IX509SignatureInformation::GetSignatureAlgorithm method (certenroll.h)
The GetSignatureAlgorithm method retrieves the signing algorithm object identifier (OID).
Syntax
HRESULT GetSignatureAlgorithm(
[in] VARIANT_BOOL Pkcs7Signature,
[in] VARIANT_BOOL SignatureKey,
[out] IObjectId **ppValue
);
Parameters
[in] Pkcs7Signature
A VARIANT_BOOL variable that specifies whether the algorithm will be used to sign a PKCS #7 or CMC certificate request.
[in] SignatureKey
A VARIANT_BOOL variable that specifies whether an algorithm that is only used for signing is preferred when an algorithm OID is associated with more than one purpose. For example, XCN_OID_RSA_RSA (1.2.840.113549.1.1.1) can be used for both signing and key exchange.
[out] ppValue
Address of a variable that receives a pointer to an IObjectId interface that represents the algorithm OID.
Return value
If the function succeeds, the function returns S_OK.
If the function fails, it returns an HRESULT value that indicates the error. Possible values include, but are not limited to, those in the following table. For a list of common error codes, see Common HRESULT Values.
| Return code/value | Description |
|---|---|
|
The hashing algorithm OID, or the NullSigned property has not been specified but the signing algorithm OID cannot be found. |
|
The combined signature algorithm could not be found. |
Remarks
This method searches for a cached signing algorithm that is consistent with the input parameters. If none is found, the method uses the input parameters plus the values assigned to various IX509SignatureInformation properties as indicated by the following list.
-
Pkcs7Signature = true, NullSigned = true
This case represents a null-signed PKCS #7 certificate request. The method returns the XCN_OID_PKIX_NO_SIGNATURE (1.3.6.1.5.5.7.6.2) OID.
-
Pkcs7Signature = true, NullSigned = false
This case retrieves a discrete signature algorithm OID for a PKCS #7 request that is not null-signed. The discrete signature requires that the HashAlgorithm and PublicKeyAlgorithm properties be set. In the special case where the public key algorithm is XCN_OID_X957_DSA and the hashing algorithm is not XCN_OID_OIWSEC_sha1, the signature algorithm OID retrieved is XCN_OID_X957_SHA1DSA (1.2.840.10040.4.3).
-
Pkcs7Signature = false, NullSigned = false, AlternateSignatureAlgorithm = true
This case retrieves a discrete signature algorithm OID for a PKCS #10 request and encodes the hash algorithm OID in the Parameters property. The HashAlgorithm and PublicKeyAlgorithm properties must be set.
-
Pkcs7Signature = false, NullSigned = false, AlternateSignatureAlgorithm = false
This case retrieves a discrete signature algorithm OID for a PKCS #7 request. The HashAlgorithm and PublicKeyAlgorithm properties must be set.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows Vista [desktop apps only] |
| Minimum supported server | Windows Server 2008 [desktop apps only] |
| Target Platform | Windows |
| Header | certenroll.h |
| DLL | CertEnroll.dll |
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for