Important:
This is retired content. This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

A version of this page is also available for

4/8/2010

This function encodes and signs a certificate or certificate request. This function performs the following operations:

Calls the CryptEncodeObjectfunction using the lpszStructTypeparameter to encode the to be signed information.
Calls the CryptSignCertificatefunction to sign this encoded information.
Calls the CryptEncodeObjectfunction again, with the lpszStructTypeparameter set to X509_CERT, to further encode the resulting signed, encoded information.

Syntax


BOOL WINAPI CryptSignAndEncodeCertificate( HCRYPTPROV hCryptProv, DWORD dwKeySpec, DWORD dwCertEncodingType, LPCSTR lpszStructType, const void* pvStructInfo, PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, const void* pvHashAuxInfo, PBYTE pbEncoded, DWORD* pcbEncoded );

BOOL WINAPI CryptSignAndEncodeCertificate(
  HCRYPTPROV 
hCryptProv,
  DWORD 
dwKeySpec,
  DWORD 
dwCertEncodingType,
  LPCSTR 
lpszStructType,
  const void* 
pvStructInfo,
  PCRYPT_ALGORITHM_IDENTIFIER 
pSignatureAlgorithm,
  const void* 
pvHashAuxInfo,
  PBYTE 
pbEncoded,
  DWORD* 
pcbEncoded
);

Parameters

hCryptProv: [in] Handle to the CSP to do the signature. This handle must have already been created using the CryptAcquireContextfunction.

dwKeySpec: [in] Specifies the private key to use from the provider's container. The value can be AT_KEYEXCHANGE or AT_SIGNATURE.

dwCertEncodingType: [in] Specifies the encoding type used. Currently, only X509_ASN_ENCODING is used; however, additional encoding types may be added in the future.

lpszStructType

[in] Long pointer to one of the following predefined string constants used with encode operations:

X509_CERT_CRL_TO_BE_SIGNED

X509_CERT_REQUEST_TO_BE_SIGNED

X509_CERT_TO_BE_SIGNED

X509_KEYGEN_REQUEST_TO_BE_SIGNED

pvStructInfo

[in] Pointer to the structure to be signed and encoded. The following structures are the most commonly used structures:

CERT_INFO

CERT_REQUEST_INFO

CERT_KEYGEN_REQUEST_INFO

pSignatureAlgorithm

[in] Pointer to a CRYPT_ALGORITHM_IDENTIFIERstructure containing the OID of the signature algorithm and any additional parameters needed. The CryptSignAndEncodeCertificatefunction uses the following algorithm OIDs:

szOID_RSA_MD5RSA

szOID_RSA_SHA1RSA

szOID_X957_SHA1DSA

pvHashAuxInfo: [in] Reserved. Must be NULL.

pbEncoded

[out] Pointer to a buffer to receive the signed and encoded output.

This parameter can be NULL to set the size of this information for memory allocation purposes.

pcbEncoded

[in, out] On input, pointer to a DWORDthat contains the size, in bytes, of the buffer pointed to by the pbEncodedparameter. On output, the DWORDcontains the number of bytes stored or to be stored in the buffer.

When processing the data returned in the buffer, applications need to use the actual size of the data returned. The actual size can be slightly smaller than the size of the buffer specified on input. On input, buffer sizes are usually specified large enough to ensure that the largest possible output data will fit in the buffer. On output, the variable pointed to by this parameter is updated to reflect the actual size of the data copied to the buffer.

Return Value

If the function succeeds, the return value is nonzero, or TRUE.

If the function fails, the return value is zero, or FALSE.

For extended error information, call the GetLastErrorfunction.

Errors from the called CryptCreateHash, CryptSignHash, and CryptHashDatafunctions might be propagated to this function.

The following table shows the error codes for this function.

Error code	Description
ERROR_MORE_DATA	If the buffer specified by the pbEncodedparameter is not large enough to hold the returned data, the function sets the ERROR_MORE_DATA code and stores the required buffer size, in bytes, into the variable pointed to by the pcbEncodedparameter.
ERROR_FILE_NOT_FOUND	Invalid certificate encoding type. Currently only X509_ASN_ENCODING is supported.
NTE_BAD_ALGID	The signature algorithm's object Identifier (OID) does not map to a known or supported hash algorithm.
CRYPT_E_BAD_ENCODE	An error was encountered while encoding or decoding. The most likely cause of this error is the improper initialization all of the fields in the structure pointed to by the pvStructInfoparameter.

Remarks

The desktop operating system supports the flag PKCS_7_ASN_ENCODING, but Windows Embedded CE does not and ignores the flag when it is specified.

Requirements

Header	wincrypt.h
Library	crypt32.lib
Windows Embedded CE	Windows CE 3.0 and later
Windows Mobile	Windows Mobile Version 5.0 and later

Syntax

Parameters

Return Value

Remarks

Requirements

See Also

Reference