Cryptography Structures
The following structures are used by cryptography functions. Cryptography structures are categorized according to usage as follows:
- CryptXML Structures
- General Cryptography Structures
- Common Certificate Structures
- X.509 Certificate Extension Structures
- Message Structures
- OID Support Structures
- Certificate Chain Structures
- CSP Structures
- WinTrust Structures
- SIP Structures
CryptXML Structures
The following structures are used by the CryptXML Functions.
| Structure | Description |
|---|---|
| CRYPT_XML_ALGORITHM | Specifies the algorithm used to sign or transform the message. |
| CRYPT_XML_ALGORITHM_INFO | Contains algorithm information. |
| CRYPT_XML_BLOB | Contains an arbitrary array of bytes. |
| CRYPT_XML_CRYPTOGRAPHIC_INTERFACE | Passed to the CryptXmlDllGetInterface function pointer to expose the implemented CryptXML functions. |
| CRYPT_XML_DATA_BLOB | Contains XML encoded data. |
| CRYPT_XML_DATA_PROVIDER | Specifies the interface to the XML data provider. |
| CRYPT_XML_DOC_CTXT | Defines document context information. |
| CRYPT_XML_ISSUER_SERIAL | Contains an X.509 issued distinguished name–serial number pair. |
| CRYPT_XML_KEY_DSA_KEY_VALUE | Defines a Digital Signature Algorithm (DSA) key value. The CRYPT_XML_KEY_DSA_KEY_VALUE structure is used as an element of the key value union in the CRYPT_XML_KEY_VALUE structure. |
| CRYPT_XML_KEY_ECDSA_KEY_VALUE | Defines an Elliptic Curve Digital Signature Algorithm (ECDSA) key value. The CRYPT_XML_KEY_ECDSA_KEY_VALUE structure is used as an element of the key value union in the CRYPT_XML_KEY_VALUE structure. |
| CRYPT_XML_KEY_INFO | Encapsulates key information data. |
| CRYPT_XML_KEY_INFO_ITEM | Encapsulates key information data that corresponds to a KeyInfo element. The KeyInfo element enables the recipient to obtain the key needed to validate the signature. |
| CRYPT_XML_KEY_RSA_KEY_VALUE | Defines an RSA key value. The CRYPT_XML_KEY_RSA_KEY_VALUE structure is used as element of the key value union in the CRYPT_XML_KEY_VALUE structure. |
| CRYPT_XML_KEY_VALUE | Contains a single public key that may be useful in validating the signature. |
| CRYPT_XML_KEYINFO_PARAM | Is used by the CryptXmlSign function to specify the members of the KeyInfo element to be encoded. |
| CRYPT_XML_OBJECT | Describes an Object element in the signature. |
| CRYPT_XML_PROPERTY | Contains information about a CryptXML property. |
| CRYPT_XML_REFERENCE | Contains information used to populate the Reference element. |
| CRYPT_XML_REFERENCES | Defines an array of CRYPT_XML_REFERENCE structures. |
| CRYPT_XML_SIGNATURE | Contains information used to populate the Signature element. |
| CRYPT_XML_SIGNED_INFO | Returns information about the signature validation status, summary status information about a SignedInfo element, or summary status information about an array of Reference elements. |
| CRYPT_XML_TRANSFORM_CHAIN_CONFIG | Defines application defined transforms which are allowed for use in the XML digital signature. |
| CRYPT_XML_TRANSFORM_INFO | Contains information that is used when applying the data transform. |
| CRYPT_XML_X509DATA | Represents the sequence of choices in the X509Data element. |
| CRYPT_XML_X509DATA_ITEM | Represents X.509 data that is to be encoded in an X509Data named element. |
General Cryptography Structures
The following structures are used by the Base Cryptography Functions.
| Structure | Description |
|---|---|
| CMS_DH_KEY_INFO | Used with the KP_CMS_DH_KEY_INFO parameter in the CryptSetKeyParam function to contain Diffie-Hellman key information. |
| CMS_KEY_INFO | This structure is not used. |
| CRYPT_AES_128_KEY_STATE | Specifies the 128-bit symmetric key information for an Advanced Encryption Standard (AES) cipher. |
| CRYPT_AES_256_KEY_STATE | Specifies the 256-bit symmetric key information for an AES cipher. |
| CRYPT_ALGORITHM_IDENTIFIER | Contains the object identifier (OID) of the algorithm and any needed parameters for that algorithm. |
| CRYPT_ATTRIBUTE | Specifies an attribute that has one or more values. |
| CRYPT_ATTRIBUTE_TYPE_VALUE | Contains a single attribute value. |
| CRYPT_ATTRIBUTES | Contains an array of attributes. |
| CRYPT_BIT_BLOB | Contains an array of bytes. |
| CRYPT_BLOB_ARRAY | Contains an array of CRYPT_DATA_BLOB structures. |
| CRYPT_CONTENT_INFO | Contains data encoded in the PKCS #7 ContentInfo data format. |
| CRYPT_CONTENT_INFO_SEQUENCE_OF_ANY | Contains information representing the Netscape certificate sequence of certificates. |
| CRYPT_DEFAULT_CONTEXT_MULTI_OID_PARA | Used with the CryptInstallDefaultContext function to contain an array of object identifier strings. |
| CRYPT_ECC_CMS_SHARED_INFO | Represents key-encryption key information when using Elliptic Curve Cryptography (ECC) in the Cryptographic Message Syntax (CMS) EnvelopedData content type. |
| CRYPT_ENCRYPTED_PRIVATE_KEY_INFO | Contains the information of an encrypted PKCS #8 private key. |
| CRYPT_ENROLLMENT_NAME_VALUE_PAIR | This structure is used to create certificate requests on behalf of a user. |
| CRYPT_INTEGER_BLOB | Contains the data of various kinds of binary large objects under names appropriate to type. |
| CRYPT_KEY_LIMITS | Supports the unimplemented CryptGetLocalKeyLimits function and is not used. It will be removed in a future version of Wincrypt.h. |
| CRYPT_KEY_PROV_INFO | Contains fields that are passed as the arguments to CryptAcquireContext to acquire a handle to a particular key container within a particular cryptographic service provider (CSP), or to create or destroy a key container. |
| CRYPT_KEY_PROV_PARAM | Contains data to be passed as the arguments to CryptSetProvParam. |
| CRYPT_KEY_SIGN_MESSAGE_PARA | Contains information about the CSP and algorithms used to sign a message. |
| CRYPT_KEY_VERIFY_MESSAGE_PARA | Contains information needed to verify signed messages without a certificate for the signer. |
| CRYPT_MASK_GEN_ALGORITHM | Identifies the algorithm used to generate an RSA PKCS #1 v2.1 signature mask. |
| CRYPT_OBJECT_LOCATOR_PROVIDER_TABLE | Contains pointers to functions implemented by an object location provider. |
| CRYPT_PKCS8_EXPORT_PARAMS | Contains information identifying a private key and a pointer to a callback function. |
| CRYPT_PKCS8_IMPORT_PARAMS | Contains a PKCS #8 private key and two pointers to callback functions. |
| CRYPT_PKCS12_PBE_PARAMS | Contains parameters used to create an encryption key, initialization vector (IV), or Message Authentication Code (MAC) key for a PKCS #12 password based encryption algorithm. |
| CRYPT_PRIVATE_KEY_INFO | Contains the information of a PKCS #8 private key. |
| CRYPT_PSOURCE_ALGORITHM | Identifies the algorithm and (optionally) the value of the label for an RSAES-OAEP key encryption. |
| CRYPT_RETRIEVE_AUX_INFO | Contains optional time synchronization information to pass to the CryptRetrieveObjectByUrl function. |
| CRYPT_RSA_SSA_PSS_PARAMETERS | Contains the parameters for an RSA PKCS #1 v2.1 signature. |
| CRYPT_RSAES_OAEP_PARAMETERS | Contains the parameters for an RSAES-OAEP key encryption. |
| CRYPT_SEQUENCE_OF_ANY | Contains an arbitrary list of encoded BLOBs. |
| CRYPT_SMART_CARD_ROOT_INFO | Contains the smart card and session IDs associated with a certificate context. |
| CRYPT_TIME_STAMP_REQUEST_INFO | This structure is used for time stamping. |
| CRYPT_URL_INFO | Contains information about groupings of URLs. |
| CRYPT_X942_OTHER_INFO | Contains additional key generation information. |
| CRYPTNET_URL_CACHE_FLUSH_INFO | Contains expiry information used by the Cryptnet URL Cache (CUC) service to maintain a URL cache entry. |
| CRYPTNET_URL_CACHE_PRE_FETCH_INFO | Contains update information used by the Cryptnet URL Cache (CUC) service to maintain a URL cache entry. |
| CRYPTNET_URL_CACHE_RESPONSE_INFO | Contains response information used by the Cryptnet URL Cache (CUC) service to maintain a URL cache entry. |
| CRYPT_INTEGER_BLOB | This structure is used for an arbitrary array of bytes. |
| CRYPTPROTECT_PROMPTSTRUCT | Provides the text of a prompt and information about when and where that prompt is to be displayed when using the CryptProtectData and CryptUnprotectData functions. |
| CRYPTUI_INITDIALOG_STRUCT | Supports the CRYPTUI_VIEWCERTIFICATE_STRUCT structure. |
| CRYPTUI_SELECTCERTIFICATE_STRUCT | Contains information about the dialog box displayed by the CryptUIDlgSelectCertificate function. |
| CRYPTUI_VIEWCERTIFICATE_STRUCT | Contains information about a certificate to view. It is used in the CryptUIDlgViewCertificate function. |
| CRYPTUI_VIEWSIGNERINFO_STRUCT | Contains information for the CryptUIDlgViewSignerInfo function. |
| CRYPTUI_WIZ_EXPORT_CERTCONTEXT_INFO | Contains information that controls the operation of the CryptUIWizExport function when a certificate is the object being exported. |
| CRYPTUI_WIZ_EXPORT_INFO | Contains information that controls the operation of the CryptUIWizExport function. |
| CRYPTUI_WIZ_IMPORT_SRC_INFO | Contains the subject to import into the CryptUIWizImport function. |
| DHPRIVKEY_VER3 | Contains information specific to the particular private key contained in the key BLOB. |
| DHPUBKEY | Contains information specific to the particular Diffie-Hellman public key contained in the key BLOB. |
| DHPUBKEY_VER3 | Contains information specific to the particular public key contained in the key BLOB. |
| Diffie-Hellman Version 3 Private Key BLOBs | Used to export and import information about a DH private key. |
| Diffie-Hellman Version 3 Public Key BLOBs | Used to export and import information about a DH public key. |
| DSS Version 3 Private Key BLOBs | Used to export and import information about a DH private key. |
| DSS Version 3 Public Key BLOBs | Used to export and import information about a DH public key. |
| DSSPRIVKEY_VER3 | Contains information specific to the particular private key contained in the key BLOB. |
| DSSPUBKEY | Contains information specific to the particular public key contained in the key BLOB. |
| DSSPUBKEY_VER3 | Contains information specific to the particular public key contained in the key BLOB. |
| DSSSEED | Holds the seed and counter values that can be used to verify the primes of the DSS public key. |
| HMAC_INFO | Specifies the hash algorithm and the inner and outer strings that are to be used to calculate the Hash-Based Message Authentication Code (HMAC) hash. |
| KEYSVC_BLOB | Defines a key service BLOB. |
| KEYSVC_UNICODE_STRING | Defines a key service Unicode string. |
| OCSP_BASIC_RESPONSE_ENTRY | Contains the current certificate status for a single certificate. |
| OCSP_BASIC_RESPONSE_INFO | Contains a basic OCSP response as specified by RFC 2560. |
| OCSP_BASIC_REVOKED_INFO | Contains the reason a certificate was revoked. |
| OCSP_BASIC_SIGNED_RESPONSE_INFO | Contains a basic OCSP response with a signature. |
| OCSP_CERT_ID | Contains information to identify a certificate in an OCSP request or response. |
| OCSP_REQUEST_ENTRY | Contains information about a single certificate in an OCSP request. |
| OCSP_REQUEST_INFO | Contains information for an OCSP request as specified by RFC 2560. |
| OCSP_RESPONSE_INFO | Indicates the success or failure of the corresponding OCSP request. For successful requests, it contains the type and value of response information. |
| OCSP_SIGNATURE_INFO | Contains a signature for an OCSP request or response. |
| OCSP_SIGNED_REQUEST_INFO | Contains information for an OCSP request with optional signature information. |
| PROV_ENUMALGS | Returned by calls to CryptGetProvParam or CPGetProvParam. |
| PROV_ENUMALGS_EX | Returned by calls to CryptGetProvParam or CPGetProvParam. |
| PUBLICKEYSTRUC | Indicates a key's BLOB type and the algorithm that the key uses. |
| ROOT_INFO_LUID | Contains a locally unique identifier (LUID) for Cryptographic Smart Card Root Information. |
| RSAPUBKEY | Contains information specific to the particular public key contained in the key BLOB. |
| SCHANNEL_ALG | Contains algorithm and key size information. |
| SIGNER_ATTR_AUTHCODE | Specifies attributes for an Authenticode signature. |
| SIGNER_BLOB_INFO | Specifies a BLOB to sign. |
| SIGNER_CERT | Specifies a certificate used to sign a document. The certificate can be stored in a Software Publisher Certificate (SPC) file or in a certificate store. |
| SIGNER_CERT_STORE_INFO | Specifies the certificate store used to sign a document. |
| SIGNER_CONTEXT | Contains a signed BLOB. |
| SIGNER_FILE_INFO | Specifies a file to sign. |
| SIGNER_PROVIDER_INFO | Specifies the CSP and private key information used to create a digital signature. |
| SIGNER_SIGNATURE_INFO | Contains information about a digital signature. |
| SIGNER_SPC_CHAIN_INFO | Specifies a Software Publisher Certificate (SPC) and certificate chain used to sign a document. |
| SIGNER_SUBJECT_INFO | Specifies a subject to sign. |
Common Certificate Structures
The following structures are used by many of the certificate functions.
| Structure | Description |
|---|---|
| CERT_BIOMETRIC_DATA | Contains information about biometric data. |
| CERT_BIOMETRIC_EXT_INFO | Contains a set of biometric information. |
| CERT_CONTEXT | Contains both the encoded and decoded representations of a certificate. |
| CERT_CRL_CONTEXT_PAIR | Contains a certificate context and an associated CRL context. |
| CERT_DH_PARAMETERS | Contains parameters associated with a Diffie-Hellman public key algorithm. |
| CERT_DSS_PARAMETERS | Contains parameters associated with a DSS public key algorithm. |
| CERT_ECC_SIGNATURE | Contains the r and s values for an Elliptic Curve Digital Signature Algorithm (ECDSA) signature. |
| CERT_EXTENSION | Contains the extension information for a certificate, certificate revocation list (CRL) or certificate trust list (CTL). |
| CERT_EXTENSIONS | Contains an array of extensions. |
| CERT_GENERAL_SUBTREE | Used in CERT_NAME_CONSTRAINTS_INFO structure, this structure provides the identity of a certificate that can be included or excluded. |
| CERT_HASHED_URL | Contains a hashed URL. |
| CERT_ID | Used as a flexible means of uniquely identifying a certificate. |
| CERT_INFO | Contains a certificate's information. |
| CERT_KEY_CONTEXT | Contains data for the pvData member of a Value member of CERT_EXTENSION structure associated with a CERT_KEY_CONTEXT_PROP_ID property. |
| CERT_KEYGEN_REQUEST_INFO | Contains information stored in the Netscape Keygen request. |
| CERT_LDAP_STORE_OPENED_PARA | Used with the CertOpenStore function when the CERT_STORE_PROV_LDAP provider is specified by using the CERT_LDAP_STORE_OPENED_FLAG flag to specify both the existing LDAP session to use to perform the query as well as the LDAP query string. |
| CERT_LOGOTYPE_AUDIO | Contains information about an audio logotype. |
| CERT_LOGOTYPE_AUDIO_INFO | Contains more detailed information about an audio logotype. |
| CERT_LOGOTYPE_DATA | Contains logotype data. |
| CERT_LOGOTYPE_DETAILS | Contains additional information about a logotype. |
| CERT_LOGOTYPE_EXT_INFO | Contains a set of logotype information. |
| CERT_LOGOTYPE_IMAGE | Contains information about an image logotype. |
| CERT_LOGOTYPE_IMAGE_INFO | Contains more detailed information about an image logotype. |
| CERT_LOGOTYPE_INFO | Contains information about logotype data. |
| CERT_LOGOTYPE_REFERENCE | Contains logotype reference information. |
| CERT_NAME_CONSTRAINTS_INFO | Contains information about certificates that are specifically permitted or excluded from trust. |
| CERT_NAME_INFO | Contains subject or issuer names. The information is represented as an array of CERT_RDN structures. |
| CERT_NAME_VALUE | Contains a relative distinguished name (RDN) attribute value. |
| CERT_OTHER_LOGOTYPE_INFO | Contains information about logo types that are not predefined. |
| CERT_PAIR | Contains a certificate and its pair cross certificate. |
| CERT_PHYSICAL_STORE_INFO | Contains information on physical certificate stores. |
| CERT_POLICY_CONSTRAINTS_INFO | Contains established policies for accepting certificates as trusted. |
| CERT_POLICY_MAPPING | Contains a mapping between issuer domain and subject domain policy OIDs. |
| CERT_POLICY_MAPPINGS_INFO | Provides mapping between the policy OIDs of two domains. |
| CERT_PUBLIC_KEY_INFO | Contains a public key and its algorithm. |
| CERT_QC_STATEMENT | Represents a single statement in a sequence of one or more statements for inclusion in a Qualified Certificate (QC) statements extension. |
| CERT_QC_STATEMENTS_EXT_INFO | Contains a sequence of one or more statements that make up the Qualified Certificate (QC) statements extension for a QC. |
| CERT_RDN | Contains a relative distinguished name (RDN) consisting of an array of CERT_RDN_ATTR structures. |
| CERT_RDN_ATTR | Contains a single attribute of a relative distinguished name (RDN). |
| CERT_REQUEST_INFO | Contains information for a certificate request. |
| CERT_REVOCATION_CRL_INFO | Contains information updated by a CRL revocation type handler. |
| CERT_REVOCATION_PARA | This structure can optionally be passed to CertVerifyRevocation to assist in finding the issuer of the context to be verified. |
| CERT_REVOCATION_STATUS | Contains information on the revocation status of the certificate. |
| CERT_SELECT_STRUCT | Contains criteria upon which to select certificates that are presented in a certificate selection dialog box. This structure is used in the CertSelectCertificate function. |
| CERT_SIGNED_CONTENT_INFO | Contains encoded content to be signed and a BLOB to hold the signature. |
| CERT_STORE_PROV_FIND_INFO | This structure is used by many of the store provider callback functions. |
| CERT_STORE_PROV_INFO | Contains information returned by the installed CertDllOpenStoreProv when a store is opened with CertOpenStore. |
| CERT_STRONG_SIGN_PARA | Contains parameters used to check for strong signatures on certificates, CRLs, OCSP reponses, and PKCS #7 messages. |
| CERT_STRONG_SIGN_SERIALIZED_INFO | Contains the signature algorithm/hash algorithm and public key algorithm/bit length pairs that can be used for strong signing. |
| CERT_SUBJECT_INFO_ACCESS | This is a synonym for the CERT_AUTHORITY_INFO_ACCESS structure. |
| CERT_SYSTEM_STORE_INFO | Contains information used by functions that work with system stores. |
| CERT_SYSTEM_STORE_RELOCATE_PARA | Contains data to be passed to CertOpenStore when that function's dwFlags parameter is set to CERT_SYSTEM_STORE_RELOCATE_FLAG. |
| CERT_TEMPLATE_EXT | This structure is a certificate template. |
| CERT_X942_DH_PARAMETERS | Contains parameters associated with a Diffie-Hellman public key algorithm. |
| CERT_X942_DH_VALIDATION_PARAMS | This structure is optionally pointed to by a member of the CERT_X942_DH_PARAMETERS structure and contains additional seed information. |
| CMC_ADD_ATTRIBUTES_INFO | Contains certificate attributes to be added to a certificate. |
| CMC_ADD_EXTENSIONS_INFO | Contains certificate extension control attributes to be added to a certificate. |
| CMC_DATA_INFO | This structure provides a means of communicating different pieces of tagged information. |
| CMC_PEND_INFO | This structure is a possible member of a CMC_STATUS_INFO structure. |
| CMC_RESPONSE_INFO | This structure provides a means of communicating different pieces of tagged information. |
| CMC_STATUS_INFO | Contains status information about Certificate Management Messages over CMS. |
| CMC_TAGGED_ATTRIBUTE | This structure is used in the CMC_DATA_INFO and CMC_RESPONSE_INFO structures. |
| CMC_TAGGED_CERT_REQUEST | This structure is used in the CMC_TAGGED_REQUEST structure. |
| CMC_TAGGED_CONTENT_INFO | This structure is used in the CMC_DATA_INFO and CMC_RESPONSE_INFO structures. |
| CMC_TAGGED_OTHER_MSG | This structure is used in the CMC_DATA_INFO and CMC_RESPONSE_INFO structures. |
| CMC_TAGGED_REQUEST | This structure is used in the CMC_DATA_INFO structures to request a certificate. |
| CRL_CONTEXT | Contains both the encoded and decoded representations of a CRL. |
| CRL_ENTRY | Contains information on a single revoked certificate. It is a member of a CRL_INFO structure. |
| CRL_INFO | Contains the information of a certificate revocation list (CRL). |
| CRL_ISSUING_DIST_POINT | Contains information about the kinds of certificates listed in a CRL. |
| CROSS_CERT_DIST_POINTS_INFO | This structure provides information used to update dynamic cross certificates. |
| CTL_ANY_SUBJECT_INFO | Contains a SubjectAlgorithm to be matched in the CTL and the SubjectIdentifier to be matched in one of the CTL entries in calls to CertFindSubjectInCTL. |
| CTL_CONTEXT | Contains both the encoded and decoded representations of a CTL. |
| CTL_ENTRY | This structure is an element of a certificate trust list (CTL). |
| CTL_FIND_SUBJECT_PARA | Contains data used by CertFindCTLInStore with a dwFindType of CTL_FIND_SUBJECT to find a certificate trust list (CTL). |
| CTL_FIND_USAGE_PARA | This structure is a member of the CTL_FIND_SUBJECT_PARA structure and it is used by CertFindCTLInStore. |
| CTL_INFO | Contains the information stored in a certificate trust list (CTL). |
| CTL_MODIFY_REQUEST | Contains a request to modify a certificate trust list. This structure is used in the CertModifyCertificatesToTrust function. |
| CTL_USAGE | Contains an array of Object Identifiers (OIDs) for certificate trust list (CTL) extensions. |
| CTL_VERIFY_USAGE_PARA | Contains parameters used by CertVerifyCTLUsage to establish the validity of a CTL's usage. |
| CTL_VERIFY_USAGE_STATUS | Contains information about a certificate trust list (CTL) returned by CertVerifyCTLUsage. |
X.509 Certificate Extension Structures
The following structures are associated with X.509 CERT_EXTENSION structures.
| Structure | Description |
|---|---|
| CERT_ACCESS_DESCRIPTION | This structure is a member of a CERT_AUTHORITY_INFO_ACCESS structure. |
| CERT_ALT_NAME_ENTRY | Contains an alternative name in one of a variety of name forms. |
| CERT_ALT_NAME_INFO | Used in encoding and decoding extensions for subject or issuer certificates, certificate revocation list (CRLs), and certificate trust list (CTLs). |
| CERT_AUTHORITY_INFO_ACCESS | Represents authority information access and subject information access certificate extensions and specifies how to access additional information and services for the subject or the issuer of that certificate. |
| CERT_AUTHORITY_KEY_ID_INFO | Identifies the key used to sign a certificate or CRL. |
| CERT_AUTHORITY_KEY_ID2_INFO | Identifies the key used to sign a certificate or CRL. It differs from the CERT_AUTHORITY_KEY_ID_INFO structure in that the certificate issuer is a CERT_ALT_NAME_INFO instead of a CERT_NAME_BLOB. |
| CERT_BASIC_CONSTRAINTS_INFO | Contains information indicating whether the certified subject can act as a CA, an end-entity, or both. |
| CERT_BASIC_CONSTRAINTS2_INFO | Contains information indicating whether the certified subject can act as a CA or an end entity. |
| CERT_KEY_ATTRIBUTES_INFO | Contains optional additional information about the public key being certified. |
| CERT_KEY_USAGE_RESTRICTION_INFO | Contains restrictions imposed on the usage of a certificate's public key. |
| CERT_POLICIES_INFO | Contains an array of CERT_POLICY_INFO. |
| CERT_POLICY_ID | Contains a list of certificate policies that the certificate expressly supports, together with optional qualifier information pertaining to these policies. |
| CERT_POLICY_INFO | Contains an object identifier (OID) specifying a policy and an optional array of policy qualifiers. |
| CERT_POLICY_QUALIFIER_INFO | Contains an object identifier (OID) specifying the qualifier and qualifier-specific supplemental information. |
| CERT_PRIVATE_KEY_VALIDITY | Indicates a valid time span for the private key corresponding to a certificate's public key. |
| CRL_DIST_POINT | Identifies a single CRL distribution point that a certificate user can reference to determine whether certificates have been revoked. |
| CRL_DIST_POINT_NAME | Identifies a location from which the CRL can be obtained. |
| CRL_DIST_POINTS_INFO | Contains a list of CRL distribution points a certificate user can reference to determine whether the certificate has been revoked. |
These structures can be encoded into the Value member of a CERT_EXTENSION structure by using the CryptEncodeObject and CryptEncodeObjectEx functions. They are created and returned by the CryptDecodeObject and CryptDecodeObjectEx functions when the Value member of a CERT_EXTENSION structure is decoded.
The structure encoded or created depends on the pszObjId string member of the CERT_EXTENSION structure.
Current extension predefined constants and OIDs along with the structure associated with each are shown in the following table.
Note
The predefined constant (column 1) and its corresponding OID (column 2) may be used interchangeably.
| Predefined constant | Object identifier (OID) | Data structure |
|---|---|---|
| X509_AUTHORITY_INFO_ACCESS | szOID_AUTHORITY_INFO_ACCESS | CERT_AUTHORITY_INFO_ACCESS |
| X509_AUTHORITY_KEY_ID | szOID_AUTHORITY_KEY_IDENTIFIER | CERT_AUTHORITY_KEY_ID_INFO |
| X509_ALTERNATE_NAME | szOID_SUBJECT_ALT_NAME – Or – szOID_ISSUER_ALT_NAME |
CERT_ALT_NAME_INFO |
| X509_BASIC_CONSTRAINTS | szOID_BASIC_CONSTRAINTS | CERT_BASIC_CONSTRAINTS_INFO |
| X509_BASIC_CONSTRAINTS2 | szOID_BASIC_CONSTRAINTS2 | CERT_BASIC_CONSTRAINTS2_INFO |
| X509_CERT_POLICIES | szOID_CERT_POLICIES | CERT_POLICIES_INFO |
| X509_KEY_ATTRIBUTES | szOID_KEY_ATTRIBUTES | CERT_KEY_ATTRIBUTES_INFO |
| X509_KEY_USAGE | szOID_KEY_USAGE | CRYPT_BIT_BLOB |
| X509_KEY_USAGE_RESTRICTION | szOID_KEY_USAGE_RESTRICTION | CERT_KEY_USAGE_RESTRICTION_INFO |
| None | szOID_POLICY_MAPPINGS | Not implemented |
| None | szOID_SUBJECT_DIR_ATTRS | Not implemented |
Message Structures
The following structures are used by the cryptographic message functions.
| Structure | Description |
|---|---|
| CMSG_CMS_RECIPIENT_INFO | This structure is used with the CryptMsgGetParam function to get information on a key transport, key agreement, or mail list envelope message recipient. |
| CMSG_CMS_SIGNER_INFO | This structure contains the content of the defined SignerInfo in signed or signed and enveloped messages. |
| CMSG_CNG_CONTENT_DECRYPT_INFO | Contains all the relevant information passed between CryptMsgControl and OID installable functions for the import and decryption of a Cryptography API: Next Generation (CNG) content encryption key (CEK). |
| CMSG_CONTENT_ENCRYPT_INFO | Contains information shared between the PFN_CMSG_GEN_CONTENT_ENCRYPT_KEY, PFN_CMSG_EXPORT_KEY_TRANS, PFN_CMSG_EXPORT_KEY_AGREE, and PFN_CMSG_EXPORT_MAIL_LISTobject identifier (OID) installable functions used for the encryption and export of a content encryption key. |
| CMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR_PARA | This structure is used to add an unauthenticated attribute to a signer of a signed message. |
| CMSG_CTRL_DECRYPT_PARA | This structure contains information used to decrypt an enveloped message for a key transport recipient. This structure is passed to CryptMsgControl if the dwCtrlType parameter is CMSG_CTRL_DECRYPT. |
| CMSG_CTRL_DEL_SIGNER_UNAUTH_ATTR_PARA | This structure is used to delete an unauthenticated attribute of a signer of a signed message. |
| CMSG_CTRL_KEY_AGREE_DECRYPT_PARA | This structure contains information about a key agreement recipient. |
| CMSG_CTRL_KEY_TRANS_DECRYPT_PARA | This structure containing information about a key transport message recipient. |
| CMSG_CTRL_MAIL_LIST_DECRYPT_PARA | This structure contains information on a mail list message recipient. |
| CMSG_CTRL_VERIFY_SIGNATURE_EX_PARA | This structure contains information used to verify a message signature. It contains the signer index and signer public key. The signer public key can be the signer's CERT_PUBLIC_KEY_INFOstructure, certificate context, or chain context. |
| CMSG_ENVELOPED_ENCODE_INFO | This structure contains information needed to encode an enveloped message. It is passed to CryptMsgOpenToEncode if dwMsgType is CMSG_ENVELOPED. |
| CMSG_ENVELOPED_HASHED_INFO | This structure is used with hashed messages. It is passed to CryptMsgOpenToEncode if dwMsgType is CMSG_ENVELOPED. |
| CMSG_KEY_AGREE_ENCRYPT_INFO | Contains encryption information applicable to all key agreement recipients of an enveloped message. |
| CMSG_KEY_AGREE_KEY_ENCRYPT_INFO | Contains the encrypted key for a key agreement recipient of an enveloped message. |
| CMSG_KEY_TRANS_ENCRYPT_INFO | Contains encryption information for a key transport recipient of enveloped data. |
| CMSG_MAIL_LIST_ENCRYPT_INFO | Contains encryption information for a mailing list recipient of enveloped data. |
| CMSG_KEY_AGREE_RECIPIENT_ENCODE_INFO | This structure contains information on a message recipient using key agreement key management. |
| CMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO | This structure contains encoded key transport information for a message recipient. |
| CMSG_KEY_TRANS_RECIPIENT_INFO | This structure contains information used in key transport algorithms. |
| CMSG_MAIL_LIST_RECIPIENT_ENCODE_INFO | This structure is used with previously distributed symmetric keys for decrypting the content key encryption key (KEK). |
| CMSG_MAIL_LIST_RECIPIENT_INFO | This structure contains information used for previously distributed symmetric key-encryption keys (KEK). |
| CMSG_RC2_AUX_INFO | This structure contains the bit length of the key for RC2 encryption algorithms. The pvEncryptionAuxInfo member in CMSG_ENVELOPED_ENCODE_INFOcan be set to point to an instance of this structure. |
| CMSG_RC4_AUX_INFO | This structure contains the bit length of the key for RC4 encryption algorithms. The pvEncryptionAuxInfo member in CMSG_ENVELOPED_ENCODE_INFOcan be set to point to an instance of this structure. |
| CMSG_RECIPIENT_ENCODE_INFO | This structure contains information a message recipient's content encryption key management type. |
| CMSG_RECIPIENT_ENCRYPTED_KEY_ENCODE_INFO | This structure contains information on a message receiver used to decrypt the session key needed to decrypt the message contents. This structure is used with CMS low level messages using any of the key management methods. |
| CMSG_RECIPIENT_ENCRYPTED_KEY_INFO | This structure contains information used for an individual key agreement recipient. |
| CMSG_SIGNED_ENCODE_INFO | This structure contains information to be passed to CryptMsgOpenToEncode if dwMsgType is CMSG_SIGNED. |
| CMSG_SIGNER_ENCODE_INFO | This structure contains signer information. It is passed to CryptMsgCountersign, CryptMsgCountersignEncoded, and optionally to CryptMsgOpenToEncode as a member of the CMSG_SIGNED_ENCODE_INFO structure, if the dwMsgType parameter is CMSG_SIGNED. |
| CMSG_SIGNER_INFO | This structure contains the content of the PKCS #7 defined SignerInfo in signed messages. |
| CMSG_SP3_COMPATIBLE_AUX_INFO | This structure contains information needed for SP3 compatible encryption. |
| CMSG_STREAM_INFO | This structure is used to enable processing stream data rather than single block processing. Stream processing is most often used when processing large messages. Stream-process messages can originate from any serialized source such as a file on a hard disk, a server, or a CD ROM. |
| CRYPT_DECRYPT_MESSAGE_PARA | Contains information for decrypting messages. |
| CRYPT_ENCRYPT_MESSAGE_PARA | Contains information used to encrypt messages. |
| CRYPT_HASH_MESSAGE_PARA | Contains data for hashing messages. |
| CRYPT_SIGN_MESSAGE_PARA | Contains information for signing messages using a specified signing certificate context. |
| CRYPT_VERIFY_MESSAGE_PARA | Contains information needed to verify a signed message. |
OID Support Structures
The following structures are used by the OID Support Functions.
| Structure | Description |
|---|---|
| CRYPT_OID_FUNC_ENTRY | Contains an object identifier (OID) and a pointer to its related function. It is used with CryptInstallOIDFunctionAddress |
| CRYPT_OID_INFO | Contains information about an object identifier (OID). |
| CRYPT_RC2_CBC_PARAMETERS | Contains information used with szOID_RSA_RC2CBC encryption. |
| CRYPT_SMIME_CAPABILITIES | Contains a prioritized array of supported capabilities. |
| CRYPT_SMIME_CAPABILITY | Specifies a single capability and its associated parameters. |
Certificate Chain Structures
The following structures are used in building certificate chains used to establish trust in a certificate.
| Structure | Description |
|---|---|
| AUTHENTICODE_EXTRA_CERT_CHAIN_POLICY_PARA | Holds policy information used in the verification of certificate chains for files. |
| AUTHENTICODE_EXTRA_CERT_CHAIN_POLICY_STATUS | Holds additional Authenticode policy information for chain verification of files. |
| AUTHENTICODE_TS_EXTRA_CERT_CHAIN_POLICY_PARA | Contains time stamp policy information that can be used in certificate chain verification of files. |
| CERT_CHAIN_CONTEXT | Contains an array of simple certificate chains and a trust status structure that indicates summary validity data on all of the connected simple chains. |
| CERT_CHAIN_ELEMENT | This structure is a single element in a simple certificate chain. |
| CERT_CHAIN_ENGINE_CONFIG | Sets parameters for building a nondefault certificate chain engine. |
| CERT_CHAIN_FIND_BY_ISSUER_PARA | Holds information used in CertFindChainInStore to build certificate chains. |
| CERT_CHAIN_PARA | Establishes the searching and matching criteria to be used in building a certificate chain. |
| CERT_CHAIN_POLICY_PARA | Contains information used in CertVerifyCertificateChainPolicy to establish policy criteria for the verification of certificate chains. |
| CERT_CHAIN_POLICY_STATUS | Holds certificate chain status information returned by CertVerifyCertificateChainPolicy from the verification of certificate chains. |
| CERT_REVOCATION_INFO | Indicates the revocation status of a certificate in a CERT_CHAIN_ELEMENT. |
| CERT_SELECT_CHAIN_PARA | Contains the parameters used for building and selecting chains. |
| CERT_SIMPLE_CHAIN | Contains an array of chain elements and a summary trust status for the chain that the array represents. |
| CERT_SELECTUI_INPUT | Used by the CertSelectionGetSerializedBlob function to serialize the certificates contained in a store or an array of certificate chains. The returned serialized BLOB can be passed to the CredUIPromptForWindowsCredentials function. |
| CERT_TRUST_LIST_INFO | Indicates valid usage of a CTL. |
| CERT_TRUST_STATUS | Contains trust information about a certificate in a certificate chain, summary trust information about a simple chain of certificates, or summary information about an array of simple chains. |
| CERT_USAGE_MATCH | Provides parameters for finding issuer certificates used to build a certificate chain. |
| CTL_USAGE_MATCH | Provides parameters for finding certificate trust lists (CTL) used to build a certificate chain. |
| SSL_EXTRA_CERT_CHAIN_POLICY_PARA | Holds policy information used in the verification of Secure Sockets Layer (SSL) client/server certificate chains. |
CSP Structures
The following structures are used with cryptographic service provider (CSP) functions.
| Structure | Description |
|---|---|
| BLOBHEADER | Indicates a key's BLOB type and the algorithm that the key uses. |
| VTableProvStruc | Contains pointers to callback functions that can be used by CSP functions. |
| PLAINTEXTKEYBLOB | Contains parameter header information for a plaintext key. |
WinTrust Structures
The following structures are used with the WinVerifyTrust function.
| Structure | Description |
|---|---|
| CRYPT_PROVIDER_DEFUSAGE | Used by the WintrustGetDefaultForUsage function to retrieve callback information for a provider's default usage. |
| CRYPT_PROVIDER_REGDEFUSAGE | Used by the WintrustAddDefaultForUsage function to register callback information about a provider's default usage. |
| SPC_INDIRECT_DATA_CONTENT | Stores the digest and other attributes of an Authenticode-signed file. |
| WINTRUST_BLOB_INFO | Used when calling WinVerifyTrust to verify a memory BLOB. |
| WINTRUST_CATALOG_INFO | Used when calling WinVerifyTrust to verify a member of a Microsoft catalog. |
| WINTRUST_CERT_INFO | Used when calling WinVerifyTrust to verify a CERT_CONTEXT. |
| WINTRUST_DATA | Used when calling WinVerifyTrust to pass necessary information into the trust providers |
| WINTRUST_FILE_INFO | Used when calling WinVerifyTrust to verify an individual file. |
| WINTRUST_SGNR_INFO | Used when calling WinVerifyTrust to verify a CMSG_SIGNER_INFO structure. |
SIP Structures
The following structures are used by subject interface package (SIPP functions.
| Structure | Description |
|---|---|
| SIP_ADD_NEWPROVIDER | Defines an SIP. |
| SIP_CAP_SET | Defines the capabilities of an SIP. |
| SIP_DISPATCH_INFO | Contains a set of pointers to SIP functions. |
| SIP_INDIRECT_DATA | Contains a digest of the hashed subject information. |
| SIP_SUBJECTINFO | Specifies SIP subject information. |