Constants for CryptEncodeObject and CryptDecodeObject
The CryptEncodeObject, CryptEncodeObjectEx, CryptSignAndEncodeCertificate, CryptDecodeObject, and CryptDecodeObjectEx functions are generalized encoding and decoding functions, capable of encoding and decoding Abstract Syntax Notation One (ASN.1) encoded certificates, certificate revocation lists (CRLs), certificate trust lists (CTLs), and certificate requests.
The following table lists the predefined constants, extensions, and attributes used with encode and decode operations and the data structure to be pointed to by the pvStructInfo parameter.
Note
Some predefined constants and OID strings have the same meaning. When they do, either can be used as the lpszStuctType parameter.
| Constant/value | Description |
|---|---|
|
The pvStructInfo parameter is a pointer to a CMC_ADD_ATTRIBUTES_INFO structure. |
|
The pvStructInfo parameter is a pointer to a CMC_ADD_EXTENSIONS_INFO structure. |
|
The pvStructInfo parameter is a pointer to a CRYPT_ALGORITHM_IDENTIFIER structure. |
|
The pvStructInfo parameter is a pointer to a CERT_ALT_NAME_INFO structure. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to a CERT_NAME_VALUE structure. |
|
The pvStructInfo parameter is a pointer to a CERT_POLICY_QUALIFIER_INFO structure. |
|
The pvStructInfo parameter is a pointer to a CERT_POLICY_CONSTRAINTS_INFO structure. |
|
The pvStructInfo parameter is a pointer to a CERT_POLICY_MAPPINGS_INFO structure. |
|
The pvStructInfo parameter is a pointer to a CRYPT_ATTRIBUTE structure. |
|
The pvStructInfo parameter is a pointer to a CERT_AUTHORITY_INFO_ACCESS structure. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to a CERT_AUTHORITY_INFO_ACCESS structure. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to a CERT_AUTHORITY_INFO_ACCESS structure. |
|
The pvStructInfo parameter is a pointer to a CERT_AUTHORITY_INFO_ACCESS structure. |
|
The pvStructInfo parameter is a pointer to a CERT_AUTHORITY_KEY_ID_INFO structure. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to a CERT_AUTHORITY_KEY_ID2_INFO structure. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to a CERT_AUTHORITY_KEY_ID_INFO structure. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to a CERT_AUTHORITY_KEY_ID2_INFO structure. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to a CERT_BASIC_CONSTRAINTS_INFO structure. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to a CERT_BASIC_CONSTRAINTS_INFO structure. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to a CERT_BASIC_CONSTRAINTS2_INFO structure. |
|
The pvStructInfo parameter is a pointer to a CERT_BASIC_CONSTRAINTS2_INFO structure. |
|
The pvStructInfo parameter is a pointer to a CERT_BIOMETRIC_EXT_INFO structure. Windows Server 2003 and Windows XP: This value is not supported. |
|
The pvStructInfo parameter is a pointer to a CERT_BIOMETRIC_EXT_INFO structure. Windows Server 2003 and Windows XP: This value is not supported. |
|
The pvStructInfo parameter is a pointer to a CRYPT_BIT_BLOB structure. |
|
The pvStructInfo parameter is a pointer to a CERT_SIGNED_CONTENT_INFO structure. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to a CRL_INFO structure. |
|
The pvStructInfo parameter is a pointer to a CERT_EXTENSIONS structure. |
|
The pvStructInfo parameter is a pointer to a CERT_PAIR structure. |
|
The pvStructInfo parameter is a pointer to a CERT_POLICIES_INFO structure. |
|
The pvStructInfo parameter is a pointer to a CERT_POLICIES_INFO structure. |
|
The pvStructInfo parameter is a pointer to a CERT_REQUEST_INFO structure. |
|
The pvStructInfo parameter is a pointer to a CERT_INFO structure. |
|
The pvStructInfo parameter is a pointer to a CERT_TEMPLATE_EXT structure. |
|
The pvStructInfo parameter is a pointer to a CERT_TEMPLATE_EXT structure. |
|
The pvStructInfo parameter is a pointer to a FILETIME variable. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to a CRYPT_CONTENT_INFO structure. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to a CRYPT_CONTENT_INFO_SEQUENCE_OF_ANY structure. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to a CRL_DIST_POINTS_INFO structure. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to a CRL_DIST_POINTS_INFO structure. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to an int variable. |
|
The pvStructInfo parameter is a pointer to an integer that contains the enumerated value. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to an integer that contains the enumerated value. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to an int variable. |
|
The pvStructInfo parameter is a pointer to a CROSS_CERT_DIST_POINTS_INFO structure. |
|
The pvStructInfo parameter is a pointer to a CROSS_CERT_DIST_POINTS_INFO structure. |
|
The pvStructInfo parameter is a pointer to a Diffie-Hellman Version 3 Public Key BLOBs or DSS Version 3 Public Key BLOBs structure. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to a CTL_INFO structure. |
|
The pvStructInfo parameter is a pointer to a CMC_DATA_INFO structure. |
|
The pvStructInfo parameter is a pointer to an int variable. |
|
The pvStructInfo parameter is a pointer to a CERT_DSS_PARAMETERS structure. |
|
The pvStructInfo parameter is a pointer to a CRYPT_UINT_BLOB structure. |
|
The pvStructInfo parameter is a pointer to an array of 40 bytes. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to an LPSTR of the object identifier dot representation. |
|
The pvStructInfo parameter is a pointer to a CERT_ECC_SIGNATURE structure. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to a CRYPT_ECC_PRIVATE_KEY_INFO structure. Windows Server 2003, Windows XP, Windows 2000 and Windows Vista: This value is not supported. |
|
The pvStructInfo parameter is a pointer to a CRYPT_ALGORITHM_IDENTIFIER structure. |
|
The pvStructInfo parameter is a pointer to a CERT_ENHKEY_USAGE or CTL_USAGE structure. (These structures are the same but are known by different names.) |
|
The pvStructInfo parameter is a pointer to a CERT_ENHKEY_USAGE or CTL_USAGE structure. (These structures are the same but are known by different names.) |
|
The pvStructInfo parameter is a pointer to a CRYPT_ENROLLMENT_NAME_VALUE_PAIR structure. |
|
The pvStructInfo parameter is a pointer to an integer that contains the enumerated value. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to a CERT_EXTENSIONS structure. |
|
The pvStructInfo parameter is a pointer to a CRL_DIST_POINTS_INFO structure. |
|
The pvStructInfo parameter is a pointer to a signed integer of 32 bits or less. |
|
The pvStructInfo parameter is a pointer to a CERT_ALT_NAME_INFO structure. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to a CERT_ALT_NAME_INFO structure. |
|
The pvStructInfo parameter is a pointer to a CRL_ISSUING_DIST_POINT structure. |
|
The pvStructInfo parameter is a pointer to a CRL_ISSUING_DIST_POINT structure. |
|
The pvStructInfo parameter is a pointer to a CERT_KEY_ATTRIBUTES_INFO structure. |
|
The pvStructInfo parameter is a pointer to a CERT_KEY_ATTRIBUTES_INFO structure. |
|
The pvStructInfo parameter is a pointer to a CRYPT_BIT_BLOB structure. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to a CRYPT_BIT_BLOB structure. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to a CERT_KEY_USAGE_RESTRICTION_INFO structure. |
|
The pvStructInfo parameter is a pointer to a CERT_KEY_USAGE_RESTRICTION_INFO structure. |
|
The pvStructInfo parameter is a pointer to a CERT_KEYGEN_REQUEST_INFO structure. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to a CERT_LOGOTYPE_EXT_INFO structure. |
|
The pvStructInfo parameter is a pointer to a CERT_LOGOTYPE_EXT_INFO structure. Windows Server 2003 and Windows XP: This value is not supported. |
|
The pvStructInfo parameter is a pointer to a CRYPT_INTEGER_BLOB structure. The BLOB is in little-endian order. |
|
The pvStructInfo parameter is a pointer to a CRYPT_UINT_BLOB structure. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to a CERT_NAME_INFO structure. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to a CERT_NAME_CONSTRAINTS_INFO structure. |
|
The pvStructInfo parameter is a pointer to a CERT_NAME_CONSTRAINTS_INFO structure. |
|
The pvStructInfo parameter is a pointer to a CERT_NAME_VALUE structure. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to a CERT_ALT_NAME_INFO structure. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to an LPSTR of the object identifier dot representation. Windows Server 2003 and Windows XP: This value is not supported. |
|
The pvStructInfo parameter is a pointer to a CRYPT_DATA_BLOB structure. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to a CERT_DSS_PARAMETERS structure. |
|
The pvStructInfo parameter is a pointer to a CERT_POLICY_CONSTRAINTS_INFO structure. |
|
The pvStructInfo parameter is a pointer to a CERT_POLICY_CONSTRAINTS_INFO structure. |
|
The pvStructInfo parameter is a pointer to a CERT_POLICY_MAPPINGS_INFO structure. |
|
The pvStructInfo parameter is a pointer to a CERT_POLICY_MAPPINGS_INFO structure. |
|
The pvStructInfo parameter is a pointer to a CERT_PUBLIC_KEY_INFO structure. |
|
The pvStructInfo parameter is a pointer to a CRYPT_RC2_CBC_PARAMETERS structure. |
|
The pvStructInfo parameter is a pointer to a CMC_RESPONSE_INFO structure. |
|
The pvStructInfo parameter is a pointer to a BCRYPT_RSAKEY_BLOB immediately followed by the exponent and the modulus bytes. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to a private BCRYPT_RSAKEY_BLOB structure. Windows Server 2003, Windows XP, Windows 2000 and Windows Vista: This value is not supported. |
|
The pvStructInfo parameter is a pointer to a FILETIME variable. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to a CRYPT_SMIME_CAPABILITIES structure. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to a CRYPT_RSA_SSA_PSS_PARAMETERS structure. For details, see Remarks. Windows Server 2003 and Windows XP: This value is not supported. |
|
The pvStructInfo parameter is a pointer to a CRYPT_RSA_SSA_PSS_PARAMETERS structure. For details, see Remarks. Windows Server 2003 and Windows XP: This value is not supported. |
|
The pvStructInfo parameter is a pointer to a CRYPT_RSAES_OAEP_PARAMETERS structure. For details, see Remarks. Windows Server 2003 and Windows XP: This value is not supported. |
|
The pvStructInfo parameter is a pointer to a CRYPT_ECC_CMS_SHARED_INFO structure. Windows Server 2003 and Windows XP: This value is not supported. |
|
The pvStructInfo parameter is a pointer to a CRYPT_RSAES_OAEP_PARAMETERS structure. For details, see Remarks. Windows Server 2003 and Windows XP: This value is not supported. |
|
The pvStructInfo parameter is a pointer to a CRYPT_SEQUENCE_OF_ANY structure. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to a CMSG_SIGNER_INFO structure. |
|
The pvStructInfo parameter is a pointer to a CMSG_CMS_SIGNER_INFO structure. |
|
The pvStructInfo parameter is a pointer to a CRYPT_SMIME_CAPABILITIES structure. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to a CMC_STATUS_INFO structure. |
|
The pvStructInfo parameter is a pointer to a CERT_ALT_NAME_INFO structure. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to a CERT_ALT_NAME_INFO structure. |
|
The pvStructInfo parameter is a pointer to a CRYPT_DATA_BLOB structure. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to a CRYPT_TIME_STAMP_REQUEST_INFO structure. |
|
The pvStructInfo parameter is a pointer to a CERT_NAME_VALUE structure. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to a CERT_NAME_INFO structure. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to a CERT_NAME_VALUE structure. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to a FILETIME variable. For details, see Remarks. |
|
The pvStructInfo parameter is a pointer to a OCSP_SIGNED_REQUEST_INFO variable. Windows Server 2003 and Windows XP: This value is not supported. |
|
The pvStructInfo parameter is a pointer to a OCSP_REQUEST_INFO variable. Windows Server 2003 and Windows XP: This value is not supported. |
|
The pvStructInfo parameter is a pointer to a OCSP_RESPONSE_INFO variable. Windows Server 2003 and Windows XP: This value is not supported. |
|
The pvStructInfo parameter is a pointer to a OCSP_BASIC_SIGNED_RESPONSE_INFO variable. Windows Server 2003 and Windows XP: This value is not supported. |
|
The pvStructInfo parameter is a pointer to a OCSP_BASIC_RESPONSE_INFO variable. Windows Server 2003 and Windows XP: This value is not supported. |
|
The pvStructInfo parameter is a pointer to an RSA private key BLOB. For more information, see Diffie-Hellman Version 3 Private Key BLOBs and DSS Version 3 Private Key BLOBs. |
|
The pvStructInfo parameter is a pointer to a CRYPT_PRIVATE_KEY_INFO structure. |
|
The pvStructInfo parameter is a pointer to a CRYPT_ENCRYPTED_PRIVATE_KEY_INFO structure. |
|
The pvStructInfo parameter is a pointer to a CRYPT_TIMESTAMP_INFO structure. Windows Server 2003 and Windows XP: This value is not supported. |
Remarks
The following table provides further details about specific lpszStructType values.
| Value | Description |
|---|---|
| X509_ALTERNATE_NAMEszOID_ISSUER_ALT_NAME szOID_SUBJECT_ALT_NAME |
Before encoding, the LPWSTR name choices are converted to IA5 strings. If the string contains an IA5 string that is not valid, GetLastError returns CRYPT_E_INVALID_IA5_STRING, and *pcbEncoded is updated with the error location of the character that is not valid. Error location indices are returned in *pcbEncoded as follows: Bit 0 is the least significant bit of the DWORD. The VALUE_INDEX of the error is located in bits 0 through 15. This is the Unicode character index. The ENTRY_INDEX of the error is located in bits 16 through 23. Macros GET_CERT_ALT_NAME_VALUE_ERR_INDEX(X) and GET_CERT_ALT_NAME_ENTRY_ERR_INDEX(X) are defined to provide for easy reading of the bitmapped fields for VALUE_INDEX and ENTRY_INDEX from the DWORD that contains them: The szOID_SUBJECT_ALT_NAME has been superseded by szOID_SUBJECT_ALT_NAME2. New certificate servers are implementing the latter. |
| X509_AUTHORITY_INFO_ACCESS szOID_AUTHORITY_INFO_ACCESS szOID_AUTHORITY_KEY_IDENTIFIER2 X509_AUTHORITY_KEY_ID2 |
If an encode function returns CRYPT_E_INVALID_IA5_STRING as GetLastError, the error location returned in *pcbEncoded consists of: ENTRY_INDEX – 8 bits << 16 VALUE_INDEX – 16 bits (Unicode character index) Error location indices are returned in *pcbEncoded as follows: Bit 0 is the least significant bit of the DWORD. The VALUE_INDEX of the error is located in bits 0 through 15. This is the Unicode character index. The ENTRY_INDEX of the error is located in bits 16 through 23. Macros GET_CERT_ALT_NAME_VALUE_ERR_INDEX(X) and GET_CERT_ALT_NAME_ENTRY_ERR_INDEX(X) are defined to provide for easy reading of the bitmapped fields for VALUE_INDEX and ENTRY_INDEX from the DWORD that contains them. |
| X509_AUTHORITY_KEY_IDszOID_AUTHORITY_KEY_IDENTIFIER |
The X509_AUTHORITY_KEY_ID has been superseded by X509_AUTHORITY_KEY_ID2. New certificate servers are implementing the latter. |
| X509_BASIC_CONSTRAINTSszOID_BASIC_CONSTRAINTS |
The X509_BASIC_CONSTRAINTS has been superseded by X509_BASIC_CONSTRAINTS2. New certificate servers are implementing the latter. |
| X509_CERT | The CERT_SIGNED_CONTENT_INFO structure contains the encoded content to be signed, its signature, and signature algorithm. The ToBeSigned member is an encoded CERT_INFO, CRL_INFO, CERT_REQUEST_INFO, or CERT_KEYGEN_REQUEST_INFO output from a previous call to CryptEncodeObject for one of the following lpszStructType values:
|
| szOID_CERT_EXTENSIONS | May be used for one of the attribute types in a certificate request. |
| X509_CHOICE_OF_TIME | For X509_ASN_ENCODING, if the time is after 1950 and before 2050, it is UTC time encoded with a two-digit year. Otherwise, it is Generalized time encoded with a four-digit year, The date is precise to seconds. |
| PKCS_CONTENT_INFO | For X509_ASN_ENCODING, encoded as a PKCS #7 ContentInfo structure. The CRYPT_DER_BLOB points to the already encoded ANY content. |
| PKCS_CONTENT_INFO_SEQUENCE_OF_ANY | For X509_ASN_ENCODING, encoded as a PKCS #7 ContentInfo structure wrapping a sequence of ANY. The value of the contentType member is pszObjId, while the content field is the following structure: SequenceOfAny ::= SEQUENCE OF ANY The CRYPT_DER_BLOB points to the already encoded ANY content. |
| X509_CRL_DIST_POINTSszOID_CRL_DIST_POINTS |
If the encode function fails with GetLastError returning CRYPT_E_INVALID_IA5_STRING, *pcbEncoded is updated with the error location of the character that is not valid: CRL_ISSUER_BIT – 1 bit << 31 (0 for FullName, 1 for CRLIssuer) POINT_INDEX – 7 bits << 24 ENTRY_INDEX – 8 bits << 16 VALUE_INDEX – 16 bits (Unicode character index) Error location indices are returned in *pcbEncoded as follows: Bit 0 is the least significant bit of the DWORD. The VALUE_INDEX of the error is located in bits 0 through 15. This is the Unicode character index. The ENTRY_INDEX of the error is located in bits 16 through 23. Macros GET_CERT_ALT_NAME_VALUE_ERR_INDEX(X) and GET_CERT_ALT_NAME_ENTRY_ERR_INDEX(X) are defined to provide for easy reading of the bitmapped fields for VALUE_INDEX and ENTRY_INDEX from the DWORD that contains them. |
| szOID_CRL_NUMBER | Used with base certificate revocation lists (CRLs) only. This is a monotonically increasing sequence number for each CRL issued by a certification authority. |
| X509_CRL_REASON_CODEszOID_CRL_REASON_CODE X509_ENUMERATED |
The Integer can be set to one of the following enumerated values.
|
| szOID_CRL_VIRTUAL_BASE | Used with Delta CRLs only. It contains the base CRL Number of the corresponding base CRL. |
| X509_CROSS_CERT_DIST_POINTSszOID_CROSS_CERT_DIST_POINTS |
For CRYPT_E_INVALID_IA5_STRING, the error location is returned in *pcbEncoded by CryptEncodeObject(X509_CRL_DIST_POINTS) Error location consists of:
|
| RSA_CSP_PUBLICKEYBLOB | The CryptExportKey function outputs the above pvStructInfo value for a dwBlobType of PUBLICKEYBLOB. The CryptImportKey function expects the above pvStructInfo value when importing a public key. If dwCertEncodingType is X509_ASN_ENCODING, the RSA_CSP_PUBLICKEYBLOB is encoded as a PKCS #1 RSAPublicKey consisting of a SEQUENCE of a modulus INTEGER and a publicExponent INTEGER. The modulus is encoded as being an unsigned integer. For the decode functions, pvStructInfo points to a public key BLOB immediately followed by a RSAPUBKEY and the modulus bytes. (For information about public key BLOBs, see CRYPT_INTEGER_BLOB.) The CryptExportKey outputs the pvStructInfo value for a dwBlobType of PUBLICKEYBLOB. The CryptImportKey function expects the pvStructInfo value when importing a public key. If dwCertEncodingType is X509_ASN_ENCODING, the RSA_CSP_PUBLICKEYBLOB is encoded as a PKCS #1 RSAPublicKey consisting of a SEQUENCE of a modulus INTEGER and a publicExponent INTEGER. When decoded, if the modulus was encoded as an unsigned integer with a leading 0 byte, the 0 byte is removed before converting to the CSP modulus bytes. Because PKCS ) structure is always set to CALG_RSA_KEYX. |
| szOID_DELTA_CRL_INDICATOR | Used with Delta CRLs only. This is marked critical and contains the minimum base CRL Number that can be used with a delta CRL. |
| X509_DSS_SIGNATURE | The bytes are ordered as output by the DSS CSP's CryptSignHash where the lower 20 bytes are the R value, and the higher 20 bytes are the S value. The R and S values are treated as unsigned integers and encoded as a sequence of them. |
| X509_ECC_SIGNATURE | Uses the same encode and decode function as X509_DH_PARAMETERS. The CERT_ECC_SIGNATURE structure is identical to the CERT_DH_PARAMETERS structure except for the names of the fields. |
| X509_ENUMERATED | Used when encoding any arbitrary enumeration such as the X509_CRL_REASON_CODE. |
| szOID_FRESHEST_CRL | Used with base CRLs only. This is formatted identically to a CDP extension holding URLs to fetch the delta CRL. |
| X509_ISSUING_DIST_POINTszOID_ISSUING_DIST_POINT |
For CRYPT_E_INVALID_IA5_STRING, the error location is returned in *pcbEncoded by CryptEncodeObject(X509_ISSUING_DIST_POINT) Error location consists of:
|
| X509_KEY_USAGEszOID_KEY_USAGE |
The bit definitions used for the IntendedKeyUsage member of the CERT_KEY_ATTRIBUTES_INFO structure are used. |
| X509_KEYGEN_REQUEST_TO_BE_SIGNED | For the decode functions, the pbEncoded member is the output of one of the encode functions using the X509_CERT lpszStructType. This output includes the "to be signed" data plus its signature. For the encode functions, the pbEncoded member is the "to be signed" data only. |
| X509_MULTI_BYTE_UINT | Before encoding, a leading 0x00 is inserted. After decoding, the leading 0x00 is removed. |
| X509_NAME | Used to decode/encode the Issuer and Subject members in a CERT_INFO structure. |
| X509_NAME_CONSTRAINTSszOID_NAME_CONSTRAINTS |
For CRYPT_E_INVALID_IA5_STRING, the error location is returned in *pcbEncoded by CryptEncodeObject(X509_NAME_CONSTRAINTS) Error location consists of:
|
| X509_UNICODE_ANY_STRING X509_UNICODE_NAME_VALUE |
For the encode functions, the pbData member of the structure pointed to points to the Unicode string. If the cbData member is zero, the Unicode string has a terminating null character; otherwise, cbData is the Unicode string byte count. The byte count is twice the character count. If the Unicode string contains a character that is not valid for the specified dwValueType, *pcbEncoded is updated with the Unicode character index of the first character that is not valid. GetLastError returns: CRYPT_E_INVALID_NUMERIC_STRING CRYPT_E_INVALID_PRINTABLE_STRING CRYPT_E_INVALID_IA5_STRING The Unicode string is converted before being encoded according to the specified dwValueType. If dwValueType is set to 0, GetLastError returns E_INVALIDARG. If the dwValueType does not indicate a character string, CryptEncodeObject returns FALSE with GetLastError returning CRYPT_E_NOT_CHAR_STRING. For the decode functions, the pbData member points to a null-terminated Unicode string and the cbData member contains the byte count of the Unicode string excluding the terminating null character. dwValueType contains the type used to encoded the object. It is not forced to CERT_RDN_UNICODE_STRING. The encoded value is converted to the Unicode string according to the dwValueType. If the encoded object is not one of the character string types, the decode function returns FALSE with GetLastError returning CRYPT_E_NOT_CHAR_STRING. Decode noncharacter strings by using a lpszStructType of X509_ANY_STRING. |
| szOID_NEXT_UPDATE_LOCATION | Used with certificate trust lists (CTLs) to get the location for the most recent, time valid CTL. Commonly, the choice used in the CERT_ALT_NAME_INFO is a URL that indicates the location. |
| X509_OCTET_STRING | The structure contains a sequence of bytes. It is used with some encryption algorithms that require an initialization vector in the form of an octet string. |
| CNG_RSA_PUBLIC_KEY_BLOB | The corresponding pvStructInfo points to a BCRYPT_RSAKEY_BLOB immediately followed by the exponent and the modulus bytes. Both the exponent and modulus are in big-endian format. The private key fields consisting of cbPrime1 and cbPrime2 are set to zero. If the dwCertEncodingType parameter equals X509_ASN_ENCODING, then the CNG_RSA_PUBLIC_KEY_BLOB is encoded as a PKCS #1 RSA public key that consists of a sequence of a modulus and a publicExponent. |
| PKCS_RSA_SSA_PSS_PARAMETERSszOID_RSA_SSA_PSS |
For encoding, use the following defaults if the CRYPT_RSA_SSA_PSS_PARAMETERS structure fields are set to NULL or zero.
|
| PKCS_RSAES_OAEP_PARAMETERSszOID_RSAES_OAEP |
For encoding, use the following defaults if the CRYPT_RSAES_OAEP_PARAMETERS structure fields are set to NULL or zero.
|
| X509_SEQUENCE_OF_ANY | The CRYPT_DER_BLOBs point to the already encoded ANY content. |
| PKCS_SMIME_CAPABILITIESszOID_RSA_SMIMECapabilities |
These lpszStructType values work differently for encode functions. Because of the Secure/Multipurpose Internet Mail Extensions (S/MIME) specifications, if the Parameters.cbData is zero, the encoded parameters are omitted and not encoded as a NULL (05 00). |
| szOID_SUBJECT_KEY_IDENTIFIER | The CRYPT_INTEGER_BLOB structure contains an octet string, an arbitrary sequence of bytes. |
| X509_UNICODE_NAME | For decode functions, the relative distinguished name (RDN) attribute values are Unicode strings except for the dwValueTypes of CERT_RDN_ENCODED_BLOB or CERT_RDN_OCTET_STRING. These dwValueTypes are the same as for an X509_NAME. These values are not converted to Unicode. The RDN attribute value's pbData member points to a null-terminated Unicode string. The RDN attribute value's cbData member contains the byte count of the Unicode string excluding the terminating null character. The RDN attribute value's dwValueType member contains the type used in the encoded object. It is not forced to CERT_RDN_UNICODE_STRING. The encoded value is converted to the Unicode string according to the dwValueType. For the encode functions, the RDN attribute values are Unicode strings except for the dwValueTypes of CERT_RDN_ENCODED_BLOB or CERT_RDN_OCTET_STRING. These dwValueTypes are the same as for a X509_NAME. These values are not expected to be Unicode. For the remaining string dwValueTypes, the relative distinguished name (RDN) attribute value's pbData member points to the Unicode string. If the RDN attribute value's cbData member is zero, the Unicode string has a terminating null character. Otherwise, the RDN attribute value's cbData member is the Unicode string byte count. The byte count is twice the character count, and it excludes the terminating null character. If the RDN attribute value's dwValueType member is CERT_RDN_ANY_TYPE, the pszObjId is used to find an acceptable dwValueType. If the Unicode string contains a character that is not valid for the found or specified dwValueType, *pcbEncoded is updated with the error location of the character that is not valid. For a character that is not valid, GetLastError returns: CRYPT_E_INVALID_NUMERIC_STRING CRYPT_E_INVALID_PRINTABLE_STRING CRYPT_E_INVALID_IA5_STRING The Unicode string is converted before being encoded according to the specified dwValueType or the object identifier's dwValueType. The encode functions error location indices are returned in *pcbEncoded as follows: The VALUE_INDEX of the error is located in bits 0 through 15. The ATTR_INDEX of the error is located in bits 16 through 21. The RDN_INDEX of the error is located in bits 22 through 31. Bit 0 is the least significant bit of the DWORD. The GET_CERT_UNICODE_RDN_ERR_INDEX(X), GET_CERT_UNICODE_ATTR_ERR_INDEX(X), and GET_CERT_UNICODE_VALUE_ERR_INDEX(X) defined macros provide easy reading of the bitmapped fields for VALUE_INDEX, ATTR_INDEX, and RDN_INDEX from the DWORD that contains them. |
| PKCS_UTC_TIMEszOID_RSA_signingTime |
For X509_ASN_ENCODING, UTC time encoded precise to seconds and using a two-digit year. |
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client |
Windows XP [desktop apps | UWP apps] |
| Minimum supported server |
Windows Server 2003 [desktop apps | UWP apps] |
| Header |
|
See also