IX509SignatureInformation::get_Parameters method (certenroll.h)
The Parameters property retrieves a byte array that contains the parameters associated with the signature algorithm. The byte array is represented by a Unicode-encoded string.
This property is read/write.
Syntax
HRESULT get_Parameters(
EncodingType Encoding,
BSTR *pValue
);
Parameters
Encoding
pValue
Return value
None
Remarks
The AlgorithmIdentifier ASN.1 object that is used in various fields of an X.509 version 3 certificate contains an algorithm object identifier (OID) and optional parameters.
AlgorithmIdentifier ::= SEQUENCE
{
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL
}
The format and content of the parameters differs by algorithm. The Certificate Enrollment Control generates parameter information as required. Parameter values generated for various algorithms are discussed in the following sections.
PKCS #1 version 1.5 signature algorithms:
The following OIDs must have a NULL parameter value.
- XCN_OID_RSA_MD2RSA (1.2.840.113549.1.1.2)
- XCN_OID_RSA_MD5RSA (1.2.840.113549.1.1.4)
- XCN_OID_RSA_SHA1RSA (1.2.840.113549.1.1.5)
- XCN_OID_RSA_SHA256RSA (1.2.840.113549.1.1.11)
- XCN_OID_RSA_SHA384RSA (1.2.840.113549.1.1.12)
- XCN_OID_RSA_SHA512RSA (1.2.840.113549.1.1.13)
The ASN.1 NULL value is represented by two bytes. The tag number is 0x05 and the value associated with the tag, representing the parameter length, is 0x00. This is shown by the following certificate example.
...
Public Key Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA (RSA_SIGN)
Algorithm Parameters:
05 00
...
RSASSA-PSS signatures:
The RSASSA-PSS (RSA Signature Scheme with Appendix - Probabilistic Signature Scheme), XCN_OID_RSA_SSA_PSS (1.2.840.113549.1.1.10), generates the following parameter information. A signature scheme with appendix consists of signature generation and signature verification operations. Verification of the signature requires the original certificate request on which the signature was generated. For more information, see the PKCS #1 v2.1 cryptography standard from RSA laboratories.
RSASSA-PSS-params ::= SEQUENCE
{
hashAlgorithm [0] HashAlgorithm DEFAULT sha1,
maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1,
saltLength [2] INTEGER DEFAULT 20,
trailerField [3] TrailerField DEFAULT trailerFieldBC
}
ECDSA-SHA1 signature algorithms: When the XCN_OID_ECDSA_SHA1 (1.2.840.10045.4.1) is used to create a signature, the parameters contains the OID of the hash algorithm. The following OIDs are supported:
- XCN_OID_ECDSA_SHA256 (1.2.840.10045.4.3.2)
- XCN_OID_ECDSA_SHA384 (1.2.840.10045.4.3.3)
- XCN_OID_ECDSA_SHA512 (1.2.840.10045.4.3.4)
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows Vista [desktop apps only] |
| Minimum supported server | Windows Server 2008 [desktop apps only] |
| Target Platform | Windows |
| Header | certenroll.h |
| DLL | CertEnroll.dll |
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for