Windows Dev Center

ICEnroll4::HashAlgorithm property

[This property is no longer available for use as of Windows Server 2008 and Windows Vista.]

The HashAlgorithm property sets or retrieves only the signature hashing algorithm used to sign the PKCS #10 certification request.

This property was first defined in the ICEnroll interface.

This property is read/write.

Syntax


HRESULT put_HashAlgorithm(
  [in]  BSTR HashAlg
);

HRESULT get_HashAlgorithm(
  [out] BSTR *pHashAlg
);

Property value

A string that represents the signature hashing algorithm used to sign the PKCS #10 certification request. The string can be any OID for a hashing algorithm. The following list shows some possible values. The default value is "SHA1".

  • "SHA1"
  • "MD2"
  • "MD5"

Error codes

If the property access methods put_HashAlgorithm and get_HashAlgorithm succeed, they return S_OK.

Any other HRESULT value indicates that the call failed.

Remarks

This signature hashing algorithm is not to be confused with the hashing algorithm used to sign the certificate. The enrollment control currently supports any OID for hashing algorithms, plus the following display name values: SHA1 (the default), MD2, and MD5. When retrieving this property, the retrieved value is in OID format (that is, SHA1 appears as 1.3.14.3.2.29). When setting this property, the corresponding OID format can be used as an alternative to the text shown for the defined friendly values.

The Certificate Enrollment Control considers the value of the HashAlgorithm property as a hint to the hashing algorithm to use for signing the PKCS #10 certification request. If the cryptographic service provider (CSP) supports the algorithm specified in the HashAlgorithm property, the algorithm will be used. Otherwise, the Certificate Enrollment Control will try to use SHA1. If SHA1 is not supported by the CSP, then MD5 will be tried. If neither SHA1 nor MD5 is supported, the Certificate Enrollment Control will try to use the first hashing algorithm returned from the CSP.

The HashAlgorithm property affects the behavior of the following methods:

If both the HashAlgID and HashAlgorithm properties are set, whichever is last updated will specify which hashing algorithm will be used to sign the PKCS #10 certification request.

Examples


BSTR     bstrHashAlg = NULL;
HRESULT  hr;

// get the hash algorithm
hr = pEnroll->get_HashAlgorithm( &bstrHashAlg );
if ( FAILED ( hr ) )
    printf("Failed get_HashAlgorithm - %x\n", hr );
else
    printf( "HashAlgorithm: %ws\n", bstrHashAlg );
// free BSTR
if ( NULL != bstrHashAlg )
    SysFreeString( bstrHashAlg);

BSTR    bstrMyHashAlg = SysAllocString(TEXT("MD5"));
// alternatively, ... = SysAllocString(TEXT("1.2.840.113549.1.1.4"));

// set the hash algorithm
hr = pEnroll->put_HashAlgorithm( bstrMyHashAlg );
if ( FAILED ( hr ) )
    printf("Failed put_HashAlgorithm - %x\n", hr );
else
    printf( "HashAlgorithm was set to %ws\n", bstrMyHashAlg );
// free BSTR
if ( NULL != bstrMyHashAlg )
    SysFreeString( bstrMyHashAlg);

Requirements

Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]

End of client support

Windows XP

End of server support

Windows Server 2003

Header

Xenroll.h

Library

Uuid.lib

DLL

Xenroll.dll

IID

IID_ICEnroll4 is defined as c1f1188a-2eb5-4a80-841b-7e729a356d90

 

 

Community Additions

ADD
Show:
© 2015 Microsoft