IX509PublicKey::get_EncodedParameters method (certenroll.h)
The EncodedParameters property retrieves a byte array that contains the parameters associated with the public key algorithm. The byte array is represented by a Unicode-encoded string.
This property is read-only.
Syntax
HRESULT get_EncodedParameters(
EncodingType Encoding,
BSTR *pValue
);
Parameters
Encoding
pValue
Return value
None
Remarks
Call the InitializeFromEncodedPublicKeyInfo method or the Initialize method to initialize the public key object before calling this property.
The AlgorithmIdentifier Abstract Syntax Notation One (ASN.1) object that is referenced by the SubjectPublicKeyInfo object in an X.509 version 3 certificate contains an algorithm object identifier (OID) and optional parameters.
SubjectPublicKeyInfo ::= SEQUENCE
{
algorithm AlgorithmIdentifier,
subjectPublicKey BIT STRING
}
AlgorithmIdentifier ::= SEQUENCE
{
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL
}
The format and content of the parameters differs by algorithm. The Certificate Enrollment Control generates parameter values for various algorithms as required. For more information, see the following sections:
- RSA Public Key Algorithm
- Key Transport Using RSA-OAEP
- Key Agreement Using ECDH
- Content Encryption Using AES
RSA Public Key Algorithm
RSA is often used to encrypt a private key and send it to a certification authority (CA) for archival. The XCN_OID_RSA_RSA (1.2.840.113549.1.1.1) algorithm OID must have a NULL parameter value. The ASN.1 NULL value is represented by two bytes. The tag number is 0x05 and the value associated with the tag is 0x00. This is shown by the following certificate example.
...
Public Key Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA (RSA_KEYX)
Algorithm Parameters:
05 00
...
Key Transport Using RSA-OAEP
The RSA-OAEP algorithm, XCN_OID_RSAES_OAEP (1.2.840.113549.1.1.7), is also supported for key transport. The parameters field has the following syntax.
RSAES-OAEP-params ::= SEQUENCE
{
hashFunc [0] AlgorithmIdentifier DEFAULT sha1OID,
maskGenFunc [1] AlgorithmIdentifier DEFAULT mgf1SHA1OID,
pSourceFunc [2] AlgorithmIdentifier DEFAULT pSpecifiedEmptyOID
}
Key Agreement Using ECDH
The single pass Elliptic Curve Diffie-Hellman algorithm, XCN_OID_DH_SINGLE_PASS_STDDH_SHA1_KDF (1.3.133.16.840.63.0.2), is supported for key agreement. Key agreement uses two levels of encryption:- The message is encrypted by using a content encryption key (CEK) and a symmetric encryption algorithm.
- The CEK is encrypted (wrapped) by using a symmetric key encryption key (KEK).
- XCN_OID_RSA_SMIMEalgCMS3DESwrap (1.2.840.113549.1.9.16.3.)
- XCN_OID_RSA_SMIMEalgCMSRC2wrap (1.2.840.113549.1.9.16.3.7)
- XCN_OID_NIST_AES128_WRAP (2.16.840.1.101.3.4.1.5)
- XCN_OID_NIST_AES192_WRAP (2.16.840.1.101.3.4.1.25)
- XCN_OID_NIST_AES256_WRAP (2.16.840.1.101.3.4.1.45)
Content Encryption Using AES
The Advanced Encryption Standard (AES) is used to encrypt content. The following algorithms are supported:- XCN_OID_NIST_AES128_CBC (2.16.840.1.101.3.4.1.2)
- XCN_OID_NIST_AES192_CBC (2.16.840.1.101.3.4.1.22)
- XCN_OID_NIST_AES256_CBC (2.16.840.1.101.3.4.1.42)
AES-IV ::= OCTET STRING (SIZE(16))
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows Vista [desktop apps only] |
| Minimum supported server | Windows Server 2008 [desktop apps only] |
| Target Platform | Windows |
| Header | certenroll.h |
| DLL | CertEnroll.dll |
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for