WINTRUST_DATA structure (wintrust.h)
[The WINTRUST_DATA structure is available for use in the operating systems specified in the Requirements section. It may be altered or unavailable in subsequent versions.]
The WINTRUST_DATA structure is used when calling WinVerifyTrust to pass necessary information into the trust providers.
Syntax
typedef struct _WINTRUST_DATA {
DWORD cbStruct;
LPVOID pPolicyCallbackData;
LPVOID pSIPClientData;
DWORD dwUIChoice;
DWORD fdwRevocationChecks;
DWORD dwUnionChoice;
union {
#if ...
WINTRUST_FILE_INFO_ *pFile;
#else
struct WINTRUST_FILE_INFO_ *pFile;
#endif
#if ...
WINTRUST_CATALOG_INFO_ *pCatalog;
#else
struct WINTRUST_CATALOG_INFO_ *pCatalog;
#endif
#if ...
WINTRUST_BLOB_INFO_ *pBlob;
#else
struct WINTRUST_BLOB_INFO_ *pBlob;
#endif
#if ...
WINTRUST_SGNR_INFO_ *pSgnr;
#else
struct WINTRUST_SGNR_INFO_ *pSgnr;
#endif
#if ...
WINTRUST_CERT_INFO_ *pCert;
#else
struct WINTRUST_CERT_INFO_ *pCert;
#endif
#if ...
WINTRUST_DETACHED_SIG_INFO_ *pDetachedSig;
#else
struct WINTRUST_DETACHED_SIG_INFO_ *pDetachedSig;
#endif
};
DWORD dwStateAction;
HANDLE hWVTStateData;
WCHAR *pwszURLReference;
DWORD dwProvFlags;
DWORD dwUIContext;
struct WINTRUST_SIGNATURE_SETTINGS_ *pSignatureSettings;
} WINTRUST_DATA, *PWINTRUST_DATA;
Members
cbStruct
The size, in bytes, of this structure.
pPolicyCallbackData
A pointer to a data buffer used to pass policy-specific data to a policy provider. This member can be NULL.
pSIPClientData
A pointer to a data buffer used to pass subject interface package (SIP)-specific data to a SIP provider. This member can be NULL.
dwUIChoice
Specifies the kind of user interface (UI) to be used. This member must be one of the following values.
| Value | Meaning |
|---|---|
|
Display all UI. |
|
Display no UI. |
|
Do not display any negative UI. |
|
Do not display any positive UI. |
fdwRevocationChecks
Certificate revocation check options. This member can be set to add revocation checking to that done by the selected policy provider. This member must be one of the following values.
| Value | Meaning |
|---|---|
|
No additional revocation checking will be done when the WTD_REVOKE_NONE flag is used in conjunction with the HTTPSPROV_ACTION value set in the pgActionID parameter of the WinVerifyTrust function. To ensure the WinVerifyTrust function does not attempt any network retrieval when verifying code signatures, WTD_CACHE_ONLY_URL_RETRIEVAL must be set in the dwProvFlags parameter. |
|
Revocation checking will be done on the whole chain. |
dwUnionChoice
Specifies the union member to be used and, thus, the type of object for which trust will be verified. This member must be one of the following values.
| Value | Meaning |
|---|---|
|
Use the file pointed to by pFile. |
|
Use the catalog pointed to by pCatalog. |
|
Use the BLOB pointed to by pBlob. |
|
Use the [WINTRUST_SGNR_INFO](/windows/desktop/api/wintrust/ns-wintrust-wintrust_sgnr_info) structure pointed to by pSgnr. |
|
Use the certificate pointed to by pCert. |
pFile
A pointer to a WINTRUST_FILE_INFO structure.
pCatalog
A pointer to a WINTRUST_CATALOG_INFO structure.
pBlob
A pointer to a WINTRUST_BLOB_INFO structure.
pSgnr
A pointer to a WINTRUST_SGNR_INFO structure.
pCert
A pointer to a WINTRUST_CERT_INFO structure.
pDetachedSig
dwStateAction
Specifies the action to be taken. This can be one of the following values.
hWVTStateData
A handle to the state data. The contents of this member depends on the value of the dwStateAction member.
pwszURLReference
Reserved for future use. Set to NULL.
dwProvFlags
DWORD value that specifies trust provider settings. This can be a bitwise combination of zero or more of the following values.
| Value | Meaning |
|---|---|
|
The trust is verified in the same manner as implemented by Internet Explorer 4.0. |
|
The Internet Explorer 4.0 chain functionality is not used. |
|
The default verification of the policy provider, such as code signing for Authenticode, is not performed, and the certificate is assumed valid for all usages. |
|
Revocation checking is not performed. |
|
Revocation checking is performed on the end certificate only. |
|
Revocation checking is performed on the entire certificate chain. |
|
Revocation checking is performed on the entire certificate chain, excluding the root certificate. |
|
Not supported. |
|
Only the hash is verified. |
|
The default operating system version checking is performed. This flag is only used for verifying catalog-signed files. |
|
If this flag is not set, all time stamped signatures are considered valid forever. Setting this flag limits the valid lifetime of the signature to the lifetime of the signing certificate. This allows time stamped signatures to expire. |
|
Use only the local cache for revocation checks. Prevents revocation checks over the network.
Windows XP: This value is not supported. |
|
Disable the use of MD2 and MD4 hashing algorithms. If a file is signed by using MD2 or MD4 and if this flag is set, an NTE_BAD_ALGID error is returned.
Note This flag is supported on Windows 7 with SP1 and later operating systems.
|
|
If this flag is specified it is assumed that the file being verified has been downloaded from the web and has the Mark of the Web attribute. Policies that are meant to apply to Mark of the Web files will be enforced.
Note This flag is supported on Windows 8.1 and later operating systems or on systems that have installed KB2862966.
|
dwUIContext
A DWORD value that specifies the user interface context for the WinVerifyTrust function. This causes the text in the Authenticode dialog box to match the action taken on the file. This can be one of the following values.
| Value | Meaning |
|---|---|
|
Use when calling WinVerifyTrust for a file that is to be run. This is the default value. |
|
Use when calling WinVerifyTrust for a file that is to be installed. |
pSignatureSettings
Pointer to a WINTRUST_SIGNATURE_SETTINGS structure.
Windows 8 and Windows Server 2012: Support for this member begins.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows XP [desktop apps only] |
| Minimum supported server | Windows Server 2003 [desktop apps only] |
| Header | wintrust.h |