Encoding and Decoding a Certificate Context

CryptoAPI supports the encoding and decoding of certificates. CryptoAPI includes an extensive, flexible system of functions and C structures that allow encoding and decoding in various ways. CryptoAPI supports standard X.509 certificate structure and standard ASN.1 encoding to provide interoperability with other systems.

Certificate Contexts

A certificate context, CERT_CONTEXT, is a C structure that contains an encoded member, a handle to a certificate store, a pointer to the original encoded certificate BLOB, and a pointer to a CERT_INFO C structure.

The CERT_INFO structure is the heart of the certificate. It contains, in direct form and in encoded form, all the basic information in the certificate.

The IssuerUniqueID and SubjectUniqueID members are part of the X.509 version 2 certificate implementation but are seldom used. Certificate extensions in version 3 replace the functionality of these members.

If the information contained in the encoded (shaded) members Issuer and Subject is needed, those members must be decoded. Use CryptDecodeObjectEx to decode these members. The following illustration shows the process of decoding one of these members.

In the illustrated case, the CryptDecodeObject function creates a CERT_NAME_INFO structure, an array of CERT_RDN structures, a corresponding array of CERT_RDN_ATTR structures, and a string containing the name. Members of the CERT_RDN_ATTR structure determine the contents of the string. For example, if the pszObjId member is 2.5.4.3, the string contains a common name. If it is 2.5.4.10, the string would contain an organization name. For a list of these ObjIds, see CERT_RDN_ATTR.

The dwValueType member contains information about the type of string. If it is CERT_RDN_PRINTABLE_STRING, the value member contains a byte-width, zero-terminated character string. If it is CERT_RDN_UNICODE_STRING, the string is a double-width (word-sized) character string.

See Also

Cryptography | Certificates | Enrolling for a Certificate

 Last updated on Thursday, April 08, 2004

© 1992-2003 Microsoft Corporation. All rights reserved.