The encoding process involves encoding nested C structures. First, the lowest level structure must be encoded. This is depicted as Structure 3 in the following illustration. To do this, the CryptEncodeObject function can be called with Structure 3 as its input, and its output will be a blob with the input information encoded and provided as a member of Structure 2. This process is repeated until the final encoded certificate (blob) is output from the function call.
The decoding process is just the opposite of the encoding process and involves taking an encoded certificate, usually in the form of a blob of bits, and decoding it into various predefined C structures. The following illustration depicts the decoding process.
The process starts with the encoded certificate, an encoded blob (it also has a C structure encoded with it, which for the sake of clarity, is not shown here). When the CryptDecodeObject function is run on this blob, the output from it is a C structure that has both usable (nonencoded) members, and encoded members that need further decoding. This is depicted as C structure 1 in the following illustration. If structure 1 is used as the input to the CryptDecodeObject function, the encoded members are decoded and output as structure 2. This will most likely still have encoded members, and the process must be run another time or two until all the members have been fully decoded (depicted as structure 3).
