CertSetCRLContextProperty function (wincrypt.h)

  • Article

The CertSetCRLContextProperty function sets an extended property for the specified certificate revocation list (CRL) context.

Syntax

BOOL CertSetCRLContextProperty(
  [in] PCCRL_CONTEXT pCrlContext,
  [in] DWORD         dwPropId,
  [in] DWORD         dwFlags,
  [in] const void    *pvData
);

Parameters

[in] pCrlContext

A pointer to the CRL_CONTEXT structure.

[in] dwPropId

Identifies the property to be set. The value of dwPropId determines the type and content of the pvData parameter. Currently defined identifiers and the data type to be returned in pvData are listed in the following table.

Usually, only the following properties are set:

  • CERT_HASH_PROP_ID
  • CERT_SHA1_HASH_PROP_ID
  • CERT_MD5_HASH_PROP_ID
  • CERT_SIGNATURE_HASH_PROP_ID
Value Meaning
CERT_ACCESS_STATE_PROP_ID
 Data type for pvData: pointer to a DWORD

Sets a DWORD value indicating whether write operations to the certificate are persisted. The DWORD value is not set if the certificate is in a memory store or in a registry-based store that is opened as read-only.
CERT_ARCHIVED_PROP_ID
 Data type for pvData: NULL

Indicates the certificate is skipped during enumerations. A certificate with this property set is found with explicit search operations, such as those used to find a certificate with a specific hash or a serial number. No data in pvData is associated with this property.
CERT_AUTO_ENROLL_PROP_ID
 Data type for pvData: pointer to a BYTE array

Sets a null-terminated Unicode string naming the certificate type for which the certificate has been auto enrolled.
CERT_CTL_USAGE_PROP_ID
 Data type for pvData: pointer to a BYTE array

Sets an array of bytes containing an Abstract Syntax Notation One (ASN.1) encoded CTL_USAGE structure.
CERT_DESCRIPTION_PROP_ID
 Data type for pvData: pointer to a BYTE array

Sets the property displayed by the certificate UI. This property allows the user to describe the certificate's use.
CERT_ENHKEY_USAGE_PROP_ID
 Data type for pvData:

Sets an array of bytes containing an ASN.1 encoded CERT_ENHKEY_USAGE structure.
CERT_FRIENDLY_NAME_PROP_ID
 Data type for pvData: pointer to a BYTE array

Sets a null-terminated Unicode character string that contains the display name for the CRL.
CERT_ISSUER_CHAIN_PUB_KEY_CNG_ALG_BIT_LENGTH_PROP_ID
 Data type for pvData: Pointer to a CRYPT_DATA_BLOB structure.

Sets a string containing a set of L"<PUBKEY>/<BITLENGTH>" public key algorithm and bit length pairs. The semicolon, L";", is used as the delimiter.

The <PUBKEY> value identifies the CNG public key algorithm. The following algorithms are supported:

  • L"RSA" (BCRYPT_RSA_ALGORITHM)
  • L"DSA" (BCRYPT_DSA_ALGORITHM)
  • L"ECDSA" (SSL_ECDSA_ALGORITHM)
A <PUBKEY>/<BITLENGTH> pair is set for each certificate in the CRL issuer chain excluding the leaf. This property can be set when an OCSP response with an independent signer chain is converted to a CRL.
Note  This property should not be set for a delegated OCSP signer certificate. A delegated signer certificate is signed with the same key used to sign the subject certificate and is checked there.
 
The following is an example:

: L"RSA/2048;RSA/4096"
CERT_ISSUER_CHAIN_SIGN_HASH_CNG_ALG_PROP_ID
 Data type for pvData: Pointer to a CRYPT_DATA_BLOB structure.

Sets a string that contains a set of L"<SIGNATURE>/<HASH>" algorithm pairs. The semicolon, L";", is used as the delimiter between pairs.

This property is set only when an OCSP response is converted to a CRL. For a delegated OCSP signer certificate, only the algorithm pair for the signer certificate is returned. For an independent OCSP signer certificate chain, an algorithm pair is returned for each certificate in the chain excluding the root.

The <SIGNATURE> value identifies the CNG public key algorithm. The following algorithms are supported:

  • L"RSA" (BCRYPT_RSA_ALGORITHM)
  • L"DSA" (BCRYPT_DSA_ALGORITHM)
  • L"ECDSA" (SSL_ECDSA_ALGORITHM)
The <HASH> value identifies the CNG hash algorithm. The following algorithms are supported:
  • L"MD5" (BCRYPT_MD5_ALGORITHM)
  • L"SHA1" (BCRYPT_SHA1_ALGORITHM)
  • L"SHA256" (BCRYPT_SHA256_ALGORITHM)
  • L"SHA384" (BCRYPT_SHA384_ALGORITHM)
  • L"SHA512" (BCRYPT_SHA512_ALGORITHM)
The following is an example:
  • L"RSA/SHA256;RSA/SHA256"
This property is explicitly set by the verify revocation functions.
CERT_ISSUER_PUB_KEY_BIT_LENGTH_PROP_ID
 Data type for pvData: Pointer to a CRYPT_DATA_BLOB structure.

Sets the length, in bits, of the public key in the CRL issuer certificate. This property is also applicable to an OCSP that has been converted to a CRL.

This property is explicitly set by the verify revocation functions.

Windows 8 and Windows Server 2012:  Support for this property begins.
CERT_KEY_CONTEXT_PROP_ID
 Data type for pvData: pointer to a CERT_KEY_CONTEXT

Sets a CERT_KEY_CONTEXT structure.
CERT_KEY_IDENTIFIER_PROP_ID
 Data type for pvData: pointer to a BYTE array
CERT_KEY_PROV_HANDLE_PROP_ID
 Data type for pvData: pointer to an HCRYPTPROV

Sets the provider handle obtained from the CERT_KEY_CONTEXT_PROP_ID.
CERT_KEY_PROV_INFO_PROP_ID
 Data type for pvData: pointer to a CRYPT_KEY_PROV_INFO

Sets a pointer to a CRYPT_KEY_PROV_INFO structure.
CERT_KEY_SPEC_PROP_ID
 Data type for pvData: pointer to a DWORD

Sets a DWORD value specifying the private key obtained from CERT_KEY_CONTEXT_PROP_ID property if it exists. Otherwise, if CERT_KEY_PROV_INFO_PROP_ID exists, it is the source of the dwKeySpec.
CERT_MD5_HASH_PROP_ID
 Data type for pvData: pointer to a BYTE array

Sets the MD5 hash. You can compute the hash by using the CryptHashCertificate function.
CERT_NEXT_UPDATE_LOCATION_PROP_ID
 Data type for pvData: pointer to a BYTE array

Sets the ASN.1 encoded CERT_ALT_NAME_INFO structure on a CTL.
CERT_PVK_FILE_PROP_ID
 Data type for pvData: pointer to a BYTE array

Sets a null-terminated Unicode, wide character string specifying the name of the file that contains the private key associated with the certificate's public key.
CERT_SHA1_HASH_PROP_ID
 Data type for pvData: pointer to a BYTE array

Sets the SHA1 hash. You can compute the hash by using CryptHashCertificate.
CERT_SIGN_HASH_CNG_ALG_PROP_ID
 Data type of pvData: Pointer to a CRYPT_DATA_BLOB structure.

Sets the L”<SIGNATURE>/<HASH>” string representing the certificate signature. The <SIGNATURE> value identifies the CNG public key algorithm. The following algorithms are supported:

  • L"RSA" (BCRYPT_RSA_ALGORITHM)
  • L"DSA" (BCRYPT_DSA_ALGORITHM)
  • L"ECDSA" (SSL_ECDSA_ALGORITHM)
The <HASH> value identifies the CNG hash algorithm. The following algorithms are supported:
  • L"MD5" (BCRYPT_MD5_ALGORITHM)
  • L"SHA1" (BCRYPT_SHA1_ALGORITHM)
  • L"SHA256" (BCRYPT_SHA256_ALGORITHM)
  • L"SHA384" (BCRYPT_SHA384_ALGORITHM)
  • L"SHA512" (BCRYPT_SHA512_ALGORITHM)
The following are common examples:
  • L”RSA/SHA1”
  • L”RSA/SHA256”
  • L”ECDSA/SHA256”
This property is also applicable to an OCSP response that has been converted to a CRL.

This property is explicitly set by the verify revocation functions.

Windows 8 and Windows Server 2012:  Support for this property begins.
CERT_SIGNATURE_HASH_PROP_ID
 Data type for pvData: pointer to a BYTE array

Sets the signature hash. If the hash does not exist, it is computed with CryptHashToBeSigned. The length of the hash is 20 bytes for SHA and 16 for MD5.
 

The user can define additional dwPropId types by using DWORD values from CERT_FIRST_USER_PROP_ID to CERT_LAST_USER_PROP_ID. For all user-defined dwPropId types, pvData points to an encoded CRYPT_DATA_BLOB.

For all the other property identifiers, pvData points to an encoded CRYPT_DATA_BLOB structure.

[in] dwFlags

CERT_STORE_NO_CRYPT_RELEASE_FLAG can be set for the CERT_KEY_PROV_HANDLE_PROP_ID or CERT_KEY_CONTEXT_PROP_ID dwPropId properties.

If the CERT_SET_PROPERTY_IGNORE_PERSIST_ERROR_FLAG value is set, any provider-write errors are ignored and the cached context's properties are always set.

If the CERT_SET_PROPERTY_INHIBIT_PERSIST_FLAG is set, any property set is not persisted.

[in] pvData

A pointer to a data type that is determined by the value passed in dwPropId.

Note  For any dwPropId, setting pvData to NULL deletes the property.
 

Return value

If the function succeeds, the return value is TRUE.

If the function fails, the return value is FALSE. For extended error information, call GetLastError. One possible error code is the following.

Return code Description
E_INVALIDARG
 The property is not valid. The identifier specified was greater than 0x0000FFFF, or, for the CERT_KEY_CONTEXT_PROP_ID property, a cbSize member that is not valid was specified in the CERT_KEY_CONTEXT structure.

Remarks

If a property already exists, its old value is replaced.

Examples

For an example that uses this function, see Example C Program: Getting and Setting Certificate Properties.

Requirements

Requirement Value
Minimum supported client Windows XP [desktop apps | UWP apps]
Minimum supported server Windows Server 2003 [desktop apps | UWP apps]
Target Platform Windows
Header wincrypt.h
Library Crypt32.lib
DLL Crypt32.dll

See also

CERT_ALT_NAME_INFO

CERT_CONTEXT

CERT_ENHKEY_USAGE

CERT_KEY_CONTEXT

CRL_CONTEXT

CRYPT_DATA_BLOB

CRYPT_HASH_BLOB

CRYPT_KEY_PROV_INFO

CTL_USAGE

CertGetCRLContextProperty

CertSetCertificateContextProperty

CryptEncodeObject

CryptHashToBeSigned

Extended Property Functions