CERT_STRONG_SIGN_SERIALIZED_INFO structure (wincrypt.h)
Contains the signature algorithm/hash algorithm and public key algorithm/bit length pairs that can be used for strong signing. This structure is used by the CERT_STRONG_SIGN_PARA structure.
Syntax
typedef struct _CERT_STRONG_SIGN_SERIALIZED_INFO {
DWORD dwFlags;
LPWSTR pwszCNGSignHashAlgids;
LPWSTR pwszCNGPubKeyMinBitLengths;
} CERT_STRONG_SIGN_SERIALIZED_INFO, *PCERT_STRONG_SIGN_SERIALIZED_INFO;
Members
dwFlags
By default, certificate strong signing parameters do not apply to certificate revocation lists (CRLs) or online certificate status protocol (OCSP) responses. You can set one or both of the following values to enable strong signing on CRLs and OCSP responses.
| Value | Meaning |
|---|---|
|
Enable strong signing of CRLs. |
|
Enable strong signing of OCSP responses. |
pwszCNGSignHashAlgids
Pointer to a null-terminated Unicode string that contains a set of signature algorithm/hash algorithm pairs. A Unicode semicolon (L";") separates the pairs. This is shown by the following example.
L"RSA/SHA256;RSA/SHA384;ECDSA/SHA256;ECDSA/SHA384"
The following signature algorithms are supported:
- L"RSA" (BCRYPT_RSA_ALGORITHM)
- L"DSA" (BCRYPT_DSA_ALGORITHM)
- L"ECDSA" (SSL_ECDSA_ALGORITHM)
The following signature algorithms are not supported:
- L"ECDSA_P256" (BCRYPT_ECDSA_P256_ALGORITHM)
- L"ECDSA_P384" (BCRYPT_ECDSA_P384_ALGORITHM)
- L"ECDSA_P521" (BCRYPT_ECDSA_P521_ALGORITHM)
The following hash algorithms are supported:
- L"MD5" (BCRYPT_MD5_ALGORITHM)
- L"SHA1" (BCRYPT_SHA1_ALGORITHM)
- L"SHA256" (BCRYPT_SHA256_ALGORITHM)
- L"SHA256" (BCRYPT_SHA256_ALGORITHM)
- L"SHA512" (BCRYPT_SHA512_ALGORITHM)
pwszCNGPubKeyMinBitLengths
Pointer to a null-terminated Unicode string that contains a set of public key algorithm/bit length pairs. A Unicode semicolon (L";") separates the pairs. This is shown by the following example.
L”RSA/2048;ECDSA/256”
The following public key algorithms are supported:
- L"RSA" (BCRYPT_RSA_ALGORITHM)
- L"DSA" (BCRYPT_DSA_ALGORITHM)
- L"ECDSA" (SSL_ECDSA_ALGORITHM)
Remarks
This structure is used by the CERT_STRONG_SIGN_PARA structure which is directly referenced by the following functions:
Also, CERT_STRONG_SIGN_PARA is indirectly referenced by the following:- CryptDecodeMessage
- CryptDecryptAndVerifyMessageSignature
- CertGetCertificateChain
- CertSelectCertificateChains
- CryptVerifyDetachedMessageSignature
- CryptVerifyMessageSignature
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows 8 [desktop apps only] |
| Minimum supported server | Windows Server 2012 [desktop apps only] |
| Header | wincrypt.h |