ISignerCertificate interface (certenroll.h)
The ISignerCertificate interface represents a signing certificate that enables you to sign a certificate request. When you initialize the interface, the Certificate Enrollment Control retrieves the signing certificate from the personal store and uses it to find an associated private key. You can use the private key to sign a PKCS #7 or a CMC request but not a PKCS #10 request. PKCS #10 requests must be signed by using the private key associated with the public key included in the request. Self-signed certificates can be signed by using the private key associated with the request or the private key associated with the signing certificate. This is summarized in the following table.
| Request type (Interface) | Signing certificates |
|---|---|
| PKCS #7(IX509CertificateRequestPkcs7) | 1 |
| PKCS #10(IX509CertificateRequestPkcs10) | 0 |
| CMC(IX509CertificateRequestCmc) | 0 or more |
| Self-signed(IX509CertificateRequestCertificate) | 0 or 1 |
When signing a CMC request, the data to be signed consists of a Distinguished Encoding Rules (DER) encoded CmcData object wrapped in a CMS SignedData object. The encryptedDigest field of the SignerInfo object contains a signature, and multiple SignerInfo objects can be associated with the request.
---------------------------------------------------------------------
-- CMC request data
---------------------------------------------------------------------
CmcData ::= SEQUENCE
{
controlSequence SEQUENCE OF TaggedAttribute,
reqSequence SEQUENCE OF TaggedRequest,
cmsSequence SEQUENCE OF TaggedContentInfo,
otherMsgSequence SEQUENCE OF TaggedOtherMs
}
---------------------------------------------------------------------
-- SignedData object that wraps the CMC request
---------------------------------------------------------------------
SignedData ::= SEQUENCE
{
version INTEGER,
digestAlgorithms DigestAlgorithmIdentifiers,
contentInfo ContentInfo,
certificates [0] IMPLICIT Certificates OPTIONAL,
crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
signerInfos SignerInfos
}
DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
DigestAlgorithmIdentifiersNC ::= SET OF DigestAlgorithmIdentifierNC
SignerInfos ::= SET OF SignerInfo
SignerInfo ::= SEQUENCE
{
version INTEGER,
sid CertIdentifier,
digestAlgorithm DigestAlgorithmIdentifier,
authenticatedAttributes [0] IMPLICIT Attributes OPTIONAL,
digestEncryptionAlgorithm DigestEncryptionAlgId,
encryptedDigest EncryptedDigest,
unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL
}
Each ISignerCertificate object is associated with one IX509SignatureInformation object that identifies the hashing and public key algorithms used. This object is created and initialized when the ISignerCertificate object is initialized.
Inheritance
The ISignerCertificate interface inherits from the IDispatch interface. ISignerCertificate also has these types of members:
Methods
The ISignerCertificate interface has these methods.
| ISignerCertificate::get_Certificate Retrieves a Distinguished Encoding Rules (DER) encoded byte array that contains the certificate. |
| ISignerCertificate::get_ParentWindow Specifies or retrieves the ID of the window used to display signing certificate information. (Get) |
| ISignerCertificate::get_PrivateKey Retrieves the private key associated with the ISignerCertificate object. |
| ISignerCertificate::get_SignatureInformation Retrieves an IX509SignatureInformation object that contains information about the certificate signature. |
| ISignerCertificate::get_Silent Specifies or retrieves a Boolean value that indicates whether the user is notified when the private key is used to sign a certificate request. (Get) |
| ISignerCertificate::get_UIContextMessage Specifies or retrieves a string that contains user interface text associated with the signing certificate. (Get) |
| ISignerCertificate::Initialize Initializes the object from a signing certificate. |
| ISignerCertificate::put_ParentWindow Specifies or retrieves the ID of the window used to display signing certificate information. (Put) |
| ISignerCertificate::put_Pin Specifies a personal identification number (PIN) used to authenticate a smart card user. |
| ISignerCertificate::put_Silent Specifies or retrieves a Boolean value that indicates whether the user is notified when the private key is used to sign a certificate request. (Put) |
| ISignerCertificate::put_UIContextMessage Specifies or retrieves a string that contains user interface text associated with the signing certificate. (Put) |
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows Vista [desktop apps only] |
| Minimum supported server | Windows Server 2008 [desktop apps only] |
| Target Platform | Windows |
| Header | certenroll.h |