Alternatives to Using CAPICOM

Note

CAPICOM is a 32-bit only component that was available in the Windows SDK for use in the following operating systems: Windows Server 2008, Windows Vista, Windows XP. Instead, use .NET or .NET Framework to implement security features. For more information, see the alternatives listed below.

Important

None of the alternatives to CAPICOM offer a solution for scripts; therefore, you must write your own ActiveX control. For more information, see ActiveX Controls.

Certificate Store Objects

We suggest the following alternatives for working with certificate stores and the certificates in those stores.

Object Alternative
Certificate The Certificate object is available for use in the operating systems specified in the Requirements section. Instead, use the X509Certificate2 Class in the System.Security.Cryptography.X509Certificates namespace.
CertificatePolicies The CertificatePolicies object is available for use in the operating systems specified in the Requirements section. Instead, use the X509Extension Class in the System.Security.Cryptography.X509Certificates namespace by calling the constructor that takes an OID as a parameter, and then use the OID for Certificate Policies to retrieve the certificate policies.
Certificates The Certificates object is available for use in the operating systems specified in the Requirements section. Instead, use the X509Certificate2Collection Class in the System.Security.Cryptography.X509Certificates namespace.
CertificateStatus The CertificateStatus object is available for use in the operating systems specified in the Requirements section. Instead, use the X509ChainStatus Structure in the System.Security.Cryptography.X509Certificates namespace.
Chain The Chain object is available for use in the operating systems specified in the Requirements section. Instead, use the X509Chain Class in the System.Security.Cryptography.X509Certificates namespace.
ExtendedProperties The ExtendedProperties object is available for use in the operating systems specified in the Requirements section. Instead, use Platform Invocation Services (PInvoke) to call the Win32 API function CertGetCertificateContextProperty and obtain the properties. For information about PInvoke, see Platform Invoke (P/Invoke). The .NET and CryptoAPI via P/Invoke: Part 1 and .NET and CryptoAPI via P/Invoke: Part 2 subsections of Extending .NET Cryptography with CAPICOM and P/Invoke may also be helpful.
ExtendedProperty The ExtendedProperty object is available for use in the operating systems specified in the Requirements section. Instead, use Platform Invocation Services (PInvoke) to call the Win32 API function CertGetCertificateContextProperty and obtain the properties. For information about PInvoke, see Platform Invoke (P/Invoke). The .NET and CryptoAPI via P/Invoke: Part 1 and .NET and CryptoAPI via P/Invoke: Part 2 subsections of Extending .NET Cryptography with CAPICOM and P/Invoke may also be helpful.
Extension The Extension object is available for use in the operating systems specified in the Requirements section. Instead, use the X509Extension Class in the System.Security.Cryptography.X509Certificates namespace.
Extensions The Extensions object is available for use in the operating systems specified in the Requirements section. Instead, use the X509ExtensionCollection Class in the System.Security.Cryptography.X509Certificates namespace.
PrivateKey The PrivateKey object is available for use in the operating systems specified in the Requirements section. Instead, use the X509Certificate2.PrivateKey Property in the System.Security.Cryptography.X509Certificates namespace.
PublicKey The PublicKey object is available for use in the operating systems specified in the Requirements section. Instead, use the X509Certificate2.PublicKey Property in the System.Security.Cryptography.X509Certificates namespace.
Store The Store object is available for use in the operating systems specified in the Requirements section. Instead, use the X509Store Class in the System.Security.Cryptography.X509Certificates namespace.
Template The Template object is available for use in the operating systems specified in the Requirements section. Instead, use the X509Extension Class in the System.Security.Cryptography.X509Certificates namespace by calling the constructor that takes an OID as a parameter, and then use the OID for Certificate Template to retrieve the certificate extension template.

Digital Signature Objects

We suggest the following alternatives to digitally sign data and to verify digital signatures.

Object Alternative
SignedCode The SignedCode object is available for use in the operating systems specified in the Requirements section. Instead, use Platform Invocation Services (PInvoke) to call the Win32 API SignerSignEx, SignerTimeStampEx, and WinVerifyTrust functions to sign content with an Authenticode digital signature. For information about PInvoke, see Platform Invoke (P/Invoke). The .NET and CryptoAPI via P/Invoke: Part 1 and .NET and CryptoAPI via P/Invoke: Part 2 subsections of Extending .NET Cryptography with CAPICOM and P/Invoke may also be helpful.
SignedData The SignedData object is available for use in the operating systems specified in the Requirements section. Instead, use the SignedCms Class in the System.Security.Cryptography.Pkcs namespace.
Signer The Signer object is available for use in the operating systems specified in the Requirements section. Instead, use the CmsSigner Class in the System.Security.Cryptography.Pkcs namespace.
Signers The Signers object is available for use in the operating systems specified in the Requirements section. Instead, use a collection of CmsSigner objects. For more information, see the CmsSigner Class in the System.Security.Cryptography.Pkcs namespace.

Enveloped Data Objects

We suggest the following alternatives to create enveloped data messages for privacy and to decrypt data in enveloped messages.

Object Description
EnvelopedData The EnvelopedData object is available for use in the operating systems specified in the Requirements section. Instead, use the EnvelopedCms Class in the System.Security.Cryptography.Pkcs namespace.
Recipients The Recipients object is available for use in the operating systems specified in the Requirements section. Instead, use the CmsRecipientCollection Class in the System.Security.Cryptography.Pkcs namespace.

Data Encryption Objects

We suggest the following alternatives to encrypt arbitrary data for privacy and to decrypt encrypted data.

Object Description
EncryptedData The EncryptedData object is available for use in the operating systems specified in the Requirements section. Instead, use Platform Invocation Services (PInvoke) to call the Win32 API functions CryptEncryptMessage and CryptDecryptMessage to encrypt and decrypt messages. For information about PInvoke, see Platform Invoke (P/Invoke). The .NET and CryptoAPI via P/Invoke: Part 1 and .NET and CryptoAPI via P/Invoke: Part 2 subsections of Extending .NET Cryptography with CAPICOM and P/Invoke may also be helpful.

Auxiliary Objects

We suggest the following alternatives to change default behaviors of other objects and to manage certificates, certificate stores, and messages.

Object Description
Algorithm The Algorithm object is available for use in the operating systems specified in the Requirements section. Instead, use the AlgorithmIdentifier Class in the System.Security.Cryptography.Pkcs namespace.
Attribute The Attribute object is available for use in the operating systems specified in the Requirements section. Instead, use the CryptographicAttributeObject Class in the System.Security.Cryptography namespace.
Attributes The Attributes object is available for use in the operating systems specified in the Requirements section. Instead, use the CryptographicAttributeObjectCollection Class in the System.Security.Cryptography namespace.
BasicConstraints The BasicConstraints object is available for use in the operating systems specified in the Requirements section. Instead, use the X509BasicConstraintsExtension Class in the System.Security.Cryptography.X509Certificates namespace.
EKU The EKU object is available for use in the operating systems specified in the Requirements section. Instead, use the X509EnhancedKeyUsageExtension Class in the System.Security.Cryptography.X509Certificates namespace.
EKUs The EKUs object is available for use in the operating systems specified in the Requirements section. Instead, use the X509ExtensionCollection Class in the System.Security.Cryptography.X509Certificates namespace.
EncodedData The EncodedData object is available for use in the operating systems specified in the Requirements section. Instead, use the AsnEncodedData Class in the System.Security.Cryptography namespace.
ExtendedKeyUsage The ExtendedKeyUsage object is available for use in the operating systems specified in the Requirements section. Instead, use the X509EnhancedKeyUsageExtension Class in the System.Security.Cryptography.X509Certificates namespace.
HashedData The HashedData object is available for use in the operating systems specified in the Requirements section. Instead, use the HashAlgorithm Class in the System.Security.Cryptography namespace.
KeyUsage The KeyUsage object is available for use in the operating systems specified in the Requirements section. Instead, use the X509EnhancedKeyUsageExtension Class in the System.Security.Cryptography.X509Certificates namespace.
NoticeNumbers The NoticeNumbers object is available for use in the operating systems specified in the Requirements section. For more information, see Qualifier.
OID The OID object is available for use in the operating systems specified in the Requirements section. Instead, use the Oid Class in the System.Security.Cryptography namespace.
OIDs The OIDs object is available for use in the operating systems specified in the Requirements section. Instead, use the OidCollection Class in the System.Security.Cryptography namespace.
PolicyInformation The PolicyInformation object is available for use in the operating systems specified in the Requirements section. Instead, use the X509Extension Class in the System.Security.Cryptography.X509Certificates namespace by calling the constructor that takes an OID as a parameter, and then use the OID for Certificate Policies to process policy information in the Certificate policies extension.
Qualifier The Qualifier object is available for use in the operating systems specified in the Requirements section. Instead, use the X509Extension Class in the System.Security.Cryptography.X509Certificates namespace by calling the constructor that takes an OID as a parameter, and then use the OID for Certificate Policies to process qualifiers that are part of the policy information in the Certificate Policies extension.
Qualifiers The Qualifiers object is available for use in the operating systems specified in the Requirements section. Instead, use the X509Extension Class in the System.Security.Cryptography.X509Certificates namespace by calling the constructor that takes an OID as a parameter, and then use the OID for Certificate Policies to process qualifiers that are part of the policy information in the Certificate Policies extension.
Settings No alternative is available.
Utilities No alternative is available.