IX509SignatureInformation interface (certenroll.h)

The IX509SignatureInformation interface represents information used to sign a certificate request. This includes signature, hash, and public key algorithms, and public key parameters. The signature process consists of digesting the certificate request by using a hash algorithm, encoding the digest and the hash algorithm identifier by using Distinguished Encoding Rules (DER), and signing (encrypting) the result.

The algorithms used in this process can be either discrete or combined. Discrete algorithms are represented by separate object identifiers (OIDs) for the hashing algorithm and the signing algorithm. Discrete algorithms are used when signing a PKCS #7 or CMC request. Examples include the following values.

Discrete algorithm OID Description
XCN_OID_NIST_sha256(2.16.840.1.101.3.4.2.1) National Institute of Standards and Technologies (NIST) 256-bit SHA hashing algorithm.
XCN_OID_OIWSEC_rsaSign(1.3.14.3.2.11) NIST OSE Implementer Workshop Security (OIWSEC) RSA signing algorithm.
 

Combined algorithms, which can be used to sign PKCS #10 requests, are represented by a single OID that identifies both the hashing and the signing algorithm. Examples include the following values.

Combined algorithm OID Description
XCN_OID_RSA_MD2RSA(1.2.840.113549.1.1.2) MD2 hashing algorithm combined with the RSA encryption algorithm from RSA Laboratories.
XCN_OID_OIWSEC_md5RSA(1.3.14.3.2.3) OIWSEC MD5 hashing algorithm combined with the RSA encryption algorithm.
 

The object is automatically initialized when an IX509CertificateRequestCmc, IX509CertificateRequestPkcs10, or ISignerCertificate object is initialized.

Inheritance

The IX509SignatureInformation interface inherits from the IDispatch interface. IX509SignatureInformation also has these types of members:

Methods

The IX509SignatureInformation interface has these methods.

 
IX509SignatureInformation::get_AlternateSignatureAlgorithm

Specifies and retrieves a Boolean value that specifies whether the GetSignatureAlgorithm method should retrieve a discrete or combined algorithm object identifier (OID) for a PKCS
IX509SignatureInformation::get_AlternateSignatureAlgorithmSet

Retrieves a Boolean value that specifies whether the AlternateSignatureAlgorithm property has been explicitly set by a caller.
IX509SignatureInformation::get_HashAlgorithm

Specifies and retrieves an object identifier (OID) for the hashing algorithm used in the GetSignatureAlgorithm method.
IX509SignatureInformation::get_NullSigned

Specifies and retrieves a Boolean value that indicates whether the certificate request is null-signed.
IX509SignatureInformation::get_Parameters

Retrieves a byte array that contains the parameters associated with the signature algorithm.
IX509SignatureInformation::get_PublicKeyAlgorithm

Specifies and retrieves an object identifier (OID) for the public key algorithm used in the GetSignatureAlgorithm method.
IX509SignatureInformation::GetSignatureAlgorithm

Retrieves the signing algorithm object identifier (OID).
IX509SignatureInformation::put_AlternateSignatureAlgorithm

Specifies and retrieves a Boolean value that specifies whether the GetSignatureAlgorithm method should retrieve a discrete or combined algorithm object identifier (OID) for a PKCS
IX509SignatureInformation::put_HashAlgorithm

Specifies and retrieves an object identifier (OID) for the hashing algorithm used in the GetSignatureAlgorithm method.
IX509SignatureInformation::put_NullSigned

Specifies and retrieves a Boolean value that indicates whether the certificate request is null-signed.
IX509SignatureInformation::put_Parameters

Retrieves a byte array that contains the parameters associated with the signature algorithm.
IX509SignatureInformation::put_PublicKeyAlgorithm

Specifies and retrieves an object identifier (OID) for the public key algorithm used in the GetSignatureAlgorithm method.
IX509SignatureInformation::SetDefaultValues

Specifies a default hashing algorithm used to create a digest of the certificate request prior to signing.

Requirements

   
Minimum supported client Windows Vista [desktop apps only]
Minimum supported server Windows Server 2008 [desktop apps only]
Target Platform Windows
Header certenroll.h

See also

Certificate Enrollment API

IDispatch

ISignerCertificate

IX509CertificateRequestCmc

IX509CertificateRequestPkcs10