A certificate context, CERT_CONTEXT, is a C structure that contains an encoded member, a handle to a certificate store, a pointer to the original encoded certificate BLOB, and a pointer to a CERT_INFOC structure.

The IssuerUniqueIDand SubjectUniqueIDmembers are part of the X.509 version 2 certificate implementation but are seldom used. Certificate extensions in version 3 replace the functionality of these members.

If the information contained in the encoded (shaded) members Issuerand Subjectis needed, those members must be decoded. Use CryptDecodeObjectExto decode these members. The following illustration shows the process of decoding one of these members.

In the illustrated case, the CryptDecodeObjectfunction creates a CERT_NAME_INFOstructure, an array of CERT_RDNstructures, a corresponding array of CERT_RDN_ATTRstructures, and a string containing the name. Members of the CERT_RDN_ATTRstructure determine the contents of the string. For example, if the pszObjIdmember is 2.5.4.3, the string contains a common name. If it is 2.5.4.10, the string would contain an organization name. For a list of these ObjIds, see CERT_RDN_ATTR.

The dwValueTypemember contains information about the type of string. If it is CERT_RDN_PRINTABLE_STRING, the value member contains a byte-width, zero-terminated character string. If it is CERT_RDN_UNICODE_STRING, the string is a double-width (word-sized) character string.