CryptSignAndEncodeCertificate

The CryptSignAndEncodeCertificate function signs and encodes a certificate, certificate request list (CRL), or certificate request. This function performs the following operations:

1. Calls CryptEncodeObject using lpszStructType to encode the "to be signed" information.
2. Calls CryptSignCertificate to sign this encoded information.
3. Calls CryptEncodeObject again, with lpszStructType set to X509_CERT, to further encode the resulting signed, encoded information.

#include <wincrypt.h>
BOOL WINAPI CryptSignAndEncodeCertificate(
  HCRYPTPROV hCryptProv,                            // in
  DWORD dwKeySpec,                                  // in
  DWORD dwCertEncodingType,                         // in
  LPCSTR lpszStructType,                            // in
  void *pvStructInfo,                               // in
  PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm,  // in
  void *pvHashAuxInfo,                              // in/optional
  PBYTE pbEncoded,                                  // out
  DWORD *pcbEncoded                                 // in, out
);
 

Parameters

hCryptProv

Specifies the Cryptographic Service Provider to use to do the signature.

dwKeySpec

Identifies the private key to use from the provider's container. For example, AT_KEYEXCHANGE or AT_SIGNATURE.

dwCertEncodingType

The type of encoding used on the certificate. Currently defined certificate encoding types are shown in the following table:

Encoding type	Value
X509_ASN_ENCODING	0x00000001

lpszStructType

For a list of possible types, see the beginning of CryptEncodeObject/CryptDecodeObject Functions.

The most commonly used values for this type follow:

X509_CERT_TO_BE_SIGNED
X509_CERT_CRL_TO_BE_SIGNED
X509_CERT_REQUEST_TO_BE_SIGNED

pvStructInfo

The most commonly used structures follow:

CERT_INFO
CRL_INFO
CERT_REQUEST_INFO

pSignatureAlgorithm

Should be one of the following:

szOID_OIWSEC_sha1RSASign
szOID_RSA_MD5RSA

pvHashAuxInfo

Not currently used. Must be NULL.

pbEncoded

Pointer to a buffer that receives the signed and encoded output.

This parameter can be NULL to set the size of this information for memory allocation purposes. For more information, see Common In/Out Parameter Conventions.

pcbEncoded

Pointer to a DWORD that contains the size, in bytes, of the buffer pointed to by the pbEncoded parameter. When the function returns, the variable pointed to by the pcbEncoded parameter contains the number of bytes stored in the buffer. This parameter can be NULL only if pbEncoded is NULL.

Note  When processing the data returned in the buffer, applications need to use the actual size of the data returned. The actual size may be slightly smaller than the size of the buffer specified on input. (On input, buffer sizes are usually specified large enough to insure that the largest possible output data will fit in the buffer.) On output, the variable pointed to by this parameter is updated to reflect the actual size of the data copied to the buffer.

Return Values

TRUE if the function succeeded, FALSE if the function failed.

Call GetLastError to see the reason for any failures. Note that errors from the called functions CryptCreateHash, CryptSignHash and CryptHashData may be propagated to this function. This function has the following error codes.

Example

See Certificate Request Example Code.

QuickInfo

  Windows NT: Requires version 4.0 SP3 or later. Available also in IE 3.02 and later.
  Windows: Requires Windows 98 (or Windows 95 with IE 3.02 or later).
  Windows CE: Unsupported.
  Header: Declared in wincrypt.h.
  Import Library: Use crypt32.lib.

See Also

CryptSignCertificate