Constants for CryptEncodeObject and CryptDecodeObject

The CryptEncodeObject, CryptEncodeObjectEx, CryptSignAndEncodeCertificate, CryptDecodeObject, and CryptDecodeObjectEx functions are generalized encoding and decoding functions, capable of encoding and decoding Abstract Syntax Notation One (ASN.1) encoded certificates, certificate revocation lists (CRLs), certificate trust lists (CTLs), and certificate requests.

The following table lists the predefined constants, extensions, and attributes used with encode and decode operations and the data structure to be pointed to by the pvStructInfo parameter.

Note

Some predefined constants and OID strings have the same meaning. When they do, either can be used as the lpszStuctType parameter.

 

Constant/value Description
CMC_ADD_ATTRIBUTES
(LPCSTR) 63
The pvStructInfo parameter is a pointer to a CMC_ADD_ATTRIBUTES_INFO structure.
CMC_ADD_EXTENSIONS
(LPCSTR) 62
The pvStructInfo parameter is a pointer to a CMC_ADD_EXTENSIONS_INFO structure.
X509_ALGORITHM_IDENTIFIER
(LPCSTR) 74
The pvStructInfo parameter is a pointer to a CRYPT_ALGORITHM_IDENTIFIER structure.
X509_ALTERNATE_NAME
(LPCSTR) 12
The pvStructInfo parameter is a pointer to a CERT_ALT_NAME_INFO structure. For details, see Remarks.
X509_ANY_STRING
X509_NAME_VALUE
The pvStructInfo parameter is a pointer to a CERT_NAME_VALUE structure.
szOID_APPLICATION_CERT_POLICIES
"1.3.6.1.4.1.311.21.10"
The pvStructInfo parameter is a pointer to a CERT_POLICY_QUALIFIER_INFO structure.
szOID_APPLICATION_POLICY_CONSTRAINTS
"1.3.6.1.4.1.311.21.12"
The pvStructInfo parameter is a pointer to a CERT_POLICY_CONSTRAINTS_INFO structure.
szOID_APPLICATION_POLICY_MAPPINGS
"1.3.6.1.4.1.311.21.11"
The pvStructInfo parameter is a pointer to a CERT_POLICY_MAPPINGS_INFO structure.
PKCS_ATTRIBUTE
(LPCSTR) 22
The pvStructInfo parameter is a pointer to a CRYPT_ATTRIBUTE structure.
X509_AUTHORITY_INFO_ACCESS
(LPCSTR) 32
The pvStructInfo parameter is a pointer to a CERT_AUTHORITY_INFO_ACCESS structure. For details, see Remarks.
szOID_AUTHORITY_INFO_ACCESS
"1.3.6.1.5.5.7.1.1"
The pvStructInfo parameter is a pointer to a CERT_AUTHORITY_INFO_ACCESS structure. For details, see Remarks.
X509_SUBJECT_INFO_ACCESS
X509_AUTHORITY_INFO_ACCESS
The pvStructInfo parameter is a pointer to a CERT_AUTHORITY_INFO_ACCESS structure.
szOID_SUBJECT_INFO_ACCESS
"1.3.6.1.5.5.7.1.11"
The pvStructInfo parameter is a pointer to a CERT_AUTHORITY_INFO_ACCESS structure.
X509_AUTHORITY_KEY_ID
(LPCSTR) 9
The pvStructInfo parameter is a pointer to a CERT_AUTHORITY_KEY_ID_INFO structure. For details, see Remarks.
X509_AUTHORITY_KEY_ID2
(LPCSTR) 31
The pvStructInfo parameter is a pointer to a CERT_AUTHORITY_KEY_ID2_INFO structure. For details, see Remarks.
szOID_AUTHORITY_KEY_IDENTIFIER
"2.5.29.1"
The pvStructInfo parameter is a pointer to a CERT_AUTHORITY_KEY_ID_INFO structure. For details, see Remarks.
szOID_AUTHORITY_KEY_IDENTIFIER2
"2.5.29.35"
The pvStructInfo parameter is a pointer to a CERT_AUTHORITY_KEY_ID2_INFO structure. For details, see Remarks.
X509_BASIC_CONSTRAINTS
(LPCSTR) 13
The pvStructInfo parameter is a pointer to a CERT_BASIC_CONSTRAINTS_INFO structure. For details, see Remarks.
szOID_BASIC_CONSTRAINTS
"2.5.29.10"
The pvStructInfo parameter is a pointer to a CERT_BASIC_CONSTRAINTS_INFO structure. For details, see Remarks.
X509_BASIC_CONSTRAINTS2
(LPCSTR) 15
The pvStructInfo parameter is a pointer to a CERT_BASIC_CONSTRAINTS2_INFO structure.
szOID_BASIC_CONSTRAINTS2
"2.5.29.19"
The pvStructInfo parameter is a pointer to a CERT_BASIC_CONSTRAINTS2_INFO structure.
X509_BIOMETRIC_EXT
(LPCSTR) 71
The pvStructInfo parameter is a pointer to a CERT_BIOMETRIC_EXT_INFO structure.
Windows Server 2003 and Windows XP: This value is not supported.
szOID_BIOMETRIC_EXT
"1.3.6.1.5.5.7.1.2"
The pvStructInfo parameter is a pointer to a CERT_BIOMETRIC_EXT_INFO structure.
Windows Server 2003 and Windows XP: This value is not supported.
X509_BITS
(LPCSTR) 26
The pvStructInfo parameter is a pointer to a CRYPT_BIT_BLOB structure.
X509_CERT
(LPCSTR) 1
The pvStructInfo parameter is a pointer to a CERT_SIGNED_CONTENT_INFO structure. For details, see Remarks.
X509_CERT_CRL_TO_BE_SIGNED
(LPCSTR) 3
The pvStructInfo parameter is a pointer to a CRL_INFO structure.
szOID_CERT_EXTENSIONS
"1.3.6.1.4.1.311.2.1.14"
The pvStructInfo parameter is a pointer to a CERT_EXTENSIONS structure.
X509_CERT_PAIR
(LPCSTR) 53
The pvStructInfo parameter is a pointer to a CERT_PAIR structure.
X509_CERT_POLICIES
(LPCSTR) 16
The pvStructInfo parameter is a pointer to a CERT_POLICIES_INFO structure.
szOID_CERT_POLICIES
"2.5.29.32"
The pvStructInfo parameter is a pointer to a CERT_POLICIES_INFO structure.
X509_CERT_REQUEST_TO_BE_SIGNED
(LPCSTR) 4
The pvStructInfo parameter is a pointer to a CERT_REQUEST_INFO structure.
X509_CERT_TO_BE_SIGNED
(LPCSTR) 2
The pvStructInfo parameter is a pointer to a CERT_INFO structure.
X509_CERTIFICATE_TEMPLATE
(LPCSTR) 64
The pvStructInfo parameter is a pointer to a CERT_TEMPLATE_EXT structure.
szOID_CERTIFICATE_TEMPLATE
"1.3.6.1.4.1.311.21.7"
The pvStructInfo parameter is a pointer to a CERT_TEMPLATE_EXT structure.
X509_CHOICE_OF_TIME
(LPCSTR) 30
The pvStructInfo parameter is a pointer to a FILETIME variable. For details, see Remarks.
PKCS_CONTENT_INFO
(LPCSTR) 33
The pvStructInfo parameter is a pointer to a CRYPT_CONTENT_INFO structure. For details, see Remarks.
PKCS_CONTENT_INFO_SEQUENCE_OF_ANY
(LPCSTR) 23
The pvStructInfo parameter is a pointer to a CRYPT_CONTENT_INFO_SEQUENCE_OF_ANY structure. For details, see Remarks.
X509_CRL_DIST_POINTS
(LPCSTR) 35
The pvStructInfo parameter is a pointer to a CRL_DIST_POINTS_INFO structure. For details, see Remarks.
szOID_CRL_DIST_POINTS
2.5.29.31
The pvStructInfo parameter is a pointer to a CRL_DIST_POINTS_INFO structure. For details, see Remarks.
szOID_CRL_NUMBER
"2.5.29.20"
The pvStructInfo parameter is a pointer to an int variable.
X509_CRL_REASON_CODE
X509_ENUMERATED
The pvStructInfo parameter is a pointer to an integer that contains the enumerated value. For details, see Remarks.
szOID_CRL_REASON_CODE
"2.5.29.21"
The pvStructInfo parameter is a pointer to an integer that contains the enumerated value. For details, see Remarks.
szOID_CRL_VIRTUAL_BASE
"1.3.6.1.4.1.311.21.3"
The pvStructInfo parameter is a pointer to an int variable.
X509_CROSS_CERT_DIST_POINTS
(LPCSTR) 58
The pvStructInfo parameter is a pointer to a CROSS_CERT_DIST_POINTS_INFO structure.
szOID_CROSS_CERT_DIST_POINTS
"1.3.6.1.4.1.311.10.9.1"
The pvStructInfo parameter is a pointer to a CROSS_CERT_DIST_POINTS_INFO structure.
RSA_CSP_PUBLICKEYBLOB
(LPCSTR) 19
The pvStructInfo parameter is a pointer to a Diffie-Hellman Version 3 Public Key BLOBs or DSS Version 3 Public Key BLOBs structure. For details, see Remarks.
PKCS_CTL
(LPCSTR) 37
The pvStructInfo parameter is a pointer to a CTL_INFO structure.
CMC_DATA
(LPCSTR) 59
The pvStructInfo parameter is a pointer to a CMC_DATA_INFO structure.
szOID_DELTA_CRL_INDICATOR
"2.5.29.27"
The pvStructInfo parameter is a pointer to an int variable.
X509_DSS_PARAMETERS
(LPCSTR) 39
The pvStructInfo parameter is a pointer to a CERT_DSS_PARAMETERS structure.
X509_DSS_PUBLICKEY
X509_MULTI_BYTE_UINT
The pvStructInfo parameter is a pointer to a CRYPT_UINT_BLOB structure.
X509_DSS_SIGNATURE
(LPCSTR) 40
The pvStructInfo parameter is a pointer to an array of 40 bytes. For details, see Remarks.
szOID_ECC_PUBLIC_KEY
"1.2.840.10045.2.1"
The pvStructInfo parameter is a pointer to an LPSTR of the object identifier dot representation.
X509_ECC_SIGNATURE
(LPCSTR) 47
The pvStructInfo parameter is a pointer to a CERT_ECC_SIGNATURE structure. For details, see Remarks.
X509_ECC_PRIVATE_KEY
(LPCSTR) 82
The pvStructInfo parameter is a pointer to a CRYPT_ECC_PRIVATE_KEY_INFO structure.
Windows Server 2003, Windows XP, Windows 2000 and Windows Vista: This value is not supported.
szOID_ECDSA_SPECIFIED
"1.2.840.10045.4.3"
The pvStructInfo parameter is a pointer to a CRYPT_ALGORITHM_IDENTIFIER structure.
X509_ENHANCED_KEY_USAGE
(LPCSTR) 36
The pvStructInfo parameter is a pointer to a CERT_ENHKEY_USAGE or CTL_USAGE structure. (These structures are the same but are known by different names.)
szOID_ENHANCED_KEY_USAGE
"2.5.29.37"
The pvStructInfo parameter is a pointer to a CERT_ENHKEY_USAGE or CTL_USAGE structure. (These structures are the same but are known by different names.)
szOID_ENROLLMENT_NAME_VALUE_PAIR
"1.3.6.1.4.1.311.13.2.1"
The pvStructInfo parameter is a pointer to a CRYPT_ENROLLMENT_NAME_VALUE_PAIR structure.
X509_ENUMERATED
(LPCSTR) 29
The pvStructInfo parameter is a pointer to an integer that contains the enumerated value. For details, see Remarks.
X509_EXTENSIONS
(LPCSTR) 5
The pvStructInfo parameter is a pointer to a CERT_EXTENSIONS structure.
szOID_FRESHEST_CRL
"2.5.29.46"
The pvStructInfo parameter is a pointer to a CRL_DIST_POINTS_INFO structure.
X509_INTEGER
(LPCSTR) 27
The pvStructInfo parameter is a pointer to a signed integer of 32 bits or less.
szOID_ISSUER_ALT_NAME
"2.5.29.8"
The pvStructInfo parameter is a pointer to a CERT_ALT_NAME_INFO structure. For details, see Remarks.
szOID_ISSUER_ALT_NAME2
"2.5.29.18"
The pvStructInfo parameter is a pointer to a CERT_ALT_NAME_INFO structure.
X509_ISSUING_DIST_POINT
(LPCSTR) 54
The pvStructInfo parameter is a pointer to a CRL_ISSUING_DIST_POINT structure.
szOID_ISSUING_DIST_POINT
"2.5.29.28"
The pvStructInfo parameter is a pointer to a CRL_ISSUING_DIST_POINT structure.
X509_KEY_ATTRIBUTES
(LPCSTR) 10
The pvStructInfo parameter is a pointer to a CERT_KEY_ATTRIBUTES_INFO structure.
szOID_KEY_ATTRIBUTES
"2.5.29.2"
The pvStructInfo parameter is a pointer to a CERT_KEY_ATTRIBUTES_INFO structure.
X509_KEY_USAGE
(LPCSTR) 14
The pvStructInfo parameter is a pointer to a CRYPT_BIT_BLOB structure. For details, see Remarks.
szOID_KEY_USAGE
"2.5.29.4"
The pvStructInfo parameter is a pointer to a CRYPT_BIT_BLOB structure. For details, see Remarks.
X509_KEY_USAGE_RESTRICTION
(LPCSTR) 11
The pvStructInfo parameter is a pointer to a CERT_KEY_USAGE_RESTRICTION_INFO structure.
szOID_KEY_USAGE_RESTRICTION
"2.5.29.4"
The pvStructInfo parameter is a pointer to a CERT_KEY_USAGE_RESTRICTION_INFO structure.
X509_KEYGEN_REQUEST_TO_BE_SIGNED
(LPCSTR) 21
The pvStructInfo parameter is a pointer to a CERT_KEYGEN_REQUEST_INFO structure. For details, see Remarks.
X509_LOGOTYPE_EXT
(LPCSTR) 70
The pvStructInfo parameter is a pointer to a CERT_LOGOTYPE_EXT_INFO structure.
szOID_LOGOTYPE_EXT
"1.3.6.1.5.5.7.1.12"
The pvStructInfo parameter is a pointer to a CERT_LOGOTYPE_EXT_INFO structure.
Windows Server 2003 and Windows XP: This value is not supported.
X509_MULTI_BYTE_INTEGER
(LPCSTR) 28
The pvStructInfo parameter is a pointer to a CRYPT_INTEGER_BLOB structure. The BLOB is in little-endian order.
X509_MULTI_BYTE_UINT
(LPCSTR) 38
The pvStructInfo parameter is a pointer to a CRYPT_UINT_BLOB structure. For details, see Remarks.
X509_NAME
(LPCSTR) 7
The pvStructInfo parameter is a pointer to a CERT_NAME_INFO structure. For details, see Remarks.
X509_NAME_CONSTRAINTS
(LPCSTR) 55
The pvStructInfo parameter is a pointer to a CERT_NAME_CONSTRAINTS_INFO structure.
szOID_NAME_CONSTRAINTS
"2.5.29.30"
The pvStructInfo parameter is a pointer to a CERT_NAME_CONSTRAINTS_INFO structure.
X509_NAME_VALUE
(LPCSTR) 6
The pvStructInfo parameter is a pointer to a CERT_NAME_VALUE structure. For details, see Remarks.
szOID_NEXT_UPDATE_LOCATION
The pvStructInfo parameter is a pointer to a CERT_ALT_NAME_INFO structure. For details, see Remarks.
X509_OBJECT_IDENTIFIER
(LPCSTR) 73
The pvStructInfo parameter is a pointer to an LPSTR of the object identifier dot representation.
Windows Server 2003 and Windows XP: This value is not supported.
X509_OCTET_STRING
(LPCSTR) 25
The pvStructInfo parameter is a pointer to a CRYPT_DATA_BLOB structure. For details, see Remarks.
szOID_OIWSEC_dsa
"1.3.14.3.2.12"
The pvStructInfo parameter is a pointer to a CERT_DSS_PARAMETERS structure.
X509_POLICY_CONSTRAINTS
(LPCSTR) 57
The pvStructInfo parameter is a pointer to a CERT_POLICY_CONSTRAINTS_INFO structure.
szOID_POLICY_CONSTRAINTS
"2.5.29.36"
The pvStructInfo parameter is a pointer to a CERT_POLICY_CONSTRAINTS_INFO structure.
X509_POLICY_MAPPINGS
(LPCSTR) 56
The pvStructInfo parameter is a pointer to a CERT_POLICY_MAPPINGS_INFO structure.
szOID_POLICY_MAPPINGS
"2.5.29.33"
The pvStructInfo parameter is a pointer to a CERT_POLICY_MAPPINGS_INFO structure.
X509_PUBLIC_KEY_INFO
(LPCSTR) 8
The pvStructInfo parameter is a pointer to a CERT_PUBLIC_KEY_INFO structure.
PKCS_RC2_CBC_PARAMETERS
(LPCSTR) 41
The pvStructInfo parameter is a pointer to a CRYPT_RC2_CBC_PARAMETERS structure.
CMC_RESPONSE
(LPCSTR) 60
The pvStructInfo parameter is a pointer to a CMC_RESPONSE_INFO structure.
CNG_RSA_PUBLIC_KEY_BLOB
(LPCSTR) 72
The pvStructInfo parameter is a pointer to a BCRYPT_RSAKEY_BLOB immediately followed by the exponent and the modulus bytes. For details, see Remarks.
CNG_RSA_PRIVATE_KEY_BLOB
LPCSTR) 83
The pvStructInfo parameter is a pointer to a private BCRYPT_RSAKEY_BLOB structure.
Windows Server 2003, Windows XP, Windows 2000 and Windows Vista: This value is not supported.
szOID_RSA_signingTime
"1.2.840.113549.1.9.5"
The pvStructInfo parameter is a pointer to a FILETIME variable. For details, see Remarks.
szOID_RSA_SMIMECapabilities
"1.2.840.113549.1.9.15"
The pvStructInfo parameter is a pointer to a CRYPT_SMIME_CAPABILITIES structure. For details, see Remarks.
PKCS_RSA_SSA_PSS_PARAMETERS
(LPCSTR) 75
The pvStructInfo parameter is a pointer to a CRYPT_RSA_SSA_PSS_PARAMETERS structure. For details, see Remarks.
Windows Server 2003 and Windows XP: This value is not supported.
szOID_RSA_SSA_PSS
"1.2.840.113549.1.1.10"
The pvStructInfo parameter is a pointer to a CRYPT_RSA_SSA_PSS_PARAMETERS structure. For details, see Remarks.
Windows Server 2003 and Windows XP: This value is not supported.
PKCS_RSAES_OAEP_PARAMETERS
(LPCSTR) 76
The pvStructInfo parameter is a pointer to a CRYPT_RSAES_OAEP_PARAMETERS structure. For details, see Remarks.
Windows Server 2003 and Windows XP: This value is not supported.
ECC_CMS_SHARED_INFO
(LPCSTR) 77
The pvStructInfo parameter is a pointer to a CRYPT_ECC_CMS_SHARED_INFO structure.
Windows Server 2003 and Windows XP: This value is not supported.
szOID_RSAES_OAEP
"1.2.840.113549.1.1.7"
The pvStructInfo parameter is a pointer to a CRYPT_RSAES_OAEP_PARAMETERS structure. For details, see Remarks.
Windows Server 2003 and Windows XP: This value is not supported.
X509_SEQUENCE_OF_ANY
(LPCSTR) 34
The pvStructInfo parameter is a pointer to a CRYPT_SEQUENCE_OF_ANY structure. For details, see Remarks.
PKCS7_SIGNER_INFO
(LPCSTR) 500
The pvStructInfo parameter is a pointer to a CMSG_SIGNER_INFO structure.
CMS_SIGNER_INFO
(LPCSTR) 501
The pvStructInfo parameter is a pointer to a CMSG_CMS_SIGNER_INFO structure.
PKCS_SMIME_CAPABILITIES
(LPCSTR) 42
The pvStructInfo parameter is a pointer to a CRYPT_SMIME_CAPABILITIES structure. For details, see Remarks.
CMC_STATUS
(LPCSTR) 61
The pvStructInfo parameter is a pointer to a CMC_STATUS_INFO structure.
szOID_SUBJECT_ALT_NAME
"2.5.29.7"
The pvStructInfo parameter is a pointer to a CERT_ALT_NAME_INFO structure. For details, see Remarks.
szOID_SUBJECT_ALT_NAME2
"2.5.29.17"
The pvStructInfo parameter is a pointer to a CERT_ALT_NAME_INFO structure.
szOID_SUBJECT_KEY_IDENTIFIER
"2.5.29.14"
The pvStructInfo parameter is a pointer to a CRYPT_DATA_BLOB structure. For details, see Remarks.
PKCS_TIME_REQUEST
(LPCSTR) 18
The pvStructInfo parameter is a pointer to a CRYPT_TIME_STAMP_REQUEST_INFO structure.
X509_UNICODE_ANY_STRING
X509_UNICODE_NAME_VALUE
The pvStructInfo parameter is a pointer to a CERT_NAME_VALUE structure. For details, see Remarks.
X509_UNICODE_NAME
(LPCSTR) 20
The pvStructInfo parameter is a pointer to a CERT_NAME_INFO structure. For details, see Remarks.
X509_UNICODE_NAME_VALUE
(LPCSTR) 24
The pvStructInfo parameter is a pointer to a CERT_NAME_VALUE structure. For details, see Remarks.
PKCS_UTC_TIME
(LPCSTR) 17
The pvStructInfo parameter is a pointer to a FILETIME variable. For details, see Remarks.
OCSP_SIGNED_REQUEST
(LPCSTR) 65
The pvStructInfo parameter is a pointer to a OCSP_SIGNED_REQUEST_INFO variable.
Windows Server 2003 and Windows XP: This value is not supported.
OCSP_REQUEST
(LPCSTR) 66
The pvStructInfo parameter is a pointer to a OCSP_REQUEST_INFO variable.
Windows Server 2003 and Windows XP: This value is not supported.
OCSP_RESPONSE
(LPCSTR) 67
The pvStructInfo parameter is a pointer to a OCSP_RESPONSE_INFO variable.
Windows Server 2003 and Windows XP: This value is not supported.
OCSP_BASIC_SIGNED_RESPONSE
(LPCSTR) 68
The pvStructInfo parameter is a pointer to a OCSP_BASIC_SIGNED_RESPONSE_INFO variable.
Windows Server 2003 and Windows XP: This value is not supported.
OCSP_BASIC_RESPONSE
(LPCSTR) 69
The pvStructInfo parameter is a pointer to a OCSP_BASIC_RESPONSE_INFO variable.
Windows Server 2003 and Windows XP: This value is not supported.
PKCS_RSA_PRIVATE_KEY
(LPCSTR) 43
The pvStructInfo parameter is a pointer to an RSA private key BLOB. For more information, see Diffie-Hellman Version 3 Private Key BLOBs and DSS Version 3 Private Key BLOBs.
PKCS_PRIVATE_KEY_INFO
(LPCSTR) 44
The pvStructInfo parameter is a pointer to a CRYPT_PRIVATE_KEY_INFO structure.
PKCS_ENCRYPTED_PRIVATE_KEY_INFO
(LPCSTR) 45
The pvStructInfo parameter is a pointer to a CRYPT_ENCRYPTED_PRIVATE_KEY_INFO structure.

Remarks

The following table provides further details about specific lpszStructType values.

Value Description
X509_ALTERNATE_NAMEszOID_ISSUER_ALT_NAME
szOID_SUBJECT_ALT_NAME
Before encoding, the LPWSTR name choices are converted to IA5 strings. If the string contains an IA5 string that is not valid, GetLastError returns CRYPT_E_INVALID_IA5_STRING, and *pcbEncoded is updated with the error location of the character that is not valid. Error location indices are returned in *pcbEncoded as follows:
Bit 0 is the least significant bit of the DWORD.
The VALUE_INDEX of the error is located in bits 0 through 15. This is the Unicode character index.
The ENTRY_INDEX of the error is located in bits 16 through 23.
Macros GET_CERT_ALT_NAME_VALUE_ERR_INDEX(X) and GET_CERT_ALT_NAME_ENTRY_ERR_INDEX(X) are defined to provide for easy reading of the bitmapped fields for VALUE_INDEX and ENTRY_INDEX from the DWORD that contains them:
The szOID_SUBJECT_ALT_NAME has been superseded by szOID_SUBJECT_ALT_NAME2. New certificate servers are implementing the latter.
X509_AUTHORITY_INFO_ACCESS szOID_AUTHORITY_INFO_ACCESS
szOID_AUTHORITY_KEY_IDENTIFIER2
X509_AUTHORITY_KEY_ID2
If an encode function returns CRYPT_E_INVALID_IA5_STRING as GetLastError, the error location returned in *pcbEncoded consists of: ENTRY_INDEX – 8 bits <>
VALUE_INDEX – 16 bits (Unicode character index)
Error location indices are returned in *pcbEncoded as follows:
Bit 0 is the least significant bit of the DWORD.
The VALUE_INDEX of the error is located in bits 0 through 15. This is the Unicode character index.
The ENTRY_INDEX of the error is located in bits 16 through 23.
Macros GET_CERT_ALT_NAME_VALUE_ERR_INDEX(X) and GET_CERT_ALT_NAME_ENTRY_ERR_INDEX(X) are defined to provide for easy reading of the bitmapped fields for VALUE_INDEX and ENTRY_INDEX from the DWORD that contains them.
X509_AUTHORITY_KEY_IDszOID_AUTHORITY_KEY_IDENTIFIER
The X509_AUTHORITY_KEY_ID has been superseded by X509_AUTHORITY_KEY_ID2. New certificate servers are implementing the latter.
X509_BASIC_CONSTRAINTSszOID_BASIC_CONSTRAINTS
The X509_BASIC_CONSTRAINTS has been superseded by X509_BASIC_CONSTRAINTS2. New certificate servers are implementing the latter.
X509_CERT The CERT_SIGNED_CONTENT_INFO structure contains the encoded content to be signed, its signature, and signature algorithm. The ToBeSigned member is an encoded CERT_INFO, CRL_INFO, CERT_REQUEST_INFO, or CERT_KEYGEN_REQUEST_INFO output from a previous call to CryptEncodeObject for one of the following lpszStructType values:
  • X509_CERT_CRL_TO_BE_SIGNED
  • X509_CERT_REQUEST_TO_BE_SIGNED
  • X509_CERT_TO_BE_SIGNED
  • X509_KEYGEN_REQUEST_TO_BE_SIGNED
szOID_CERT_EXTENSIONS May be used for one of the attribute types in a certificate request.
X509_CHOICE_OF_TIME For X509_ASN_ENCODING, if the time is after 1950 and before 2050, it is UTC time encoded with a two-digit year. Otherwise, it is Generalized time encoded with a four-digit year, The date is precise to seconds.
PKCS_CONTENT_INFO For X509_ASN_ENCODING, encoded as a PKCS #7 ContentInfo structure. The CRYPT_DER_BLOB points to the already encoded ANY content.
PKCS_CONTENT_INFO_SEQUENCE_OF_ANY For X509_ASN_ENCODING, encoded as a PKCS #7 ContentInfo structure wrapping a sequence of ANY. The value of the contentType member is pszObjId, while the content field is the following structure: SequenceOfAny ::= SEQUENCE OF ANY
The CRYPT_DER_BLOB points to the already encoded ANY content.
X509_CRL_DIST_POINTSszOID_CRL_DIST_POINTS
If the encode function fails with GetLastError returning CRYPT_E_INVALID_IA5_STRING, *pcbEncoded is updated with the error location of the character that is not valid: CRL_ISSUER_BIT – 1 bit < 31="" (0="" for="" fullname,="" 1="" for="">
POINT_INDEX – 7 bits <>
ENTRY_INDEX – 8 bits <>
VALUE_INDEX – 16 bits (Unicode character index)
Error location indices are returned in *pcbEncoded as follows:
Bit 0 is the least significant bit of the DWORD.
The VALUE_INDEX of the error is located in bits 0 through 15. This is the Unicode character index.
The ENTRY_INDEX of the error is located in bits 16 through 23.
Macros GET_CERT_ALT_NAME_VALUE_ERR_INDEX(X) and GET_CERT_ALT_NAME_ENTRY_ERR_INDEX(X) are defined to provide for easy reading of the bitmapped fields for VALUE_INDEX and ENTRY_INDEX from the DWORD that contains them.
szOID_CRL_NUMBER Used with base certificate revocation lists (CRLs) only. This is a monotonically increasing sequence number for each CRL issued by a certification authority.
X509_CRL_REASON_CODEszOID_CRL_REASON_CODE
X509_ENUMERATED
The Integer can be set to one of the following enumerated values.
Reason code: CRL_REASON_UNSPECIFIED
Value: 0
Reason code: CRL_REASON_KEY_COMPROMISE
Value: 1
Reason code: CRL_REASON_CA_COMPROMISE
Value: 2
Reason code: CRL_REASON_AFFILIATION_CHANGED
Value: 3
Reason code: CRL_REASON_SUPERSEDED
Value: 4
Reason code: CRL_REASON_CESSATION_OF_OPERATION
Value: 5
Reason code: CRL_REASON_CERTIFICATE_HOLD
Value: 6
Reason code: CRL_REASON_REMOVE_FROM_CRL
Value: 8
szOID_CRL_VIRTUAL_BASE Used with Delta CRLs only. It contains the base CRL Number of the corresponding base CRL.
X509_CROSS_CERT_DIST_POINTSszOID_CROSS_CERT_DIST_POINTS
For CRYPT_E_INVALID_IA5_STRING, the error location is returned in *pcbEncoded by CryptEncodeObject(X509_CRL_DIST_POINTS) Error location consists of:
  • POINT_INDEX – 8 bits <>
  • ENTRY_INDEX – 8 bits <>
  • VALUE_INDEX – 16 bits (Unicode character index)
For more information about ENTRY_INDEX and VALUE_INDEX error location defined constants, see X509_ALTERNATE_NAME.
RSA_CSP_PUBLICKEYBLOB The CryptExportKey function outputs the above pvStructInfo value for a dwBlobType of PUBLICKEYBLOB. The CryptImportKey function expects the above pvStructInfo value when importing a public key. If dwCertEncodingType is X509_ASN_ENCODING, the RSA_CSP_PUBLICKEYBLOB is encoded as a PKCS #1 RSAPublicKey consisting of a SEQUENCE of a modulus INTEGER and a publicExponent INTEGER. The modulus is encoded as being an unsigned integer.
For the decode functions, pvStructInfo points to a public key BLOB immediately followed by a RSAPUBKEY and the modulus bytes. (For information about public key BLOBs, see CRYPT_INTEGER_BLOB.) The CryptExportKey outputs the pvStructInfo value for a dwBlobType of PUBLICKEYBLOB. The CryptImportKey function expects the pvStructInfo value when importing a public key.
If dwCertEncodingType is X509_ASN_ENCODING, the RSA_CSP_PUBLICKEYBLOB is encoded as a PKCS #1 RSAPublicKey consisting of a SEQUENCE of a modulus INTEGER and a publicExponent INTEGER. When decoded, if the modulus was encoded as an unsigned integer with a leading 0 byte, the 0 byte is removed before converting to the CSP modulus bytes. Because PKCS ) structure is always set to CALG_RSA_KEYX.
szOID_DELTA_CRL_INDICATOR Used with Delta CRLs only. This is marked critical and contains the minimum base CRL Number that can be used with a delta CRL.
X509_DSS_SIGNATURE The bytes are ordered as output by the DSS CSP's CryptSignHash where the lower 20 bytes are the R value, and the higher 20 bytes are the S value. The R and S values are treated as unsigned integers and encoded as a sequence of them.
X509_ECC_SIGNATURE Uses the same encode and decode function as X509_DH_PARAMETERS. The CERT_ECC_SIGNATURE structure is identical to the CERT_DH_PARAMETERS structure except for the names of the fields.
X509_ENUMERATED Used when encoding any arbitrary enumeration such as the X509_CRL_REASON_CODE.
szOID_FRESHEST_CRL Used with base CRLs only. This is formatted identically to a CDP extension holding URLs to fetch the delta CRL.
X509_ISSUING_DIST_POINTszOID_ISSUING_DIST_POINT
For CRYPT_E_INVALID_IA5_STRING, the error location is returned in *pcbEncoded by CryptEncodeObject(X509_ISSUING_DIST_POINT) Error location consists of:
  • ENTRY_INDEX – 8 bits <>
  • VALUE_INDEX – 16 bits (Unicode character index)
For more information about ENTRY_INDEX and VALUE_INDEX error location defined constants, see X509_ALTERNATE_NAME.
X509_KEY_USAGEszOID_KEY_USAGE
The bit definitions used for the IntendedKeyUsage member of the CERT_KEY_ATTRIBUTES_INFO structure are used.
X509_KEYGEN_REQUEST_TO_BE_SIGNED For the decode functions, the pbEncoded member is the output of one of the encode functions using the X509_CERT lpszStructType. This output includes the "to be signed" data plus its signature. For the encode functions, the pbEncoded member is the "to be signed" data only.
X509_MULTI_BYTE_UINT Before encoding, a leading 0x00 is inserted. After decoding, the leading 0x00 is removed.
X509_NAME Used to decode/encode the Issuer and Subject members in a CERT_INFO structure.
X509_NAME_CONSTRAINTSszOID_NAME_CONSTRAINTS
For CRYPT_E_INVALID_IA5_STRING, the error location is returned in *pcbEncoded by CryptEncodeObject(X509_NAME_CONSTRAINTS) Error location consists of:
  • EXCLUDED_SUBTREE_BIT – 1 bit < 31(0="" for="" permitted,="" 1="" for="">
  • ENTRY_INDEX – 8 bits <>
  • VALUE_INDEX – 16 bits (Unicode character index)
For more information about ENTRY_INDEX and VALUE_INDEX error location defined constants, see X509_ALTERNATE_NAME.
X509_UNICODE_ANY_STRING
X509_UNICODE_NAME_VALUE
For the encode functions, the pbData member of the structure pointed to points to the Unicode string. If the cbData member is zero, the Unicode string has a terminating null character; otherwise, cbData is the Unicode string byte count. The byte count is twice the character count. If the Unicode string contains a character that is not valid for the specified dwValueType, *pcbEncoded is updated with the Unicode character index of the first character that is not valid. GetLastError returns:
CRYPT_E_INVALID_NUMERIC_STRING
CRYPT_E_INVALID_PRINTABLE_STRING
CRYPT_E_INVALID_IA5_STRING
The Unicode string is converted before being encoded according to the specified dwValueType. If dwValueType is set to 0, GetLastError returns E_INVALIDARG.
If the dwValueType does not indicate a character string, CryptEncodeObject returns FALSE with GetLastError returning CRYPT_E_NOT_CHAR_STRING.
For the decode functions, the pbData member points to a null-terminated Unicode string and the cbData member contains the byte count of the Unicode string excluding the terminating null character. dwValueType contains the type used to encoded the object. It is not forced to CERT_RDN_UNICODE_STRING. The encoded value is converted to the Unicode string according to the dwValueType.
If the encoded object is not one of the character string types, the decode function returns FALSE with GetLastError returning CRYPT_E_NOT_CHAR_STRING.
Decode noncharacter strings by using a lpszStructType of X509_ANY_STRING.
szOID_NEXT_UPDATE_LOCATION Used with certificate trust lists (CTLs) to get the location for the most recent, time valid CTL. Commonly, the choice used in the CERT_ALT_NAME_INFO is a URL that indicates the location.
X509_OCTET_STRING The structure contains a sequence of bytes. It is used with some encryption algorithms that require an initialization vector in the form of an octet string.
CNG_RSA_PUBLIC_KEY_BLOB The corresponding pvStructInfo points to a BCRYPT_RSAKEY_BLOB immediately followed by the exponent and the modulus bytes. Both the exponent and modulus are in big-endian format. The private key fields consisting of cbPrime1 and cbPrime2 are set to zero.
If the dwCertEncodingType parameter equals X509_ASN_ENCODING, then the CNG_RSA_PUBLIC_KEY_BLOB is encoded as a PKCS #1 RSA public key that consists of a sequence of a modulus and a publicExponent.
PKCS_RSA_SSA_PSS_PARAMETERSszOID_RSA_SSA_PSS
For encoding, use the following defaults if the CRYPT_RSA_SSA_PSS_PARAMETERS structure fields are set to NULL or zero.
Field: HashAlgorithm.pszObjId
Default: szOID_OIWSEC_sha1
Field: MaskGenAlgorithm.pszObjId
Default: szOID_RSA_MGF1
Field: MaskGenAlgorithm.HashAlgorithm.pszObjId
Default: HashAlgorithm.pszObjId
Field: dwSaltLength
Default: cbHash
Field: dwTrailerField
Default: PKCS_RSA_SSA_PSS_TRAILER_FIELD_BC
For encoding, only the HashAlgorithm.pszObjId field will need to be set. For decoding, all of fields are explicitly set.
PKCS_RSAES_OAEP_PARAMETERSszOID_RSAES_OAEP
For encoding, use the following defaults if the CRYPT_RSAES_OAEP_PARAMETERS structure fields are set to NULL or zero.
Field: HashAlgorithm.pszObjId
Default: szOID_OIWSEC_sha1
Field: MaskGenAlgorithm.pszObjId
Default: szOID_RSA_MGF1
Field: MaskGenAlgorithm.HashAlgorithm.pszObjId
Default: HashAlgorithm.pszObjId
Field: PSourceAlgorithm.pszObjId
Default: szOID_RSA_PSPECIFIED
Field: PSourceAlgorithm.EncodingParameters.cbData
Default: 0
Field: PSourceAlgorithm.EncodingParameters.pbData
Default: NULL
For encoding, only the HashAlgorithm.pszObjId field will need to be set. For decoding, all fields are explicitly set.
X509_SEQUENCE_OF_ANY The CRYPT_DER_BLOBs point to the already encoded ANY content.
PKCS_SMIME_CAPABILITIESszOID_RSA_SMIMECapabilities
These lpszStructType values work differently for encode functions. Because of the Secure/Multipurpose Internet Mail Extensions (S/MIME) specifications, if the Parameters.cbData is zero, the encoded parameters are omitted and not encoded as a NULL (05 00).
szOID_SUBJECT_KEY_IDENTIFIER The CRYPT_INTEGER_BLOB structure contains an octet string, an arbitrary sequence of bytes.
X509_UNICODE_NAME For decode functions, the relative distinguished name (RDN) attribute values are Unicode strings except for the dwValueTypes of CERT_RDN_ENCODED_BLOB or CERT_RDN_OCTET_STRING. These dwValueTypes are the same as for an X509_NAME. These values are not converted to Unicode. The RDN attribute value's pbData member points to a null-terminated Unicode string. The RDN attribute value's cbData member contains the byte count of the Unicode string excluding the terminating null character. The RDN attribute value's dwValueType member contains the type used in the encoded object. It is not forced to CERT_RDN_UNICODE_STRING. The encoded value is converted to the Unicode string according to the dwValueType.
For the encode functions, the RDN attribute values are Unicode strings except for the dwValueTypes of CERT_RDN_ENCODED_BLOB or CERT_RDN_OCTET_STRING. These dwValueTypes are the same as for a X509_NAME. These values are not expected to be Unicode.
For the remaining string dwValueTypes, the relative distinguished name (RDN) attribute value's pbData member points to the Unicode string. If the RDN attribute value's cbData member is zero, the Unicode string has a terminating null character. Otherwise, the RDN attribute value's cbData member is the Unicode string byte count. The byte count is twice the character count, and it excludes the terminating null character.
If the RDN attribute value's dwValueType member is CERT_RDN_ANY_TYPE, the pszObjId is used to find an acceptable dwValueType. If the Unicode string contains a character that is not valid for the found or specified dwValueType, *pcbEncoded is updated with the error location of the character that is not valid. For a character that is not valid, GetLastError returns:
CRYPT_E_INVALID_NUMERIC_STRING
CRYPT_E_INVALID_PRINTABLE_STRING
CRYPT_E_INVALID_IA5_STRING
The Unicode string is converted before being encoded according to the specified dwValueType or the object identifier's dwValueType.
The encode functions error location indices are returned in *pcbEncoded as follows:
The VALUE_INDEX of the error is located in bits 0 through 15.
The ATTR_INDEX of the error is located in bits 16 through 21.
The RDN_INDEX of the error is located in bits 22 through 31.
Bit 0 is the least significant bit of the DWORD.
The GET_CERT_UNICODE_RDN_ERR_INDEX(X), GET_CERT_UNICODE_ATTR_ERR_INDEX(X), and GET_CERT_UNICODE_VALUE_ERR_INDEX(X) defined macros provide easy reading of the bitmapped fields for VALUE_INDEX, ATTR_INDEX, and RDN_INDEX from the DWORD that contains them.
PKCS_UTC_TIMEszOID_RSA_signingTime
For X509_ASN_ENCODING, UTC time encoded precise to seconds and using a two-digit year.

 

Requirements

Minimum supported client
Windows XP [desktop apps | UWP apps]
Minimum supported server
Windows Server 2003 [desktop apps | UWP apps]
Header
Wincrypt.h

See also

CRYPT_INTEGER_BLOB