CertInit (Windows Embedded CE 6.0)
1/6/2010
The CertInit function initializes internal resources for the Certification Module (CertMod).
For more information on the Certification Module, see certmod Module.
Syntax
DWORD CertInit();
Parameters
None.
Return Value
This method returns the following results.
- TRUE
The CertInit function successfully initialized CertMod.
- FALSE
The CertInit function could not initialize CertMod. This can result when you run out of memory, when a related process times-out, or when an internal operation is aborted.
Remarks
The CertInit function, along with the CertVerify function, belongs to the Certification Module, which is part of Windows Embedded CE 6.0's extensible security model. You can include this module in your image by setting SYSGEN_CERTMOD.
CertMod provides an authentication service for the FileSys Module by checking for valid certificate signatures on executable files. It does this by calling into the Evidence Generator (EvGen) module, and Cryptography (Crypto) components to look for and examine certification evidence if it is present in the executable file.
The CertInit function is only called once—when the filesys Module loads the Certification Module (Certmod.dll).
There are no Trust Levels in Windows Embedded CE 6.0, which uses a one tier security model. In this model, the FileSys module only loads an executable file if CertMod can chain it's certificate to a certificate in one of the certificate stores.
On images that do not include the CertMod module, all executable files are loaded—regardless of whether they include a certificate.
CertMod runs in association with the following standard CE 6.0 components:
- EvGen
The Evidence Generator, which opens files to expose their digital certificate for inspection and validation. This is an internal component is used by CertMod.
- FileSys Module
The File System Module, which manages the Windows Embedded CE file system.
- Crypt32 Module
The Cryptographic APIs.
Registry
CertVerify checks the following registry key for registered certificate stores:[HKLM\Security\CertMod\<Certificate Store Name>] "AccountName" = REG_SZ:""AccountName is the name associated with the certificate. It is returned by CertVerify in the pUserName parameter if the executable file is digitally signed, and if its certificate can be chained to one of the certificates registered in one of the certificate stores, or in the Revoked List.
Requirements
| Header | cecertmod.h |
| Library | Certmod.dll |
| Windows Embedded CE | Windows Embedded CE 6.0 and later |
See Also
Reference
Certificates Functions
Authentication Services Functions
CertVerify