The CryptoAPI supports the use of certificates, as defined in the ITU-T recommendation X.509 (also, ISO/IEC 9594-8). The following information is contained in a standard X.509 certificate.
| Field | Description |
|---|---|
| Version | Version number of the certificate. |
| Serial Number | Serial number of the certificate. |
| Algorithm Identifier | Signature algorithm used by the certificate signer. |
| Issuer Name | Name of the issuer of the certificate. |
| Validity: | The time period over which the certificate is valid: |
| Not Before (Date) | Not before date. |
| Not After (Date) | Not after date. |
| Subject Name | Name of the person or entity to whom the certificate is being issued. |
| Subject Public Key Info: | Information about the subject's public key: |
| Algorithm | The algorithm used for the public key. |
| Subject Public Key | The actual public key (a bit string). |
| Optional Fields: | Optional fields: |
| Issuer Unique ID | If present, version must be version 2. |
| Subject Unique ID | If present, version must be version 2. |
| Extensions | Optional field. Represents additional data that an issuer may want to add to a certificate; such as, e-mail address or authorization to issue certificates. If present, version must be version 3. |
The CryptoAPI provides functions with which you can extract the desired information contained in a certificate. For the syntax of these functions see Certificate Store Functions and Certificate Helper Functions.
Over a period of time, it is not unusual for certificates to accumulate on a user's computer. It is imperative that the user have the necessary tools to manage these certificates. The CryptoAPI provides those tools in the form of API functions that allow you to store, retrieve, delete, list (enumerate), and verify certificates. It also provides the means to attach certificates to messages that are being sent.