ISignerCertificate interface (certenroll.h)

The ISignerCertificate interface represents a signing certificate that enables you to sign a certificate request. When you initialize the interface, the Certificate Enrollment Control retrieves the signing certificate from the personal store and uses it to find an associated private key. You can use the private key to sign a PKCS #7 or a CMC request but not a PKCS #10 request. PKCS #10 requests must be signed by using the private key associated with the public key included in the request. Self-signed certificates can be signed by using the private key associated with the request or the private key associated with the signing certificate. This is summarized in the following table.

Request type (Interface) Signing certificates
PKCS #7(IX509CertificateRequestPkcs7) 1
PKCS #10(IX509CertificateRequestPkcs10) 0
CMC(IX509CertificateRequestCmc) 0 or more
Self-signed(IX509CertificateRequestCertificate) 0 or 1
 

When signing a CMC request, the data to be signed consists of a Distinguished Encoding Rules (DER) encoded CmcData object wrapped in a CMS SignedData object. The encryptedDigest field of the SignerInfo object contains a signature, and multiple SignerInfo objects can be associated with the request.


---------------------------------------------------------------------
-- CMC request data
---------------------------------------------------------------------

CmcData ::= SEQUENCE 
{
controlSequence     SEQUENCE OF TaggedAttribute,
reqSequence         SEQUENCE OF TaggedRequest,
cmsSequence         SEQUENCE OF TaggedContentInfo,
otherMsgSequence    SEQUENCE OF TaggedOtherMs
}

---------------------------------------------------------------------
-- SignedData object that wraps the CMC request
---------------------------------------------------------------------

SignedData ::= SEQUENCE 
{
   version             INTEGER,
   digestAlgorithms    DigestAlgorithmIdentifiers,
   contentInfo         ContentInfo,
   certificates        [0] IMPLICIT Certificates OPTIONAL,
   crls                [1] IMPLICIT CertificateRevocationLists OPTIONAL,
   signerInfos         SignerInfos
}

DigestAlgorithmIdentifiers ::=  SET OF DigestAlgorithmIdentifier 
DigestAlgorithmIdentifiersNC ::= SET OF DigestAlgorithmIdentifierNC

SignerInfos ::= SET OF SignerInfo

SignerInfo ::= SEQUENCE 
{
    version                     INTEGER,
    sid                         CertIdentifier,
    digestAlgorithm             DigestAlgorithmIdentifier,
    authenticatedAttributes     [0] IMPLICIT Attributes OPTIONAL,
    digestEncryptionAlgorithm   DigestEncryptionAlgId,
    encryptedDigest             EncryptedDigest,
    unauthenticatedAttributes   [1] IMPLICIT Attributes OPTIONAL
}

Each ISignerCertificate object is associated with one IX509SignatureInformation object that identifies the hashing and public key algorithms used. This object is created and initialized when the ISignerCertificate object is initialized.

Inheritance

The ISignerCertificate interface inherits from the IDispatch interface. ISignerCertificate also has these types of members:

Methods

The ISignerCertificate interface has these methods.

 
ISignerCertificate::get_Certificate

Retrieves a Distinguished Encoding Rules (DER) encoded byte array that contains the certificate.
ISignerCertificate::get_ParentWindow

Specifies or retrieves the ID of the window used to display signing certificate information. (Get)
ISignerCertificate::get_PrivateKey

Retrieves the private key associated with the ISignerCertificate object.
ISignerCertificate::get_SignatureInformation

Retrieves an IX509SignatureInformation object that contains information about the certificate signature.
ISignerCertificate::get_Silent

Specifies or retrieves a Boolean value that indicates whether the user is notified when the private key is used to sign a certificate request. (Get)
ISignerCertificate::get_UIContextMessage

Specifies or retrieves a string that contains user interface text associated with the signing certificate. (Get)
ISignerCertificate::Initialize

Initializes the object from a signing certificate.
ISignerCertificate::put_ParentWindow

Specifies or retrieves the ID of the window used to display signing certificate information. (Put)
ISignerCertificate::put_Pin

Specifies a personal identification number (PIN) used to authenticate a smart card user.
ISignerCertificate::put_Silent

Specifies or retrieves a Boolean value that indicates whether the user is notified when the private key is used to sign a certificate request. (Put)
ISignerCertificate::put_UIContextMessage

Specifies or retrieves a string that contains user interface text associated with the signing certificate. (Put)

Requirements

Requirement Value
Minimum supported client Windows Vista [desktop apps only]
Minimum supported server Windows Server 2008 [desktop apps only]
Target Platform Windows
Header certenroll.h

See also

CertEnroll Interfaces

IDispatch

ISignerCertificates