Alternatives to Using CAPICOM
Note
CAPICOM is a 32-bit only component that was available in the Windows SDK for use in the following operating systems: Windows Server 2008, Windows Vista, Windows XP. Instead, use .NET or .NET Framework to implement security features. For more information, see the alternatives listed below.
Important
None of the alternatives to CAPICOM offer a solution for scripts; therefore, you must write your own ActiveX control. For more information, see ActiveX Controls.
- Certificate Store Objects
- Digital Signature Objects
- Enveloped Data Objects
- Data Encryption Objects
- Auxiliary Objects
Certificate Store Objects
We suggest the following alternatives for working with certificate stores and the certificates in those stores.
| Object | Alternative |
|---|---|
| Certificate | The Certificate object is available for use in the operating systems specified in the Requirements section. Instead, use the X509Certificate2 Class in the System.Security.Cryptography.X509Certificates namespace. |
| CertificatePolicies | The CertificatePolicies object is available for use in the operating systems specified in the Requirements section. Instead, use the X509Extension Class in the System.Security.Cryptography.X509Certificates namespace by calling the constructor that takes an OID as a parameter, and then use the OID for Certificate Policies to retrieve the certificate policies. |
| Certificates | The Certificates object is available for use in the operating systems specified in the Requirements section. Instead, use the X509Certificate2Collection Class in the System.Security.Cryptography.X509Certificates namespace. |
| CertificateStatus | The CertificateStatus object is available for use in the operating systems specified in the Requirements section. Instead, use the X509ChainStatus Structure in the System.Security.Cryptography.X509Certificates namespace. |
| Chain | The Chain object is available for use in the operating systems specified in the Requirements section. Instead, use the X509Chain Class in the System.Security.Cryptography.X509Certificates namespace. |
| ExtendedProperties | The ExtendedProperties object is available for use in the operating systems specified in the Requirements section. Instead, use Platform Invocation Services (PInvoke) to call the Win32 API function CertGetCertificateContextProperty and obtain the properties. For information about PInvoke, see Platform Invoke (P/Invoke). The .NET and CryptoAPI via P/Invoke: Part 1 and .NET and CryptoAPI via P/Invoke: Part 2 subsections of Extending .NET Cryptography with CAPICOM and P/Invoke may also be helpful. |
| ExtendedProperty | The ExtendedProperty object is available for use in the operating systems specified in the Requirements section. Instead, use Platform Invocation Services (PInvoke) to call the Win32 API function CertGetCertificateContextProperty and obtain the properties. For information about PInvoke, see Platform Invoke (P/Invoke). The .NET and CryptoAPI via P/Invoke: Part 1 and .NET and CryptoAPI via P/Invoke: Part 2 subsections of Extending .NET Cryptography with CAPICOM and P/Invoke may also be helpful. |
| Extension | The Extension object is available for use in the operating systems specified in the Requirements section. Instead, use the X509Extension Class in the System.Security.Cryptography.X509Certificates namespace. |
| Extensions | The Extensions object is available for use in the operating systems specified in the Requirements section. Instead, use the X509ExtensionCollection Class in the System.Security.Cryptography.X509Certificates namespace. |
| PrivateKey | The PrivateKey object is available for use in the operating systems specified in the Requirements section. Instead, use the X509Certificate2.PrivateKey Property in the System.Security.Cryptography.X509Certificates namespace. |
| PublicKey | The PublicKey object is available for use in the operating systems specified in the Requirements section. Instead, use the X509Certificate2.PublicKey Property in the System.Security.Cryptography.X509Certificates namespace. |
| Store | The Store object is available for use in the operating systems specified in the Requirements section. Instead, use the X509Store Class in the System.Security.Cryptography.X509Certificates namespace. |
| Template | The Template object is available for use in the operating systems specified in the Requirements section. Instead, use the X509Extension Class in the System.Security.Cryptography.X509Certificates namespace by calling the constructor that takes an OID as a parameter, and then use the OID for Certificate Template to retrieve the certificate extension template. |
Digital Signature Objects
We suggest the following alternatives to digitally sign data and to verify digital signatures.
| Object | Alternative |
|---|---|
| SignedCode | The SignedCode object is available for use in the operating systems specified in the Requirements section. Instead, use Platform Invocation Services (PInvoke) to call the Win32 API SignerSignEx, SignerTimeStampEx, and WinVerifyTrust functions to sign content with an Authenticode digital signature. For information about PInvoke, see Platform Invoke (P/Invoke). The .NET and CryptoAPI via P/Invoke: Part 1 and .NET and CryptoAPI via P/Invoke: Part 2 subsections of Extending .NET Cryptography with CAPICOM and P/Invoke may also be helpful. |
| SignedData | The SignedData object is available for use in the operating systems specified in the Requirements section. Instead, use the SignedCms Class in the System.Security.Cryptography.Pkcs namespace. |
| Signer | The Signer object is available for use in the operating systems specified in the Requirements section. Instead, use the CmsSigner Class in the System.Security.Cryptography.Pkcs namespace. |
| Signers | The Signers object is available for use in the operating systems specified in the Requirements section. Instead, use a collection of CmsSigner objects. For more information, see the CmsSigner Class in the System.Security.Cryptography.Pkcs namespace. |
Enveloped Data Objects
We suggest the following alternatives to create enveloped data messages for privacy and to decrypt data in enveloped messages.
| Object | Description |
|---|---|
| EnvelopedData | The EnvelopedData object is available for use in the operating systems specified in the Requirements section. Instead, use the EnvelopedCms Class in the System.Security.Cryptography.Pkcs namespace. |
| Recipients | The Recipients object is available for use in the operating systems specified in the Requirements section. Instead, use the CmsRecipientCollection Class in the System.Security.Cryptography.Pkcs namespace. |
Data Encryption Objects
We suggest the following alternatives to encrypt arbitrary data for privacy and to decrypt encrypted data.
| Object | Description |
|---|---|
| EncryptedData | The EncryptedData object is available for use in the operating systems specified in the Requirements section. Instead, use Platform Invocation Services (PInvoke) to call the Win32 API functions CryptEncryptMessage and CryptDecryptMessage to encrypt and decrypt messages. For information about PInvoke, see Platform Invoke (P/Invoke). The .NET and CryptoAPI via P/Invoke: Part 1 and .NET and CryptoAPI via P/Invoke: Part 2 subsections of Extending .NET Cryptography with CAPICOM and P/Invoke may also be helpful. |
Auxiliary Objects
We suggest the following alternatives to change default behaviors of other objects and to manage certificates, certificate stores, and messages.
| Object | Description |
|---|---|
| Algorithm | The Algorithm object is available for use in the operating systems specified in the Requirements section. Instead, use the AlgorithmIdentifier Class in the System.Security.Cryptography.Pkcs namespace. |
| Attribute | The Attribute object is available for use in the operating systems specified in the Requirements section. Instead, use the CryptographicAttributeObject Class in the System.Security.Cryptography namespace. |
| Attributes | The Attributes object is available for use in the operating systems specified in the Requirements section. Instead, use the CryptographicAttributeObjectCollection Class in the System.Security.Cryptography namespace. |
| BasicConstraints | The BasicConstraints object is available for use in the operating systems specified in the Requirements section. Instead, use the X509BasicConstraintsExtension Class in the System.Security.Cryptography.X509Certificates namespace. |
| EKU | The EKU object is available for use in the operating systems specified in the Requirements section. Instead, use the X509EnhancedKeyUsageExtension Class in the System.Security.Cryptography.X509Certificates namespace. |
| EKUs | The EKUs object is available for use in the operating systems specified in the Requirements section. Instead, use the X509ExtensionCollection Class in the System.Security.Cryptography.X509Certificates namespace. |
| EncodedData | The EncodedData object is available for use in the operating systems specified in the Requirements section. Instead, use the AsnEncodedData Class in the System.Security.Cryptography namespace. |
| ExtendedKeyUsage | The ExtendedKeyUsage object is available for use in the operating systems specified in the Requirements section. Instead, use the X509EnhancedKeyUsageExtension Class in the System.Security.Cryptography.X509Certificates namespace. |
| HashedData | The HashedData object is available for use in the operating systems specified in the Requirements section. Instead, use the HashAlgorithm Class in the System.Security.Cryptography namespace. |
| KeyUsage | The KeyUsage object is available for use in the operating systems specified in the Requirements section. Instead, use the X509EnhancedKeyUsageExtension Class in the System.Security.Cryptography.X509Certificates namespace. |
| NoticeNumbers | The NoticeNumbers object is available for use in the operating systems specified in the Requirements section. For more information, see Qualifier. |
| OID | The OID object is available for use in the operating systems specified in the Requirements section. Instead, use the Oid Class in the System.Security.Cryptography namespace. |
| OIDs | The OIDs object is available for use in the operating systems specified in the Requirements section. Instead, use the OidCollection Class in the System.Security.Cryptography namespace. |
| PolicyInformation | The PolicyInformation object is available for use in the operating systems specified in the Requirements section. Instead, use the X509Extension Class in the System.Security.Cryptography.X509Certificates namespace by calling the constructor that takes an OID as a parameter, and then use the OID for Certificate Policies to process policy information in the Certificate policies extension. |
| Qualifier | The Qualifier object is available for use in the operating systems specified in the Requirements section. Instead, use the X509Extension Class in the System.Security.Cryptography.X509Certificates namespace by calling the constructor that takes an OID as a parameter, and then use the OID for Certificate Policies to process qualifiers that are part of the policy information in the Certificate Policies extension. |
| Qualifiers | The Qualifiers object is available for use in the operating systems specified in the Requirements section. Instead, use the X509Extension Class in the System.Security.Cryptography.X509Certificates namespace by calling the constructor that takes an OID as a parameter, and then use the OID for Certificate Policies to process qualifiers that are part of the policy information in the Certificate Policies extension. |
| Settings | No alternative is available. |
| Utilities | No alternative is available. |