CERT_STRONG_SIGN_SERIALIZED_INFO structure

Contains the signature algorithm/hash algorithm and public key algorithm/bit length pairs that can be used for strong signing. This structure is used by the CERT_STRONG_SIGN_PARA structure.

Syntax

C++

typedef struct _CERT_STRONG_SIGN_SERIALIZED_INFO {
  DWORD  dwFlags;
  LPWSTR pwszCNGSignHashAlgids;
  LPWSTR pwszCNGPubKeyMinBitLengths;
} CERT_STRONG_SIGN_SERIALIZED_INFO, *PCERT_STRONG_SIGN_SERIALIZED_INFO;

Members

dwFlags

By default, certificate strong signing parameters do not apply to certificate revocation lists (CRLs) or online certificate status protocol (OCSP) responses. You can set one or both of the following values to enable strong signing on CRLs and OCSP responses.

Value	Meaning
CERT_STRONG_SIGN_ENABLE_CRL_CHECK 0x1	Enable strong signing of CRLs.
CERT_STRONG_SIGN_ENABLE_OCSP_CHECK 0x2	Enable strong signing of OCSP responses.

 

pwszCNGSignHashAlgids

Pointer to a null-terminated Unicode string that contains a set of signature algorithm/hash algorithm pairs. A Unicode semicolon (L";") separates the pairs. This is shown by the following example.

L"RSA/SHA256;RSA/SHA384;ECDSA/SHA256;ECDSA/SHA384"

The following signature algorithms are supported:

• L"RSA" (BCRYPT_RSA_ALGORITHM)
• L"DSA" (BCRYPT_DSA_ALGORITHM)
• L"ECDSA" (SSL_ECDSA_ALGORITHM)

The following signature algorithms are not supported:

• L"ECDSA_P256" (BCRYPT_ECDSA_P256_ALGORITHM)
• L"ECDSA_P384" (BCRYPT_ECDSA_P384_ALGORITHM)
• L"ECDSA_P521" (BCRYPT_ECDSA_P521_ALGORITHM)

The following hash algorithms are supported:

• L"MD5" (BCRYPT_MD5_ALGORITHM)
• L"SHA1" (BCRYPT_SHA1_ALGORITHM)
• L"SHA256" (BCRYPT_SHA256_ALGORITHM)
• L"SHA256" (BCRYPT_SHA256_ALGORITHM)
• L"SHA512" (BCRYPT_SHA512_ALGORITHM)

pwszCNGPubKeyMinBitLengths

Pointer to a null-terminated Unicode string that contains a set of public key algorithm/bit length pairs. A Unicode semicolon (L";") separates the pairs. This is shown by the following example.

L”RSA/2048;ECDSA/256”

The following public key algorithms are supported:

• L"RSA" (BCRYPT_RSA_ALGORITHM)
• L"DSA" (BCRYPT_DSA_ALGORITHM)
• L"ECDSA" (SSL_ECDSA_ALGORITHM)

Remarks

This structure is used by the CERT_STRONG_SIGN_PARA structure which is directly referenced by the following functions:

• CertIsStrongHashToSign
• CryptMsgControl
• CryptMsgVerifyCountersignatureEncodedEx

Also, CERT_STRONG_SIGN_PARA is indirectly referenced by the following:

• CryptDecodeMessage
• CryptDecryptAndVerifyMessageSignature
• CertGetCertificateChain
• CertSelectCertificateChains
• CryptVerifyDetachedMessageSignature
• CryptVerifyMessageSignature

Requirements

Minimum supported client	Windows 8 [desktop apps only]
Minimum supported server	Windows Server 2012 [desktop apps only]
Header	Wincrypt.h

See also

CERT_STRONG_SIGN_PARA