInCTL. |
| CTL_CONTEXT | Contains both the encoded and decoded representations of a CTL. |
| CTL_ENTRY | This structure is an element of a certificate trust list (CTL). |
| CTL_FIND_SUBJECT_PARA | Contains data used by CertFindCTLInStore with a dwFindType of CTL_FIND_SUBJECT to find a certificate trust list (CTL). |
| CTL_FIND_USAGE_PARA | This structure is a member of the CTL_FIND_SUBJECT_PARA structure and it is used by CertFindCTLInStore. |
| CTL_INFO | Contains the information stored in a certificate trust list (CTL). |
| CTL_MODIFY_REQUEST | Contains a request to modify a certificate trust list. This structure is used in the CertModifyCertificatesToTrust function. |
| CTL_USAGE | Contains an array of Object Identifiers (OIDs) for certificate trust list (CTL) extensions. |
| CTL_VERIFY_USAGE_PARA | Contains parameters used by CertVerifyCTLUsage to establish the validity of a CTL's usage. |
| CTL_VERIFY_USAGE_STATUS | Contains information about a certificate trust list (CTL) returned by CertVerifyCTLUsage. |
X.509 Certificate Extension Structures
The following structures are associated with X.509 CERT_EXTENSION structures.
| Structure | Description |
|---|---|
| CERT_ACCESS_DESCRIPTION | This structure is a member of a CERT_AUTHORITY_INFO_ACCESS structure. |
| CERT_ALT_NAME_ENTRY | Contains an alternative name in one of a variety of name forms. |
| CERT_ALT_NAME_INFO | Used in encoding and decoding extensions for subject or issuer certificates, certificate revocation list (CRLs), and certificate trust list (CTLs). |
| CERT_AUTHORITY_INFO_ACCESS | Represents authority information access and subject information access certificate extensions and specifies how to access additional information and services for the subject or the issuer of that certificate. |
| CERT_AUTHORITY_KEY_ID_INFO | Identifies the key used to sign a certificate or CRL. |
| CERT_AUTHORITY_KEY_ID2_INFO | Identifies the key used to sign a certificate or CRL. It differs from the CERT_AUTHORITY_KEY_ID_INFO structure in that the certificate issuer is a CERT_ALT_NAME_INFO instead of a CERT_NAME_BLOB. |
| CERT_BASIC_CONSTRAINTS_INFO | Contains information indicating whether the certified subject can act as a CA, an end-entity, or both. |
| CERT_BASIC_CONSTRAINTS2_INFO | Contains information indicating whether the certified subject can act as a CA or an end entity. |
| CERT_KEY_ATTRIBUTES_INFO | Contains optional additional information about the public key being certified. |
| CERT_KEY_USAGE_RESTRICTION_INFO | Contains restrictions imposed on the usage of a certificate's public key. |
| CERT_POLICIES_INFO | Contains an array of CERT_POLICY_INFO. |
| CERT_POLICY_ID | Contains a list of certificate policies that the certificate expressly supports, together with optional qualifier information pertaining to these policies. |
| CERT_POLICY_INFO | Contains an object identifier (OID) specifying a policy and an optional array of policy qualifiers. |
| CERT_POLICY_QUALIFIER_INFO | Contains an object identifier (OID) specifying the qualifier and qualifier-specific supplemental information. |
| CERT_PRIVATE_KEY_VALIDITY | Indicates a valid time span for the private key corresponding to a certificate's public key. |
| CRL_DIST_POINT | Identifies a single CRL distribution point that a certificate user can reference to determine whether certificates have been revoked. |
| CRL_DIST_POINT_NAME | Identifies a location from which the CRL can be obtained. |
| CRL_DIST_POINTS_INFO | Contains a list of CRL distribution points a certificate user can reference to determine whether the certificate has been revoked. |
These structures can be encoded into the Value member of a CERT_EXTENSION structure by using the CryptEncodeObject and CryptEncodeObjectEx functions. They are created and returned by the CryptDecodeObject and CryptDecodeObjectEx functions when the Value member of a CERT_EXTENSION structure is decoded.
The structure encoded or created depends on the pszObjId string member of the CERT_EXTENSION structure.
Current extension predefined constants and OIDs along with the structure associated with each are shown in the following table.
| Predefined constant | Object identifier (OID) | Data structure |
|---|---|---|
| X509_AUTHORITY_INFO_ACCESS | szOID_AUTHORITY_INFO_ACCESS | CERT_AUTHORITY_INFO_ACCESS |
| X509_AUTHORITY_KEY_ID | szOID_AUTHORITY_KEY_IDENTIFIER | CERT_AUTHORITY_KEY_ID_INFO |
| X509_ALTERNATE_NAME | szOID_SUBJECT_ALT_NAME
– Or – szOID_ISSUER_ALT_NAME | CERT_ALT_NAME_INFO |
| X509_BASIC_CONSTRAINTS | szOID_BASIC_CONSTRAINTS | CERT_BASIC_CONSTRAINTS_INFO |
| X509_BASIC_CONSTRAINTS2 | szOID_BASIC_CONSTRAINTS2 | CERT_BASIC_CONSTRAINTS2_INFO |
| X509_CERT_POLICIES | szOID_CERT_POLICIES | CERT_POLICIES_INFO |
| X509_KEY_ATTRIBUTES | szOID_KEY_ATTRIBUTES | CERT_KEY_ATTRIBUTES_INFO |
| X509_KEY_USAGE | szOID_KEY_USAGE | CRYPT_BIT_BLOB |
| X509_KEY_USAGE_RESTRICTION | szOID_KEY_USAGE_RESTRICTION | CERT_KEY_USAGE_RESTRICTION_INFO |
| None | szOID_POLICY_MAPPINGS | Not implemented |
| None | szOID_SUBJECT_DIR_ATTRS | Not implemented |
Message Structures
The following structures are used by the cryptographic message functions.
| Structure | Description |
|---|---|
| CMSG_CMS_RECIPIENT_INFO | This structure is used with the CryptMsgGetParam function to get information on a key transport, key agreement, or mail list envelope message recipient. |
| CMSG_CMS_SIGNER_INFO | This structure contains the content of the defined SignerInfo in signed or signed and enveloped messages. |
| CMSG_CNG_CONTENT_DECRYPT_INFO | Contains all the relevant information passed between CryptMsgControl and OID installable functions for the import and decryption of a Cryptography API: Next Generation (CNG) content encryption key (CEK). |
| CMSG_CONTENT_ENCRYPT_INFO | Contains information shared between the PFN_CMSG_GEN_CONTENT_ENCRYPT_KEY, PFN_CMSG_EXPORT_KEY_TRANS, PFN_CMSG_EXPORT_KEY_AGREE, and PFN_CMSG_EXPORT_MAIL_LISTobject identifier (OID) installable functions used for the encryption and export of a content encryption key. |
| CMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR_PARA | This structure is used to add an unauthenticated attribute to a signer of a signed message. |
| CMSG_CTRL_DECRYPT_PARA | This structure contains information used to decrypt an enveloped message for a key transport recipient. This structure is passed to CryptMsgControl if the dwCtrlType parameter is CMSG_CTRL_DECRYPT. |
| CMSG_CTRL_DEL_SIGNER_UNAUTH_ATTR_PARA | This structure is used to delete an unauthenticated attribute of a signer of a signed message. |
| CMSG_CTRL_KEY_AGREE_DECRYPT_PARA | This structure contains information about a key agreement recipient. |
| CMSG_CTRL_KEY_TRANS_DECRYPT_PARA | This structure containing information about a key transport message recipient. |
| CMSG_CTRL_MAIL_LIST_DECRYPT_PARA | This structure contains information on a mail list message recipient. |
| CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA | This structure contains information used to verify a message signature. It contains the signer index and signer public key. The signer public key can be the signer's CERT_PUBLIC_KEY_INFO structure, certificate context, or chain context. |
| CMSG_ENVELOPED_ENCODE_INFO | This structure contains information needed to encode an enveloped message. It is passed to CryptMsgOpenToEncode if dwMsgType is CMSG_ENVELOPED. |
| CMSG_ENVELOPED_HASHED_INFO | This structure is used with hashed messages. It is passed to CryptMsgOpenToEncode if dwMsgType is CMSG_ENVELOPED. |
| CMSG_KEY_AGREE_ENCRYPT_INFO | Contains encryption information applicable to all key agreement recipients of an enveloped message. |
| CMSG_KEY_AGREE_KEY_ENCRYPT_INFO | Contains the encrypted key for a key agreement recipient of an enveloped message. |
| CMSG_KEY_TRANS_ENCRYPT_INFO | Contains encryption information for a key transport recipient of enveloped data. |
| CMSG_MAIL_LIST_ENCRYPT_INFO | Contains encryption information for a mailing list recipient of enveloped data. |
| CMSG_KEY_AGREE_RECIPIENT_ENCODE_INFO | This structure contains information on a message recipient using key agreement key management. |
| CMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO | This structure contains encoded key transport information for a message recipient. |
| CMSG_KEY_TRANS_RECIPIENT_INFO | This structure contains information used in key transport algorithms. |
| CMSG_MAIL_LIST_RECIPIENT_ENCODE_INFO | This structure is used with previously distributed symmetric keys for decrypting the content key encryption key (KEK). |
| CMSG_MAIL_LIST_RECIPIENT_INFO | This structure contains information used for previously distributed symmetric key-encryption keys (KEK). |
| CMSG_RC2_AUX_INFO | This structure contains the bit length of the key for RC2 encryption algorithms. The pvEncryptionAuxInfo member in CMSG_ENVELOPED_ENCODE_INFO can be set to point to an instance of this structure. |
| CMSG_RC4_AUX_INFO | This structure contains the bit length of the key for RC4 encryption algorithms. The pvEncryptionAuxInfo member in CMSG_ENVELOPED_ENCODE_INFO can be set to point to an instance of this structure. |
| CMSG_RECIPIENT_ENCODE_INFO | This structure contains information a message recipient's content encryption key management type. |
| CMSG_RECIPIENT_ENCRYPTED_KEY_ENCODE_INFO | This structure contains information on a message receiver used to decrypt the session key needed to decrypt the message contents. This structure is used with CMS low level messages using any of the key management methods. |
| CMSG_RECIPIENT_ENCRYPTED_KEY_INFO | This structure contains information used for an individual key agreement recipient. |
| CMSG_SIGNED_ENCODE_INFO | This structure contains information to be passed to CryptMsgOpenToEncode if dwMsgType is CMSG_SIGNED. |
| CMSG_SIGNER_ENCODE_INFO | This structure contains signer information. It is passed to CryptMsgCountersign, CryptMsgCountersignEncoded, and optionally to CryptMsgOpenToEncode as a member of the CMSG_SIGNED_ENCODE_INFO structure, if the dwMsgType parameter is CMSG_SIGNED. |
| CMSG_SIGNER_INFO | This structure contains the content of the PKCS #7 defined SignerInfo in signed messages. |
| CMSG_SP3_COMPATIBLE_AUX_INFO | This structure contains information needed for SP3 compatible encryption. |
| CMSG_STREAM_INFO | This structure is used to enable processing stream data rather than single block processing. Stream processing is most often used when processing large messages. Stream-process messages can originate from any serialized source such as a file on a hard disk, a server, or a CD ROM. |
| CRYPT_DECRYPT_MESSAGE_PARA | Contains information for decrypting messages. |
| CRYPT_ENCRYPT_MESSAGE_PARA | Contains information used to encrypt messages. |
| CRYPT_HASH_MESSAGE_PARA | Contains data for hashing messages. |
| CRYPT_SIGN_MESSAGE_PARA | Contains information for signing messages using a specified signing certificate context. |
| CRYPT_VERIFY_MESSAGE_PARA | Contains information needed to verify a signed message. |
OID Support Structures
The following structures are used by the OID Support Functions.
| Structure | Description |
|---|---|
| CRYPT_OID_FUNC_ENTRY | Contains an object identifier (OID) and a pointer to its related function. It is used with CryptInstallOIDFunctionAddress |
| CRYPT_OID_INFO | Contains information about an object identifier (OID). |
| CRYPT_RC2_CBC_PARAMETERS | Contains information used with szOID_RSA_RC2CBC encryption. |
| CRYPT_SMIME_CAPABILITIES | Contains a prioritized array of supported capabilities. |
| CRYPT_SMIME_CAPABILITY | Specifies a single capability and its associated parameters. |
Certificate Chain Structures
The following structures are used in building certificate chains used to establish trust in a certificate.
| Structure | Description |
|---|---|
| AUTHENTICODE_EXTRA_CERT_CHAIN_POLICY_PARA | Holds policy information used in the verification of certificate chains for files. |
| AUTHENTICODE_EXTRA_CERT_CHAIN_POLICY_STATUS | Holds additional Authenticode policy information for chain verification of files. |
| AUTHENTICODE_TS_EXTRA_CERT_CHAIN_POLICY_PARA | Contains time stamp policy information that can be used in certificate chain verification of files. |
| CERT_CHAIN_CONTEXT | Contains an array of simple certificate chains and a trust status structure that indicates summary validity data on all of the connected simple chains. |
| CERT_CHAIN_ELEMENT | This structure is a single element in a simple certificate chain. |
| CERT_CHAIN_ENGINE_CONFIG | Sets parameters for building a nondefault certificate chain engine. |
| CERT_CHAIN_FIND_BY_ISSUER_PARA | Holds information used in CertFindChainInStore to build certificate chains. |
| CERT_CHAIN_PARA | Establishes the searching and matching criteria to be used in building a certificate chain. |
| CERT_CHAIN_POLICY_PARA | Contains information used in CertVerifyCertificateChainPolicy to establish policy criteria for the verification of certificate chains. |
| CERT_CHAIN_POLICY_STATUS | Holds certificate chain status information returned by CertVerifyCertificateChainPolicy from the verification of certificate chains. |
| CERT_REVOCATION_INFO | Indicates the revocation status of a certificate in a CERT_CHAIN_ELEMENT. |
| CERT_SELECT_CHAIN_PARA | Contains the parameters used for building and selecting chains. |
| CERT_SIMPLE_CHAIN | Contains an array of chain elements and a summary trust status for the chain that the array represents. |
| CERT_SELECTUI_INPUT | Used by the CertSelectionGetSerializedBlob function to serialize the certificates contained in a store or an array of certificate chains. The returned serialized BLOB can be passed to the CredUIPromptForWindowsCredentials function. |
| CERT_TRUST_LIST_INFO | Indicates valid usage of a CTL. |
| CERT_TRUST_STATUS | Contains trust information about a certificate in a certificate chain, summary trust information about a simple chain of certificates, or summary information about an array of simple chains. |
| CERT_USAGE_MATCH | Provides parameters for finding issuer certificates used to build a certificate chain. |
| CTL_USAGE_MATCH | Provides parameters for finding certificate trust lists (CTL) used to build a certificate chain. |
| SSL_EXTRA_CERT_CHAIN_POLICY_PARA | Holds policy information used in the verification of Secure Sockets Layer (SSL) client/server certificate chains. |
CSP Structures
The following structures are used with cryptographic service provider (CSP) functions.
| Structure | Description |
|---|---|
| BLOBHEADER | Indicates a key's BLOB type and the algorithm that the key uses. |
| VTableProvStruc | Contains pointers to callback functions that can be used by CSP functions. |
| PLAINTEXTKEYBLOB |
Contains parameter header information for a plaintext key. |
WinTrust Structures
The following structures are used with the WinVerifyTrust function.
| Structure | Description |
|---|---|
| CRYPT_PROVIDER_DEFUSAGE | Used by the WintrustGetDefaultForUsage function to retrieve callback information for a provider's default usage. |
| CRYPT_PROVIDER_REGDEFUSAGE | Used by the WintrustAddDefaultForUsage function to register callback information about a provider's default usage. |
| SPC_INDIRECT_DATA_CONTENT | Stores the digest and other attributes of an Authenticode-signed file. |
| WINTRUST_BLOB_INFO | Used when calling WinVerifyTrust to verify a memory BLOB. |
| WINTRUST_CATALOG_INFO | Used when calling WinVerifyTrust to verify a member of a Microsoft catalog. |
| WINTRUST_CERT_INFO | Used when calling WinVerifyTrust to verify a CERT_CONTEXT. |
| WINTRUST_DATA | Used when calling WinVerifyTrust to pass necessary information into the trust providers |
| WINTRUST_FILE_INFO | Used when calling WinVerifyTrust to verify an individual file. |
| WINTRUST_SGNR_INFO | Used when calling WinVerifyTrust to verify a CMSG_SIGNER_INFO structure. |
SIP Structures
The following structures are used by subject interface package (SIPP functions.
| Structure | Description |
|---|---|
| SIP_ADD_NEWPROVIDER | Defines an SIP. |
| SIP_CAP_SET | Defines the capabilities of an SIP. |
| SIP_DISPATCH_INFO | Contains a set of pointers to SIP functions. |
| SIP_INDIRECT_DATA | Contains a digest of the hashed subject information. |
| SIP_SUBJECTINFO | Specifies SIP subject information. |