Edit

Share via

CertStrToNameA function (wincrypt.h)

  • Article

The CertStrToName function converts a null-terminated X.500 string to an encoded certificate name.

Syntax

BOOL CertStrToNameA(
  [in]            DWORD  dwCertEncodingType,
  [in]            LPCSTR pszX500,
  [in]            DWORD  dwStrType,
  [in, optional]  void   *pvReserved,
  [out]           BYTE   *pbEncoded,
  [in, out]       DWORD  *pcbEncoded,
  [out, optional] LPCSTR *ppszError
);

Parameters

[in] dwCertEncodingType

The certificate encoding type that was used to encode the string. The message encoding type identifier, contained in the high WORD of this value, is ignored by this function.

This parameter can be the following currently defined certificate encoding type.

Value Meaning
X509_ASN_ENCODING
1 (0x1)
 Specifies X.509 certificate encoding.

[in] pszX500

A pointer to the null-terminated X.500 string to be converted. The format of this string is specified by the dwStrType parameter.

This string is expected to be formatted the same as the output from the CertNameToStr function.

[in] dwStrType

This parameter specifies the type of the string. This parameter also specifies other options for the contents of the string.

If no flags are combined with the string type specifier, the string can contain a comma (,) or a semicolon (;) as separators in the relative distinguished name (RDN) and a plus sign (+) as the separator in multiple RDN values.

Quotation marks ("") are supported. A quotation can be included in a quoted value by using two sets of quotation marks, for example, CN="User ""one""".

A value that starts with a number sign (#) is treated as ASCII hexadecimal and converted to a CERT_RDN_OCTET_STRING. Embedded white space is ignored. For example, 1.2.3 = # AB CD 01 is the same as 1.2.3=#ABCD01.

White space that surrounds the keys, object identifiers, and values is ignored.

This parameter can be one of the following values.

Value Meaning
CERT_SIMPLE_NAME_STR
1
 This string type is not supported.
CERT_OID_NAME_STR
2
 Validates that the string type is supported. The string can be either an object identifier (OID) or an X.500 name.
CERT_X500_NAME_STR
3
 Identical to CERT_OID_NAME_STR. Validates that the string type is supported. The string can be either an object identifier (OID) or an X.500 name.
 

The following options can also be combined with the value above to specify additional options for the string.

Value Meaning
CERT_NAME_STR_COMMA_FLAG
0x04000000
 Only a comma (,) is supported as the RDN separator.
CERT_NAME_STR_SEMICOLON_FLAG
0x40000000
 Only a semicolon (;) is supported as the RDN separator.
CERT_NAME_STR_CRLF_FLAG
0x08000000
 Only a backslash r (\r) or backslash n (\n) is supported as the RDN separator.
CERT_NAME_STR_NO_PLUS_FLAG
0x20000000
 The plus sign (+) is ignored as a separator, and multiple values per RDN are not supported.
CERT_NAME_STR_NO_QUOTING_FLAG
0x10000000
 Quoting is not supported.
CERT_NAME_STR_REVERSE_FLAG
0x02000000
 The order of the RDNs in a distinguished name is reversed before encoding. This flag is not set by default.
CERT_NAME_STR_ENABLE_T61_UNICODE_FLAG
0x00020000
 The CERT_RDN_T61_STRING encoded value type is used instead of CERT_RDN_UNICODE_STRING. This flag can be used if all the Unicode characters are less than or equal to 0xFF.
CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG
0x00040000
 The CERT_RDN_UTF8_STRING encoded value type is used instead of CERT_RDN_UNICODE_STRING.
CERT_NAME_STR_FORCE_UTF8_DIR_STR_FLAG
0x00080000
 Forces the X.500 key to be encoded as a UTF-8 (CERT_RDN_UTF8_STRING) string rather than as a printable Unicode (CERT_RDN_PRINTABLE_STRING) string. This is the default value for Microsoft certification authorities beginning with Windows Server 2003.
CERT_NAME_STR_DISABLE_UTF8_DIR_STR_FLAG
0x00100000
 Prevents forcing a printable Unicode (CERT_RDN_PRINTABLE_STRING) X.500 key to be encoded by using UTF-8 (CERT_RDN_UTF8_STRING). Use to enable encoding of X.500 keys as Unicode values when CERT_NAME_STR_FORCE_UTF8_DIR_STR_FLAG is set.
CERT_NAME_STR_ENABLE_PUNYCODE_FLAG
0x00200000
 If the string contains an email RDN value, and the email address contains Unicode characters outside of the ASCII character set, the host name portion of the email address is encoded in Punycode. The resultant email address is then encoded as an IA5String string. The Punycode encoding of the host name is performed on a label-by-label basis.

Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP:  This value is not supported.

[in, optional] pvReserved

Reserved for future use and must be NULL.

[out] pbEncoded

A pointer to a buffer that receives the encoded structure.

The size of this buffer is specified in the pcbEncoded parameter.

This parameter can be NULL to obtain the required size of the buffer for memory allocation purposes. For more information, see Retrieving Data of Unknown Length.

[in, out] pcbEncoded

A pointer to a DWORD that, before calling the function, contains the size, in bytes, of the buffer pointed to by the pbEncoded parameter. When the function returns, the DWORD contains the number of bytes stored in the buffer.

If pbEncoded is NULL, the DWORD receives the size, in bytes, required for the buffer.

[out, optional] ppszError

A pointer to a string pointer that receives additional error information about an input string that is not valid.

If the pszX500 string is not valid, ppszError is updated by this function to point to the beginning of the character sequence that is not valid. If no errors are detected in the input string, ppszError is set to NULL.

If this information is not required, pass NULL for this parameter.

This parameter is updated for the following error codes returned from GetLastError.

CRYPT_E_INVALID_X500_STRING

CRYPT_E_INVALID_NUMERIC_STRING

CRYPT_E_INVALID_PRINTABLE_STRING

CRYPT_E_INVALID_IA5_STRING

Return value

Returns nonzero if successful or zero otherwise.

For extended error information, call GetLastError.

Remarks

The following table contains the supported X.500 keys, their corresponding object identifier string, string identifier (from Wincrypt.h), and value types.

Key Object identifier string String identifier RDN value types
CN 2.5.4.3 szOID_COMMON_NAME Printable

T61
L 2.5.4.7 szOID_LOCALITY_NAME Printable

T61
O 2.5.4.10 szOID_ORGANIZATION_NAME Printable

T61
OU 2.5.4.11 szOID_ORGANIZATIONAL_UNIT_NAME Printable

T61
E

Email

 1.2.840.113549.1.9.1 szOID_RSA_emailAddr IA5
C 2.5.4.6 szOID_COUNTRY_NAME Printable
S

ST

 2.5.4.8 szOID_STATE_OR_PROVINCE_NAME Printable

T61
STREET 2.5.4.9 szOID_STREET_ADDRESS Printable

T61
T

Title

 2.5.4.12 szOID_TITLE Printable

T61
G

GivenName

 2.5.4.42 szOID_GIVEN_NAME Printable

T61
I

Initials

 2.5.4.43 szOID_INITIALS Printable

T61
SN 2.5.4.4 szOID_SUR_NAME Printable

T61
DC 0.9.2342.19200300.100.1.25 szOID_DOMAIN_COMPONENT IA5

UTF8
 

If either Printable or T61 is allowed as the RDN value type for the key, Printable is automatically selected if the name string component is a member of the following character sets:

  • A, B, …, Z
  • a, b, …, z
  • 0, 1, …, 9
  • (space) ' ( ) + , - . / : = ?

The T61 types are UTF8 encoded.

Examples

For an example that uses this function, see Example C Program: Converting Names from Certificates to ASN.1 and Back.

Note

The wincrypt.h header defines CertStrToName as an alias which automatically selects the ANSI or Unicode version of this function based on the definition of the UNICODE preprocessor constant. Mixing usage of the encoding-neutral alias with code that not encoding-neutral can lead to mismatches that result in compilation or runtime errors. For more information, see Conventions for Function Prototypes.

Requirements

Requirement Value
Minimum supported client Windows XP [desktop apps | UWP apps]
Minimum supported server Windows Server 2003 [desktop apps | UWP apps]
Target Platform Windows
Header wincrypt.h
Library Crypt32.lib
DLL Crypt32.dll

See also

CertNameToStr

Data Conversion Functions

GetLastError

Retrieving Data of Unknown Length