IX509SignatureInformation interface (certenroll.h)
The IX509SignatureInformation interface represents information used to sign a certificate request. This includes signature, hash, and public key algorithms, and public key parameters. The signature process consists of digesting the certificate request by using a hash algorithm, encoding the digest and the hash algorithm identifier by using Distinguished Encoding Rules (DER), and signing (encrypting) the result.
The algorithms used in this process can be either discrete or combined. Discrete algorithms are represented by separate object identifiers (OIDs) for the hashing algorithm and the signing algorithm. Discrete algorithms are used when signing a PKCS #7 or CMC request. Examples include the following values.
| Discrete algorithm OID | Description |
|---|---|
| XCN_OID_NIST_sha256(2.16.840.1.101.3.4.2.1) | National Institute of Standards and Technologies (NIST) 256-bit SHA hashing algorithm. |
| XCN_OID_OIWSEC_rsaSign(1.3.14.3.2.11) | NIST OSE Implementer Workshop Security (OIWSEC) RSA signing algorithm. |
Combined algorithms, which can be used to sign PKCS #10 requests, are represented by a single OID that identifies both the hashing and the signing algorithm. Examples include the following values.
| Combined algorithm OID | Description |
|---|---|
| XCN_OID_RSA_MD2RSA(1.2.840.113549.1.1.2) | MD2 hashing algorithm combined with the RSA encryption algorithm from RSA Laboratories. |
| XCN_OID_OIWSEC_md5RSA(1.3.14.3.2.3) | OIWSEC MD5 hashing algorithm combined with the RSA encryption algorithm. |
The object is automatically initialized when an IX509CertificateRequestCmc, IX509CertificateRequestPkcs10, or ISignerCertificate object is initialized.
Inheritance
The IX509SignatureInformation interface inherits from the IDispatch interface. IX509SignatureInformation also has these types of members:
Methods
The IX509SignatureInformation interface has these methods.
| IX509SignatureInformation::get_AlternateSignatureAlgorithm Specifies and retrieves a Boolean value that specifies whether the GetSignatureAlgorithm method should retrieve a discrete or combined algorithm object identifier (OID) for a PKCS (Get) |
| IX509SignatureInformation::get_AlternateSignatureAlgorithmSet Retrieves a Boolean value that specifies whether the AlternateSignatureAlgorithm property has been explicitly set by a caller. |
| IX509SignatureInformation::get_HashAlgorithm Specifies and retrieves an object identifier (OID) for the hashing algorithm used in the GetSignatureAlgorithm method. (Get) |
| IX509SignatureInformation::get_NullSigned Specifies and retrieves a Boolean value that indicates whether the certificate request is null-signed. (Get) |
| IX509SignatureInformation::get_Parameters Retrieves a byte array that contains the parameters associated with the signature algorithm. (Get) |
| IX509SignatureInformation::get_PublicKeyAlgorithm Specifies and retrieves an object identifier (OID) for the public key algorithm used in the GetSignatureAlgorithm method. (Get) |
| IX509SignatureInformation::GetSignatureAlgorithm Retrieves the signing algorithm object identifier (OID). |
| IX509SignatureInformation::put_AlternateSignatureAlgorithm Specifies and retrieves a Boolean value that specifies whether the GetSignatureAlgorithm method should retrieve a discrete or combined algorithm object identifier (OID) for a PKCS (Put) |
| IX509SignatureInformation::put_HashAlgorithm Specifies and retrieves an object identifier (OID) for the hashing algorithm used in the GetSignatureAlgorithm method. (Put) |
| IX509SignatureInformation::put_NullSigned Specifies and retrieves a Boolean value that indicates whether the certificate request is null-signed. (Put) |
| IX509SignatureInformation::put_Parameters Retrieves a byte array that contains the parameters associated with the signature algorithm. (Put) |
| IX509SignatureInformation::put_PublicKeyAlgorithm Specifies and retrieves an object identifier (OID) for the public key algorithm used in the GetSignatureAlgorithm method. (Put) |
| IX509SignatureInformation::SetDefaultValues Specifies a default hashing algorithm used to create a digest of the certificate request prior to signing. |
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows Vista [desktop apps only] |
| Minimum supported server | Windows Server 2008 [desktop apps only] |
| Target Platform | Windows |
| Header | certenroll.h |