diff --git a/PInvoke/Cryptography/Crypt32/Wincrypt.cs b/PInvoke/Cryptography/Crypt32/Wincrypt.cs
index cf4db8dc..6d40b264 100644
--- a/PInvoke/Cryptography/Crypt32/Wincrypt.cs
+++ b/PInvoke/Cryptography/Crypt32/Wincrypt.cs
@@ -1276,6 +1276,145 @@ namespace Vanara.PInvoke
 			public IntPtr rgRDNAttr;
 		}
 
+		/// <summary>
+		/// Contains parameters used to check for strong signatures on certificates, certificate revocation lists (CRLs), online certificate
+		/// status protocol (OCSP) responses, and PKCS #7 messages.
+		/// </summary>
+		/// <remarks>
+		/// <para>The parameters needed to check for a strong signature include the following:</para>
+		/// <list type="bullet">
+		/// <item>
+		/// <term>Name of the public (asymmetric) algorithm</term>
+		/// </item>
+		/// <item>
+		/// <term>Size, in bits, of the public key</term>
+		/// </item>
+		/// <item>
+		/// <term>Name of the signature algorithm</term>
+		/// </item>
+		/// <item>
+		/// <term>Name of the hashing algorithm</term>
+		/// </item>
+		/// </list>
+		/// <para>
+		/// The value you specify for the <c>dwInfoChoice</c> member of this structure chooses whether the parameters are transmitted as
+		/// serialized strings or are predefined by using an object identifier.
+		/// </para>
+		/// <para>The <c>CERT_STRONG_SIGN_PARA</c> structure is directly referenced by the following functions:</para>
+		/// <list type="bullet">
+		/// <item>
+		/// <term>CertIsStrongHashToSign</term>
+		/// </item>
+		/// <item>
+		/// <term>CryptMsgControl</term>
+		/// </item>
+		/// <item>
+		/// <term>CryptMsgVerifyCountersignatureEncodedEx</term>
+		/// </item>
+		/// </list>
+		/// <para>
+		/// The <c>CERT_STRONG_SIGN_PARA</c> structure is also directly referenced by the CRYPT_VERIFY_MESSAGE_PARA structure and is
+		/// therefore available for use by the following functions:
+		/// </para>
+		/// <list type="bullet">
+		/// <item>
+		/// <term>CryptDecodeMessage</term>
+		/// </item>
+		/// <item>
+		/// <term>CryptDecryptAndVerifyMessageSignature</term>
+		/// </item>
+		/// <item>
+		/// <term>CryptVerifyDetachedMessageSignature</term>
+		/// </item>
+		/// <item>
+		/// <term>CryptVerifyMessageSignature</term>
+		/// </item>
+		/// </list>
+		/// <para>
+		/// Finally, the <c>CERT_STRONG_SIGN_PARA</c> structure is directly referenced by the CERT_CHAIN_PARA structure and is therefore
+		/// available for use by the following functions:
+		/// </para>
+		/// <list type="bullet">
+		/// <item>
+		/// <term>CertGetCertificateChain</term>
+		/// </item>
+		/// <item>
+		/// <term>CertSelectCertificateChains</term>
+		/// </item>
+		/// </list>
+		/// </remarks>
+		// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-cert_strong_sign_para typedef struct
+		// _CERT_STRONG_SIGN_PARA { DWORD cbSize; DWORD dwInfoChoice; union { void *pvInfo; PCERT_STRONG_SIGN_SERIALIZED_INFO
+		// pSerializedInfo; LPSTR pszOID; } DUMMYUNIONNAME; } CERT_STRONG_SIGN_PARA, *PCERT_STRONG_SIGN_PARA;
+		[PInvokeData("wincrypt.h", MSDNShortId = "12D9F82C-F484-43B0-BD55-F07321058671")]
+		[StructLayout(LayoutKind.Explicit, CharSet = CharSet.Ansi)]
+		public struct CERT_STRONG_SIGN_PARA
+		{
+			/// <summary>Size, in bytes, of this structure.</summary>
+			[FieldOffset(0)]
+			public uint cbSize;
+
+			/// <summary>
+			/// <para>Indicates which nested union member points to the strong signature information. This can be one of the following values:</para>
+			/// <list type="table">
+			/// <listheader>
+			/// <term>Value</term>
+			/// <term>Description</term>
+			/// </listheader>
+			/// <item>
+			/// <term>CERT_STRONG_SIGN_SERIALIZED_INFO_CHOICE</term>
+			/// <term>Specifies the pSerializedInfo member.</term>
+			/// </item>
+			/// <item>
+			/// <term>CERT_STRONG_SIGN_OID_INFO_CHOICE</term>
+			/// <term>Specifies the pszOID member.</term>
+			/// </item>
+			/// </list>
+			/// </summary>
+			[FieldOffset(4)]
+			public uint dwInfoChoice;
+
+			/// <summary>Reserved.</summary>
+			[FieldOffset(8)]
+			public IntPtr pvInfo;
+
+			/// <summary>Pointer to a CERT_STRONG_SIGN_SERIALIZED_INFO structure that specifies the parameters.</summary>
+			[FieldOffset(8)]
+			public IntPtr pSerializedInfo;
+
+			/// <summary>
+			/// <para>
+			/// Pointer to a string that contains an object identifier (OID) that represents predefined parameters that can be used for
+			/// strong signature checking. This can be one of the following values:
+			/// </para>
+			/// <list type="table">
+			/// <listheader>
+			/// <term>Value</term>
+			/// <term>Meaning</term>
+			/// </listheader>
+			/// <item>
+			/// <term>szOID_CERT_STRONG_SIGN_OS_1 "1.3.6.1.4.1.311.72.1.1"</term>
+			/// <term>
+			/// The SHA2 hash algorithm is supported. MD2, MD4, MD5, and SSHA1 are not supported. The signing and public key algorithms can
+			/// be RSA or ECDSA. The DSA algorithm is not supported. The key size for the RSA algorithm must equal or be greater than 2047
+			/// bits. The key size for the ECDSA algorithm must equal or be greater than 256 bits. Strong signing of CRLs and OCSP responses
+			/// are enabled.
+			/// </term>
+			/// </item>
+			/// <item>
+			/// <term>szOID_CERT_STRONG_KEY_OS_1 "1.3.6.1.4.1.311.72.2.1"</term>
+			/// <term>
+			/// SHA1 and SHA2 hashes are supported. MD2, MD4, and MD5 are not. The signing and public key algorithms can be RSA or ECDSA.
+			/// The DSA algorithm is not supported. The key size for the RSA algorithm must equal or be greater than 2047 bits. The key size
+			/// for the ECDSA algorithm must equal or be greater than 256 bits. Strong signing of CRLs and OCSP responses are enabled.
+			/// </term>
+			/// </item>
+			/// </list>
+			/// </summary>
+			[FieldOffset(8)]
+			public StrPtrAnsi pszOID;
+		}
+
 		/// <summary>
 		/// The <c>CERT_SYSTEM_STORE_INFO</c> structure contains information used by functions that work with system stores. Currently, no
 		/// essential information is contained in this structure.
diff --git a/PInvoke/WinTrust/MsCat.cs b/PInvoke/WinTrust/MsCat.cs
index 7382edd6..5dea6ee3 100644
--- a/PInvoke/WinTrust/MsCat.cs
+++ b/PInvoke/WinTrust/MsCat.cs
@@ -1,23 +1,1014 @@
 using System;
 using System.Runtime.InteropServices;
-using Vanara.Extensions;
-using Vanara.InteropServices;
 using static Vanara.PInvoke.Crypt32;
-using FILETIME = System.Runtime.InteropServices.ComTypes.FILETIME;
 
 namespace Vanara.PInvoke
 {
 	public static partial class WinTrust
 	{
+		/// <summary>
+		/// The <c>PFN_CDF_PARSE_ERROR_CALLBACK</c> function is called for Catalog Definition Function errors while parsing a catalog
+		/// definition file (CDF).
+		/// </summary>
+		/// <param name="dwErrorArea">A value that indicates in which area of the CDF the error occurred.</param>
+		/// <param name="dwLocalError">A value that indicates the type of error.</param>
+		/// <param name="pwszLine"/>
+		/// <returns>This callback function does not return a value.</returns>
+		/// <remarks>
+		/// <para>The dwErrorArea parameter can have the following possible values.</para>
+		/// <list type="table">
+		/// <listheader>
+		/// <term>Value</term>
+		/// <term>Description</term>
+		/// </listheader>
+		/// <item>
+		/// <term>CRYPTCAT_E_AREA_HEADER</term>
+		/// <term>The header section of the CDF</term>
+		/// </item>
+		/// <item>
+		/// <term>CRYPTCAT_E_AREA_MEMBER</term>
+		/// <term>A member file entry in the CatalogFiles section of the CDF</term>
+		/// </item>
+		/// <item>
+		/// <term>CRYPTCAT_E_AREA_ATTRIBUTE</term>
+		/// <term>An attribute entry in the CDF</term>
+		/// </item>
+		/// </list>
+		/// <para>The dwLocalError parameter can have the following possible values.</para>
+		/// <list type="table">
+		/// <listheader>
+		/// <term>Value</term>
+		/// <term>Description</term>
+		/// </listheader>
+		/// <item>
+		/// <term>CRYPTCAT_E_CDF_UNSUPPORTED</term>
+		/// <term>The function does not support the attribute.</term>
+		/// </item>
+		/// <item>
+		/// <term>CRYPTCAT_E_CDF_DUPLICATE</term>
+		/// <term>The file member already exists.</term>
+		/// </item>
+		/// <item>
+		/// <term>CRYPTCAT_E_CDF_TAGNOTFOUND</term>
+		/// <term>The CatalogHeader or Name tag is missing.</term>
+		/// </item>
+		/// <item>
+		/// <term>CRYPTCAT_E_CDF_MEMBER_FILE_PATH</term>
+		/// <term>The member file name or path is missing.</term>
+		/// </item>
+		/// <item>
+		/// <term>CRYPTCAT_E_CDF_MEMBER_INDIRECTDATA</term>
+		/// <term>The function failed to create a hash of the member subject.</term>
+		/// </item>
+		/// <item>
+		/// <term>CRYPTCAT_E_CDF_MEMBER_FILENOTFOUND</term>
+		/// <term>The function failed to find the member file.</term>
+		/// </item>
+		/// <item>
+		/// <term>CRYPTCAT_E_CDF_BAD_GUID_CONV</term>
+		/// <term>The function failed to convert the subject string to a GUID.</term>
+		/// </item>
+		/// <item>
+		/// <term>CRYPTCAT_E_CDF_ATTR_TOOFEWVALUES</term>
+		/// <term>
+		/// The attribute line is missing one or more elements of its composition including type, object identifier (OID) or name, or value.
+		/// </term>
+		/// </item>
+		/// <item>
+		/// <term>CRYPTCAT_E_CDF_ATTR_TYPECOMBO</term>
+		/// <term>The attribute contains an invalid OID, or the combination of type, name or OID, and value is not valid.</term>
+		/// </item>
+		/// </list>
+		/// </remarks>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mscat/nc-mscat-pfn_cdf_parse_error_callback PFN_CDF_PARSE_ERROR_CALLBACK
+		// PfnCdfParseErrorCallback; void PfnCdfParseErrorCallback( IN DWORD dwErrorArea, IN DWORD dwLocalError, IN WCHAR *pwszLine ) {...}
+		[PInvokeData("mscat.h", MSDNShortId = "94c12ad7-dcb0-4099-8eba-da38367f0d79")]
+		[UnmanagedFunctionPointer(CallingConvention.Winapi)]
+		public delegate void PfnCdfParseErrorCallback(CRYPTCAT_E dwErrorArea, CRYPTCAT_E dwLocalError, [In, MarshalAs(UnmanagedType.LPWStr)] string pwszLine);
+
+		/// <summary>CRYPTCATATTRIBUTE attributes and actions.</summary>
+		[PInvokeData("mscat.h", MSDNShortId = "41b91303-f3eb-4288-9ad2-98f170680988")]
+		[Flags]
+		public enum CRYPTCAT_ATTR : uint
+		{
+			/// <summary>The attribute is authenticated.</summary>
+			CRYPTCAT_ATTR_AUTHENTICATED = 0x10000000,
+
+			/// <summary>The attribute is unauthenticated.</summary>
+			CRYPTCAT_ATTR_UNAUTHENTICATED = 0x20000000,
+
+			/// <summary>The attribute is an ASCII string.</summary>
+			CRYPTCAT_ATTR_NAMEASCII = 0x00000001,
+
+			/// <summary>The attribute is a cryptographic object identifier (OID).</summary>
+			CRYPTCAT_ATTR_NAMEOBJID = 0x00000002,
+
+			/// <summary>The attribute contains simple ASCII characters that should not be decoded.</summary>
+			CRYPTCAT_ATTR_DATAASCII = 0x00010000,
+
+			/// <summary>The attribute is in base 64 format.</summary>
+			CRYPTCAT_ATTR_DATABASE64 = 0x00020000,
+
+			/// <summary>The attribute replaces the value for an existing attribute.</summary>
+			CRYPTCAT_ATTR_DATAREPLACE = 0x00040000,
+		}
+
+		/// <summary>Errors used by <see cref="PfnCdfParseErrorCallback"/>.</summary>
+		[PInvokeData("mscat.h", MSDNShortId = "94c12ad7-dcb0-4099-8eba-da38367f0d79")]
+		public enum CRYPTCAT_E
+		{
+			/// <summary>The header section of the CDF</summary>
+			CRYPTCAT_E_AREA_HEADER = 0x00000000,
+
+			/// <summary>A member file entry in the CatalogFiles section of the CDF</summary>
+			CRYPTCAT_E_AREA_MEMBER = 0x00010000,
+
+			/// <summary>An attribute entry in the CDF</summary>
+			CRYPTCAT_E_AREA_ATTRIBUTE = 0x00020000,
+
+			/// <summary>The function does not support the attribute.</summary>
+			CRYPTCAT_E_CDF_UNSUPPORTED = 0x00000001,
+
+			/// <summary>The file member already exists.</summary>
+			CRYPTCAT_E_CDF_DUPLICATE = 0x00000002,
+
+			/// <summary>The CatalogHeader or Name tag is missing.</summary>
+			CRYPTCAT_E_CDF_TAGNOTFOUND = 0x00000004,
+
+			/// <summary>The member file name or path is missing.</summary>
+			CRYPTCAT_E_CDF_MEMBER_FILE_PATH = 0x00010001,
+
+			/// <summary>The function failed to create a hash of the member subject.</summary>
+			CRYPTCAT_E_CDF_MEMBER_INDIRECTDATA = 0x00010002,
+
+			/// <summary>The function failed to find the member file.</summary>
+			CRYPTCAT_E_CDF_MEMBER_FILENOTFOUND = 0x00010004,
+
+			/// <summary>The function failed to convert the subject string to a GUID.</summary>
+			CRYPTCAT_E_CDF_BAD_GUID_CONV = 0x00020001,
+
+			/// <summary>
+			/// The attribute line is missing one or more elements of its composition including type, object identifier (OID) or name, or value.
+			/// </summary>
+			CRYPTCAT_E_CDF_ATTR_TOOFEWVALUES = 0x00020002,
+
+			/// <summary>The attribute contains an invalid OID, or the combination of type, name or OID, and value is not valid.</summary>
+			CRYPTCAT_E_CDF_ATTR_TYPECOMBO = 0x00020004,
+		}
+
+		/// <summary>Flags used by CRYPTCATSTORE.</summary>
+		[PInvokeData("mscat.h", MSDNShortId = "65a15797-453c-4f47-8ea1-c92e616b50aa")]
+		[Flags]
+		public enum CRYPTCAT_OPEN : uint
+		{
+			/// <summary>Exclude page hashes in SPC_INDIRECT_DATA.</summary>
+			CRYPTCAT_OPEN_EXCLUDE_PAGE_HASHES = 0x00010000,
+
+			/// <summary>For all flags with a value in the upper word, set or clear the flag.</summary>
+			CRYPTCAT_OPEN_FLAGS_MASK = 0xffff0000,
+
+			/// <summary>
+			/// Include page hashes in SPC_INDIRECT_DATA. The CRYPTCAT_OPEN_EXCLUDE_PAGE_HASHES flag takes precedence if it is also set.
+			/// </summary>
+			CRYPTCAT_OPEN_INCLUDE_PAGE_HASHES = 0x00020000,
+
+			/// <summary>Open the file for decoding without detached content.</summary>
+			CRYPTCAT_OPEN_NO_CONTENT_HCRYPTMSG = 0x20000000,
+
+			/// <summary>Open the catalog with the entries sorted alphabetically by subject.</summary>
+			CRYPTCAT_OPEN_SORTED = 0x40000000,
+
+			/// <summary>Verify the signature hash but not the certificate chain.</summary>
+			CRYPTCAT_OPEN_VERIFYSIGHASH = 0x10000000,
+		}
+
+		/// <summary>
+		/// <para>
+		/// [The <c>CryptCATAdminAcquireContext</c> function is available for use in the operating systems specified in the Requirements
+		/// section. It may be altered or unavailable in subsequent versions.]
+		/// </para>
+		/// <para>
+		/// The <c>CryptCATAdminAcquireContext</c> function acquires a handle to a catalog administrator context. This handle can be used by
+		/// subsequent calls to the CryptCATAdminAddCatalog, CryptCATAdminEnumCatalogFromHash, and CryptCATAdminRemoveCatalog functions.
+		/// This function has no associated import library. You must use the LoadLibrary and GetProcAddress functions to dynamically link to Wintrust.dll.
+		/// </para>
+		/// </summary>
+		/// <param name="phCatAdmin">
+		/// A pointer to the catalog administrator context handle that is assigned by this function. When you have finished using the
+		/// handle, close it by calling the CryptCATAdminReleaseContext function.
+		/// </param>
+		/// <param name="pgSubsystem">
+		/// A pointer to the GUID that identifies the subsystem. DRIVER_ACTION_VERIFY represents the subsystem for operating system
+		/// components and third party drivers. This is the subsystem used by most implementations.
+		/// </param>
+		/// <param name="dwFlags">Not used; set to zero.</param>
+		/// <returns>
+		/// <para>The return value is <c>TRUE</c> if the function succeeds; <c>FALSE</c> if the function fails.</para>
+		/// <para>
+		/// For extended error information, call the GetLastError function. For a complete list of error codes provided by the operating
+		/// system, see System Error Codes.
+		/// </para>
+		/// </returns>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mscat/nf-mscat-cryptcatadminacquirecontext BOOL CryptCATAdminAcquireContext(
+		// HCATADMIN *phCatAdmin, const GUID *pgSubsystem, DWORD dwFlags );
+		[DllImport(Lib.Wintrust, SetLastError = true, ExactSpelling = true)]
+		[PInvokeData("mscat.h", MSDNShortId = "693af055-fa93-4526-aa9c-3a659f8ff78f")]
+		[return: MarshalAs(UnmanagedType.Bool)]
+		public static extern bool CryptCATAdminAcquireContext(out SafeHCATADMIN phCatAdmin, in Guid pgSubsystem, uint dwFlags = 0);
+
+		/// <summary>
+		/// <para>
+		/// The <c>CryptCATAdminAcquireContext2</c> function acquires a handle to a catalog administrator context for a given hash algorithm
+		/// and hash policy.
+		/// </para>
+		/// <para>You can use this handle in subsequent calls to the following functions:</para>
+		/// <list type="bullet">
+		/// <item>
+		/// <term>CryptCATAdminAddCatalog</term>
+		/// </item>
+		/// <item>
+		/// <term>CryptCATAdminEnumCatalogFromHash</term>
+		/// </item>
+		/// <item>
+		/// <term>CryptCATAdminRemoveCatalog</term>
+		/// </item>
+		/// </list>
+		/// <para>
+		/// This function has no associated import library. You must use the LoadLibrary and GetProcAddress functions to dynamically link to Wintrust.dll.
+		/// </para>
+		/// </summary>
+		/// <param name="phCatAdmin">
+		/// A pointer to the catalog administrator context handle that is assigned by this function. When you have finished using the
+		/// handle, close it by calling the CryptCATAdminReleaseContext function.
+		/// </param>
+		/// <param name="pgSubsystem">
+		/// A pointer to the <c>GUID</c> that identifies the subsystem. DRIVER_ACTION_VERIFY represents the subsystem for operating system
+		/// components and third party drivers. This is the subsystem used by most implementations.
+		/// </param>
+		/// <param name="pwszHashAlgorithm">
+		/// Optional null-terminated Unicode string that specifies the name of the hash algorithm to use when calculating and verifying
+		/// hashes. This value can be <c>NULL</c>. If it is <c>NULL</c>, the default hashing algorithm may be chosen, depending on the value
+		/// you set for the pStrongHashPolicy parameter. The default algorithm in Windows 8 is SHA1. The default may change in future
+		/// Windows versions. For more information, see Remarks.
+		/// </param>
+		/// <param name="pStrongHashPolicy">
+		/// Pointer to a CERT_STRONG_SIGN_PARA structure that contains the parameters used to check for strong signatures. The function
+		/// chooses the lowest common hashing algorithm that satisfies the specified policy and the algorithm specified by the
+		/// pwszHashAlgorithm parameter or the system default algorithm (if no algorithm is specified).
+		/// </param>
+		/// <param name="dwFlags">Reserved. This value must be zero.</param>
+		/// <returns>
+		/// <para>If the function succeeds, the return value is nonzero ( <c>TRUE</c>).</para>
+		/// <para>If the function fails, the return value is zero ( <c>FALSE</c>). For extended error information, call GetLastError.</para>
+		/// <para>The following table lists the error codes most commonly returned by the GetLastError function.</para>
+		/// <list type="table">
+		/// <listheader>
+		/// <term>Return code</term>
+		/// <term>Description</term>
+		/// </listheader>
+		/// <item>
+		/// <term>ERROR_INVALID_PARAMETER</term>
+		/// <term>The phCatAdmin parameter cannot be NULL. The dwFlags parameter must be zero (0).</term>
+		/// </item>
+		/// <item>
+		/// <term>ERROR_NOT_ENOUGH_MEMORY</term>
+		/// <term>There was insufficient memory to create a new catalog administrator object.</term>
+		/// </item>
+		/// <item>
+		/// <term>NTE_BAD_ALGID</term>
+		/// <term>The hash algorithm specified by the pwszHashAlgorithm parameter cannot be found.</term>
+		/// </item>
+		/// </list>
+		/// </returns>
+		/// <remarks>
+		/// This function enables you to choose, or chooses for you, the hash algorithm to be used in functions that require the catalog
+		/// administrator context. Although you can set the name of the hashing algorithm, we recommend that you let the function determine
+		/// the algorithm. Doing so protects your application from hard coding algorithms that may become untrusted in the future.
+		/// </remarks>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mscat/nf-mscat-cryptcatadminacquirecontext2 BOOL CryptCATAdminAcquireContext2(
+		// HCATADMIN *phCatAdmin, const GUID *pgSubsystem, PCWSTR pwszHashAlgorithm, PCCERT_STRONG_SIGN_PARA pStrongHashPolicy, DWORD
+		// dwFlags );
+		[DllImport(Lib.Wintrust, SetLastError = true, ExactSpelling = true)]
+		[PInvokeData("mscat.h", MSDNShortId = "B089217A-5C12-4C51-8E46-3A9243347B21")]
+		[return: MarshalAs(UnmanagedType.Bool)]
+		public static extern bool CryptCATAdminAcquireContext2(out SafeHCATADMIN phCatAdmin, in Guid pgSubsystem, [MarshalAs(UnmanagedType.LPWStr), Optional] string pwszHashAlgorithm, in CERT_STRONG_SIGN_PARA pStrongHashPolicy, uint dwFlags = 0);
+
+		/// <summary>
+		/// <para>
+		/// The <c>CryptCATAdminAcquireContext2</c> function acquires a handle to a catalog administrator context for a given hash algorithm
+		/// and hash policy.
+		/// </para>
+		/// <para>You can use this handle in subsequent calls to the following functions:</para>
+		/// <list type="bullet">
+		/// <item>
+		/// <term>CryptCATAdminAddCatalog</term>
+		/// </item>
+		/// <item>
+		/// <term>CryptCATAdminEnumCatalogFromHash</term>
+		/// </item>
+		/// <item>
+		/// <term>CryptCATAdminRemoveCatalog</term>
+		/// </item>
+		/// </list>
+		/// <para>
+		/// This function has no associated import library. You must use the LoadLibrary and GetProcAddress functions to dynamically link to Wintrust.dll.
+		/// </para>
+		/// </summary>
+		/// <param name="phCatAdmin">
+		/// A pointer to the catalog administrator context handle that is assigned by this function. When you have finished using the
+		/// handle, close it by calling the CryptCATAdminReleaseContext function.
+		/// </param>
+		/// <param name="pgSubsystem">
+		/// A pointer to the <c>GUID</c> that identifies the subsystem. DRIVER_ACTION_VERIFY represents the subsystem for operating system
+		/// components and third party drivers. This is the subsystem used by most implementations.
+		/// </param>
+		/// <param name="pwszHashAlgorithm">
+		/// Optional null-terminated Unicode string that specifies the name of the hash algorithm to use when calculating and verifying
+		/// hashes. This value can be <c>NULL</c>. If it is <c>NULL</c>, the default hashing algorithm may be chosen, depending on the value
+		/// you set for the pStrongHashPolicy parameter. The default algorithm in Windows 8 is SHA1. The default may change in future
+		/// Windows versions. For more information, see Remarks.
+		/// </param>
+		/// <param name="pStrongHashPolicy">
+		/// Pointer to a CERT_STRONG_SIGN_PARA structure that contains the parameters used to check for strong signatures. The function
+		/// chooses the lowest common hashing algorithm that satisfies the specified policy and the algorithm specified by the
+		/// pwszHashAlgorithm parameter or the system default algorithm (if no algorithm is specified).
+		/// </param>
+		/// <param name="dwFlags">Reserved. This value must be zero.</param>
+		/// <returns>
+		/// <para>If the function succeeds, the return value is nonzero ( <c>TRUE</c>).</para>
+		/// <para>If the function fails, the return value is zero ( <c>FALSE</c>). For extended error information, call GetLastError.</para>
+		/// <para>The following table lists the error codes most commonly returned by the GetLastError function.</para>
+		/// <list type="table">
+		/// <listheader>
+		/// <term>Return code</term>
+		/// <term>Description</term>
+		/// </listheader>
+		/// <item>
+		/// <term>ERROR_INVALID_PARAMETER</term>
+		/// <term>The phCatAdmin parameter cannot be NULL. The dwFlags parameter must be zero (0).</term>
+		/// </item>
+		/// <item>
+		/// <term>ERROR_NOT_ENOUGH_MEMORY</term>
+		/// <term>There was insufficient memory to create a new catalog administrator object.</term>
+		/// </item>
+		/// <item>
+		/// <term>NTE_BAD_ALGID</term>
+		/// <term>The hash algorithm specified by the pwszHashAlgorithm parameter cannot be found.</term>
+		/// </item>
+		/// </list>
+		/// </returns>
+		/// <remarks>
+		/// This function enables you to choose, or chooses for you, the hash algorithm to be used in functions that require the catalog
+		/// administrator context. Although you can set the name of the hashing algorithm, we recommend that you let the function determine
+		/// the algorithm. Doing so protects your application from hard coding algorithms that may become untrusted in the future.
+		/// </remarks>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mscat/nf-mscat-cryptcatadminacquirecontext2 BOOL CryptCATAdminAcquireContext2(
+		// HCATADMIN *phCatAdmin, const GUID *pgSubsystem, PCWSTR pwszHashAlgorithm, PCCERT_STRONG_SIGN_PARA pStrongHashPolicy, DWORD
+		// dwFlags );
+		[DllImport(Lib.Wintrust, SetLastError = true, ExactSpelling = true)]
+		[PInvokeData("mscat.h", MSDNShortId = "B089217A-5C12-4C51-8E46-3A9243347B21")]
+		[return: MarshalAs(UnmanagedType.Bool)]
+		public static extern bool CryptCATAdminAcquireContext2(out SafeHCATADMIN phCatAdmin, [Optional] IntPtr pgSubsystem, [MarshalAs(UnmanagedType.LPWStr), Optional] string pwszHashAlgorithm, [Optional] IntPtr pStrongHashPolicy, uint dwFlags = 0);
+
+		/// <summary>
+		/// <para>
+		/// [The <c>CryptCATAdminAddCatalog</c> function is available for use in the operating systems specified in the Requirements
+		/// section. It may be altered or unavailable in subsequent versions.]
+		/// </para>
+		/// <para>
+		/// The <c>CryptCATAdminAddCatalog</c> function adds a catalog to the catalog database. The catalog database is an index that
+		/// associates file hashes with the catalogs that contain them. It is used to speed the identification of the catalogs when
+		/// verifying the file signature. This function is the only supported way to programmatically add catalogs to the Windows catalog
+		/// database. The function has no associated import library. You must use the LoadLibrary and GetProcAddress functions to
+		/// dynamically link to Wintrust.dll.
+		/// </para>
+		/// </summary>
+		/// <param name="hCatAdmin">Handle previously assigned by the CryptCATAdminAcquireContext function.</param>
+		/// <param name="pwszCatalogFile">
+		/// A pointer to a <c>null</c>-terminated string for the fully qualified path of the catalog to be added.
+		/// </param>
+		/// <param name="pwszSelectBaseName">
+		/// A pointer to a <c>null</c>-terminated string for the name of the catalog when it is stored. If the parameter is <c>NULL</c>,
+		/// then a unique name will be generated for the catalog.
+		/// </param>
+		/// <param name="dwFlags">
+		/// If the CRYPTCAT_ADDCATALOG_HARDLINK (0x00000001) flag is specified, the catalog specified in the call will be hard-linked to
+		/// rather than copied. Hard-linking instead of copying a catalog reduces the amount of disk space required by Windows.
+		/// </param>
+		/// <returns>
+		/// <para>
+		/// If the function succeeds, the return value is a handle to the catalog information context. If the function fails, the return
+		/// value is <c>NULL</c>. After you have finished using the returned handle, free it by calling the
+		/// CryptCATAdminReleaseCatalogContext function.
+		/// </para>
+		/// <para>
+		/// For extended error information, call the GetLastError function. For a complete list of error codes provided by the operating
+		/// system, see System Error Codes.
+		/// </para>
+		/// </returns>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mscat/nf-mscat-cryptcatadminaddcatalog HCATINFO CryptCATAdminAddCatalog(
+		// HCATADMIN hCatAdmin, PWSTR pwszCatalogFile, PWSTR pwszSelectBaseName, DWORD dwFlags );
+		[PInvokeData("mscat.h", MSDNShortId = "a227597c-a0af-4b86-bd29-03f478aef244")]
+		public static SafeHCATINFO CryptCATAdminAddCatalog(SafeHCATADMIN hCatAdmin, [MarshalAs(UnmanagedType.LPWStr)] string pwszCatalogFile, [MarshalAs(UnmanagedType.LPWStr), Optional] string pwszSelectBaseName, uint dwFlags) =>
+			new SafeHCATINFO(InternalCryptCATAdminAddCatalog(hCatAdmin, pwszCatalogFile, pwszSelectBaseName, dwFlags), hCatAdmin, true);
+
+		/// <summary>
+		/// <para>
+		/// [The <c>CryptCATAdminCalcHashFromFileHandle</c> function is available for use in the operating systems specified in the
+		/// Requirements section. It may be altered or unavailable in subsequent versions.]
+		/// </para>
+		/// <para>
+		/// The <c>CryptCATAdminCalcHashFromFileHandle</c> function calculates the hash for a file. This function has no associated import
+		/// library. You must use the LoadLibrary and GetProcAddress functions to dynamically link to Wintrust.dll.
+		/// </para>
+		/// </summary>
+		/// <param name="hFile">
+		/// A handle to the file whose hash is being calculated. This parameter cannot be <c>NULL</c> and must be a valid file handle.
+		/// </param>
+		/// <param name="pcbHash">
+		/// A pointer to a <c>DWORD</c> variable that contains the number of bytes in pbHash. Upon input, set pcbHash to the number of bytes
+		/// allocated for pbHash. Upon return, pcbHash contains the number of returned bytes in pbHash. If pbHash is passed as <c>NULL</c>,
+		/// then pcbHash contains the number of bytes to allocate for pbHash.
+		/// </param>
+		/// <param name="pbHash">
+		/// A pointer to a <c>BYTE</c> buffer that receives the hash. If this parameter is passed in as <c>NULL</c>, then pcbHash contains
+		/// the number of bytes to allocate for pbHash, and a subsequent call can be made to retrieve the hash.
+		/// </param>
+		/// <param name="dwFlags">This parameter is reserved for future use and must be set to zero.</param>
+		/// <returns>
+		/// The return value is <c>TRUE</c> if the function succeeds; <c>FALSE</c> if the function fails. If <c>FALSE</c> is returned, call
+		/// the <c>GetLastError</c> function to determine the reason for failure. If not enough memory has been allocated for pbHash, the
+		/// <c>CryptCATAdminCalcHashFromFileHandle</c> function will set the last error to ERROR_INSUFFICIENT_BUFFER.
+		/// </returns>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mscat/nf-mscat-cryptcatadmincalchashfromfilehandle BOOL
+		// CryptCATAdminCalcHashFromFileHandle( HANDLE hFile, DWORD *pcbHash, BYTE *pbHash, DWORD dwFlags );
+		[DllImport(Lib.Wintrust, SetLastError = true, ExactSpelling = true)]
+		[PInvokeData("mscat.h", MSDNShortId = "4dc5688f-4b7a-4baf-9671-868cac7f1896")]
+		[return: MarshalAs(UnmanagedType.Bool)]
+		public static extern bool CryptCATAdminCalcHashFromFileHandle(HFILE hFile, ref uint pcbHash, IntPtr pbHash, uint dwFlags = 0);
+
+		/// <summary>
+		/// <para>The <c>CryptCATAdminCalcHashFromFileHandle2</c> function calculates the hash for a file by using the specified algorithm.</para>
+		/// <para>
+		/// This function has no associated import library. You must use the LoadLibrary and GetProcAddress functions to dynamically link to Wintrust.dll.
+		/// </para>
+		/// </summary>
+		/// <param name="hCatAdmin">Handle of an open catalog administrator context. For more information, see CryptCATAdminAcquireContext2.</param>
+		/// <param name="hFile">
+		/// A handle to the file whose hash is being calculated. This parameter cannot be <c>NULL</c> and must be a valid file handle.
+		/// </param>
+		/// <param name="pcbHash">
+		/// Pointer to a <c>DWORD</c> variable that contains the number of bytes in the pbHash parameter. Upon input, set pcbHash to the
+		/// number of bytes allocated for pbHash. Upon return, pcbHash contains the number of returned bytes in pbHash. If pbHash is set to
+		/// <c>NULL</c>, then pcbHash contains the number of bytes to allocate for pbHash.
+		/// </param>
+		/// <param name="pbHash">
+		/// Pointer to a <c>BYTE</c> buffer that receives the hash. If you set this parameter to <c>NULL</c>, then pcbHash will contain the
+		/// number of bytes to allocate for pbHash, and a subsequent call can be made to retrieve the hash.
+		/// </param>
+		/// <param name="dwFlags">Reserved. This value must be zero.</param>
+		/// <returns>
+		/// <para>If the function succeeds, the return value is nonzero ( <c>TRUE</c>).</para>
+		/// <para>If the function fails, the return value is zero ( <c>FALSE</c>). For extended error information, call GetLastError.</para>
+		/// <para>The following table lists the error codes most commonly returned by the GetLastError function.</para>
+		/// <list type="table">
+		/// <listheader>
+		/// <term>Return code</term>
+		/// <term>Description</term>
+		/// </listheader>
+		/// <item>
+		/// <term>ERROR_INVALID_PARAMETER</term>
+		/// <term>
+		/// The hFile parameter must not be NULL. The hFile parameter must be a valid file handle. The pcbHash parameter must not be NULL.
+		/// The dwFlags parameter must be zero (0).
+		/// </term>
+		/// </item>
+		/// <item>
+		/// <term>ERROR_INSUFFICIENT_BUFFER</term>
+		/// <term>
+		/// The buffer pointed to by the pbHash parameter was not NULL but was not large enough to be written. The correct size of the
+		/// required buffer is contained in the value pointed to by the pcbHash parameter.
+		/// </term>
+		/// </item>
+		/// <item>
+		/// <term>NTE_BAD_ALGID</term>
+		/// <term>The hash algorithm specified by the pwszHashAlgorithm parameter cannot be found.</term>
+		/// </item>
+		/// </list>
+		/// </returns>
+		/// <remarks>
+		/// The amount of time this function takes to execute depends on the length of the file being hashed, the algorithm being used, and
+		/// the file location. For example, it takes several seconds to calculate the hash of a local file that is very large (a few hundred megabytes).
+		/// </remarks>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mscat/nf-mscat-cryptcatadmincalchashfromfilehandle2 BOOL
+		// CryptCATAdminCalcHashFromFileHandle2( HCATADMIN hCatAdmin, HANDLE hFile, DWORD *pcbHash, BYTE *pbHash, DWORD dwFlags );
+		[DllImport(Lib.Wintrust, SetLastError = true, ExactSpelling = true)]
+		[PInvokeData("mscat.h", MSDNShortId = "CBFA60A8-5E5A-4FAD-8AD3-26539802CD53")]
+		[return: MarshalAs(UnmanagedType.Bool)]
+		public static extern bool CryptCATAdminCalcHashFromFileHandle2(HCATADMIN hCatAdmin, HFILE hFile, ref uint pcbHash, IntPtr pbHash, uint dwFlags = 0);
+
+		/// <summary>
+		/// <para>
+		/// [The <c>CryptCATAdminEnumCatalogFromHash</c> function is available for use in the operating systems specified in the
+		/// Requirements section. It may be altered or unavailable in subsequent versions.]
+		/// </para>
+		/// <para>
+		/// The <c>CryptCATAdminEnumCatalogFromHash</c> function enumerates the catalogs that contain a specified hash. The hash is
+		/// typically returned from the CryptCATAdminCalcHashFromFileHandle function. This function has no associated import library. You
+		/// must use the LoadLibrary and GetProcAddress functions to dynamically link to Wintrust.dll. After the final call to this
+		/// function, call CryptCATAdminReleaseCatalogContext to release allocated memory.
+		/// </para>
+		/// </summary>
+		/// <param name="hCatAdmin">
+		/// A handle to a catalog administrator context previously assigned by the CryptCATAdminAcquireContext function.
+		/// </param>
+		/// <param name="pbHash">A pointer to the buffer that contains the hash retrieved by calling CryptCATAdminCalcHashFromFileHandle.</param>
+		/// <param name="cbHash">Number of bytes in the buffer allocated for pbHash.</param>
+		/// <param name="dwFlags">This parameter is reserved for future use and must be set to zero.</param>
+		/// <param name="phPrevCatInfo">
+		/// A pointer to the handle to the previous catalog context or <c>NULL</c>, if an enumeration is re-queried. If <c>NULL</c> is
+		/// passed in for this parameter, then the caller gets information only for the first catalog that contains the hash; an enumeration
+		/// is not made. If phPrevCatInfo contains <c>NULL</c>, then an enumeration of the catalogs that contain the hash is started, and
+		/// subsequent calls to <c>CryptCATAdminEnumCatalogFromHash</c> must set phPrevCatInfo to the return value from the previous call.
+		/// </param>
+		/// <returns>
+		/// <para>The return value is a handle to the catalog context or <c>NULL</c>, if there are no more catalogs to enumerate or retrieve.</para>
+		/// <para>
+		/// For extended error information, call the GetLastError function. For a complete list of error codes provided by the operating
+		/// system, see System Error Codes.
+		/// </para>
+		/// </returns>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mscat/nf-mscat-cryptcatadminenumcatalogfromhash HCATINFO
+		// CryptCATAdminEnumCatalogFromHash( HCATADMIN hCatAdmin, BYTE *pbHash, DWORD cbHash, DWORD dwFlags, HCATINFO *phPrevCatInfo );
+		[PInvokeData("mscat.h", MSDNShortId = "33ab2d01-94ab-4d23-a054-9da0731485d6")]
+		public static SafeHCATINFO CryptCATAdminEnumCatalogFromHash(SafeHCATADMIN hCatAdmin, IntPtr pbHash, uint cbHash, [Optional] uint dwFlags, ref HCATINFO phPrevCatInfo) =>
+			new SafeHCATINFO(InternalCryptCATAdminEnumCatalogFromHash(hCatAdmin, pbHash, cbHash, dwFlags, ref phPrevCatInfo), hCatAdmin, true);
+
+		/// <summary>
+		/// <para>
+		/// [The <c>CryptCATAdminReleaseCatalogContext</c> function is available for use in the operating systems specified in the
+		/// Requirements section. It may be altered or unavailable in subsequent versions.]
+		/// </para>
+		/// <para>
+		/// The <c>CryptCATAdminReleaseCatalogContext</c> function releases a handle to a catalog context previously returned by the
+		/// CryptCATAdminAddCatalog function. This function has no associated import library. You must use the LoadLibrary and
+		/// GetProcAddress functions to dynamically link to Wintrust.dll.
+		/// </para>
+		/// </summary>
+		/// <param name="hCatAdmin">Handle previously assigned by the CryptCATAdminAcquireContext function.</param>
+		/// <param name="hCatInfo">
+		/// Handle previously assigned by the CryptCATAdminAddCatalog function or the CryptCATAdminEnumCatalogFromHash function.
+		/// </param>
+		/// <param name="dwFlags">This parameter is reserved for future use and must be set to zero.</param>
+		/// <returns>The return value is <c>TRUE</c> if the function succeeds; <c>FALSE</c> if the function fails.</returns>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mscat/nf-mscat-cryptcatadminreleasecatalogcontext BOOL
+		// CryptCATAdminReleaseCatalogContext( IN HCATADMIN hCatAdmin, IN HCATINFO hCatInfo, IN DWORD dwFlags );
+		[DllImport(Lib.Wintrust, SetLastError = false, ExactSpelling = true)]
+		[PInvokeData("mscat.h", MSDNShortId = "6cc13013-2c0a-4934-a866-30b69cbcf934")]
+		[return: MarshalAs(UnmanagedType.Bool)]
+		public static extern bool CryptCATAdminReleaseCatalogContext(HCATADMIN hCatAdmin, HCATINFO hCatInfo, uint dwFlags = 0);
+
+		/// <summary>
+		/// <para>
+		/// [The <c>CryptCATAdminReleaseContext</c> function is available for use in the operating systems specified in the Requirements
+		/// section. It may be altered or unavailable in subsequent versions.]
+		/// </para>
+		/// <para>
+		/// The <c>CryptCATAdminReleaseContext</c> function releases the handle previously assigned by the CryptCATAdminAcquireContext
+		/// function. This function has no associated import library. You must use the LoadLibrary and GetProcAddress functions to
+		/// dynamically link to Wintrust.dll.
+		/// </para>
+		/// </summary>
+		/// <param name="hCatAdmin">
+		/// Catalog administrator context handle previously assigned by a call to the CryptCATAdminAcquireContext function.
+		/// </param>
+		/// <param name="dwFlags">Not used; set to zero.</param>
+		/// <returns>The return value is <c>TRUE</c> if the function succeeds; <c>FALSE</c> if the function fails.</returns>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mscat/nf-mscat-cryptcatadminreleasecontext BOOL CryptCATAdminReleaseContext(
+		// IN HCATADMIN hCatAdmin, IN DWORD dwFlags );
+		[DllImport(Lib.Wintrust, SetLastError = false, ExactSpelling = true)]
+		[PInvokeData("mscat.h", MSDNShortId = "dff253dc-c444-46be-a383-41340d634cce")]
+		[return: MarshalAs(UnmanagedType.Bool)]
+		public static extern bool CryptCATAdminReleaseContext([In] HCATADMIN hCatAdmin, [In] uint dwFlags = 0);
+
+		/// <summary>
+		/// <para>
+		/// [The <c>IsCatalogFile</c> function is available for use in the operating systems specified in the Requirements section. It may
+		/// be altered or unavailable in subsequent versions.]
+		/// </para>
+		/// <para>The <c>IsCatalogFile</c> function retrieves a Boolean value that indicates whether the specified file is a catalog file.</para>
+		/// <para>
+		/// <c>Note</c> This function has no associated import library. You must use the LoadLibrary and GetProcAddress functions to
+		/// dynamically link to Wintrust.dll.
+		/// </para>
+		/// </summary>
+		/// <param name="hFile">
+		/// A handle to the file to check. This parameter is optional, but it must contain a valid handle if the pwszFileName parameter is <c>NULL</c>.
+		/// </param>
+		/// <param name="pwszFileName">
+		/// A pointer to a null-terminated wide character string that contains the name of the file to check. This parameter is optional,
+		/// but it must contain a valid file name if the hFile parameter is <c>NULL</c>.
+		/// </param>
+		/// <returns>Returns nonzero if the specified file is a catalog file or zero otherwise.</returns>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mscat/nf-mscat-iscatalogfile BOOL IsCatalogFile( IN HANDLE hFile, WCHAR
+		// *pwszFileName );
+		[DllImport(Lib.Wintrust, SetLastError = false, ExactSpelling = true)]
+		[PInvokeData("mscat.h", MSDNShortId = "eeba34d4-08aa-456a-8fdc-16795cbce36a")]
+		[return: MarshalAs(UnmanagedType.Bool)]
+		public static extern bool IsCatalogFile([In] HFILE hFile, [MarshalAs(UnmanagedType.LPWStr)] string pwszFileName);
+
+		[DllImport(Lib.Wintrust, SetLastError = true, EntryPoint = "CryptCATAdminAddCatalog")]
+		private static extern IntPtr InternalCryptCATAdminAddCatalog(HCATADMIN hCatAdmin, [MarshalAs(UnmanagedType.LPWStr)] string pwszCatalogFile, [MarshalAs(UnmanagedType.LPWStr), Optional] string pwszSelectBaseName, uint dwFlags);
+
+		[DllImport(Lib.Wintrust, SetLastError = true, EntryPoint = "CryptCATAdminEnumCatalogFromHash")]
+		private static extern IntPtr InternalCryptCATAdminEnumCatalogFromHash(HCATADMIN hCatAdmin, IntPtr pbHash, uint cbHash, [Optional] uint dwFlags, ref HCATINFO phPrevCatInfo);
+
+		/// <summary>
+		/// <para>
+		/// [The <c>CATALOG_INFO</c> structure is available for use in the operating systems specified in the Requirements section. It may
+		/// be altered or unavailable in subsequent versions.]
+		/// </para>
+		/// <para>
+		/// The <c>CATALOG_INFO</c> structure contains the name of a catalog file. This structure is used by the
+		/// CryptCATCatalogInfoFromContext function.
+		/// </para>
+		/// </summary>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mscat/ns-mscat-catalog_info typedef struct CATALOG_INFO_ { DWORD cbStruct;
+		// WCHAR wszCatalogFile[MAX_PATH]; } CATALOG_INFO;
+		[PInvokeData("mscat.h", MSDNShortId = "f6e66412-3ed2-48d9-a377-5df11500db59")]
+		[StructLayout(LayoutKind.Sequential)]
+		public struct CATALOG_INFO
+		{
+			/// <summary>Specifies the size, in bytes, of this structure.</summary>
+			public uint cbStruct;
+
+			/// <summary>Name of the catalog file.</summary>
+			[MarshalAs(UnmanagedType.ByValTStr, SizeConst = 260)]
+			public string wszCatalogFile;
+		}
+
+		/// <summary>
+		/// <para>
+		/// [The <c>CRYPTCATATTRIBUTE</c> structure is available for use in the operating systems specified in the Requirements section. It
+		/// may be altered or unavailable in subsequent versions.]
+		/// </para>
+		/// <para>
+		/// The <c>CRYPTCATATTRIBUTE</c> structure defines a catalog attribute. This structure is used by the CryptCATEnumerateAttr and
+		/// CryptCATEnumerateCatAttr functions.
+		/// </para>
+		/// </summary>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mscat/ns-mscat-cryptcatattribute typedef struct CRYPTCATATTRIBUTE_ { DWORD
+		// cbStruct; LPWSTR pwszReferenceTag; DWORD dwAttrTypeAndAction; DWORD cbValue; BYTE *pbValue; DWORD dwReserved; } CRYPTCATATTRIBUTE;
+		[PInvokeData("mscat.h", MSDNShortId = "41b91303-f3eb-4288-9ad2-98f170680988")]
+		[StructLayout(LayoutKind.Sequential)]
+		public struct CRYPTCATATTRIBUTE
+		{
+			/// <summary>The size, in bytes, of this structure.</summary>
+			public uint cbStruct;
+
+			/// <summary>A pointer to a null-terminated string that contains the reference tag value.</summary>
+			[MarshalAs(UnmanagedType.LPWStr)] public string pwszReferenceTag;
+
+			/// <summary>
+			/// <para>Bitwise combination of the following flags.</para>
+			/// <list type="table">
+			/// <listheader>
+			/// <term>Value</term>
+			/// <term>Meaning</term>
+			/// </listheader>
+			/// <item>
+			/// <term>CRYPTCAT_ATTR_AUTHENTICATED 0x10000000</term>
+			/// <term>The attribute is authenticated.</term>
+			/// </item>
+			/// <item>
+			/// <term>CRYPTCAT_ATTR_UNAUTHENTICATED 0x20000000</term>
+			/// <term>The attribute is unauthenticated.</term>
+			/// </item>
+			/// <item>
+			/// <term>CRYPTCAT_ATTR_NAMEASCII 0x00000001</term>
+			/// <term>The attribute is an ASCII string.</term>
+			/// </item>
+			/// <item>
+			/// <term>CRYPTCAT_ATTR_NAMEOBJID 0x00000002</term>
+			/// <term>The attribute is a cryptographic object identifier (OID).</term>
+			/// </item>
+			/// <item>
+			/// <term>CRYPTCAT_ATTR_DATAASCII 0x00010000</term>
+			/// <term>The attribute contains simple ASCII characters that should not be decoded.</term>
+			/// </item>
+			/// <item>
+			/// <term>CRYPTCAT_ATTR_DATABASE64 0x00020000</term>
+			/// <term>The attribute is in base 64 format.</term>
+			/// </item>
+			/// <item>
+			/// <term>CRYPTCAT_ATTR_DATAREPLACE 0x00040000</term>
+			/// <term>The attribute replaces the value for an existing attribute.</term>
+			/// </item>
+			/// </list>
+			/// </summary>
+			public CRYPTCAT_ATTR dwAttrTypeAndAction;
+
+			/// <summary>Number of bytes used by <c>pbValue</c>.</summary>
+			public uint cbValue;
+
+			/// <summary>A pointer to the encoded bytes.</summary>
+			public IntPtr pbValue;
+
+			/// <summary>Reserved; do not use.</summary>
+			public uint dwReserved;
+		}
+
+		/// <summary>
+		/// <para>
+		/// [The <c>CRYPTCATCDF</c> structure is available for use in the operating systems specified in the Requirements section. It may be
+		/// altered or unavailable in subsequent versions.]
+		/// </para>
+		/// <para>
+		/// The <c>CRYPTCATCDF</c> structure contains information used to create a signed catalog file (.cat) from a catalog definition file
+		/// (CDF). This structure is used by the MakeCat tool.
+		/// </para>
+		/// </summary>
+		/// <remarks>
+		/// A parser can update dwCurFilePos and dwLastMemberOffset as it reads the CDF. A user-defined callback function can use this
+		/// information for recoverable parse errors in the CDF.
+		/// </remarks>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mscat/ns-mscat-cryptcatcdf typedef struct CRYPTCATCDF_ { DWORD cbStruct;
+		// HANDLE hFile; DWORD dwCurFilePos; DWORD dwLastMemberOffset; BOOL fEOF; LPWSTR pwszResultDir; HANDLE hCATStore; } CRYPTCATCDF;
+		[PInvokeData("mscat.h", MSDNShortId = "15d5710a-d4df-4e45-b161-5d4f7509ba29")]
+		[StructLayout(LayoutKind.Sequential)]
+		public struct CRYPTCATCDF
+		{
+			/// <summary>The size, in bytes, of this structure.</summary>
+			public uint cbStruct;
+
+			/// <summary>A handle to the catalog definition file (.cdf).</summary>
+			public HFILE hFile;
+
+			/// <summary>
+			/// A value that specifies the current position of the parser measured in bytes from the beginning of the catalog definition file.
+			/// </summary>
+			public uint dwCurFilePos;
+
+			/// <summary>
+			/// A value that specifies the number of bytes to the position of the last member parsed in the catalog definition file.
+			/// </summary>
+			public uint dwLastMemberOffset;
+
+			/// <summary>
+			/// An integer that indicates whether the parser finished reading the file. <c>TRUE</c> indicates that the last read operation
+			/// returned zero bytes.
+			/// </summary>
+			[MarshalAs(UnmanagedType.Bool)] public bool fEOF;
+
+			/// <summary>
+			/// A pointer to a null-terminated string that contains the name of a directory where the catalog file (.cat) will be written.
+			/// </summary>
+			[MarshalAs(UnmanagedType.LPWStr)] public string pwszResultDir;
+
+			/// <summary>A handle to the catalog file (.cat).</summary>
+			public HANDLE hCATStore;
+		}
+
+		/// <summary>
+		/// <para>
+		/// [The <c>CRYPTCATMEMBER</c> structure is available for use in the operating systems specified in the Requirements section. It may
+		/// be altered or unavailable in subsequent versions.]
+		/// </para>
+		/// <para>
+		/// The <c>CRYPTCATMEMBER</c> structure provides information about a catalog member. This structure is used by the
+		/// CryptCATGetMemberInfo and CryptCATEnumerateAttr functions.
+		/// </para>
+		/// </summary>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mscat/ns-mscat-cryptcatmember typedef struct CRYPTCATMEMBER_ { DWORD cbStruct;
+		// LPWSTR pwszReferenceTag; LPWSTR pwszFileName; GUID gSubjectType; DWORD fdwMemberFlags; struct SIP_INDIRECT_DATA_ *pIndirectData;
+		// DWORD dwCertVersion; DWORD dwReserved; HANDLE hReserved; CRYPT_ATTR_BLOB sEncodedIndirectData; CRYPT_ATTR_BLOB
+		// sEncodedMemberInfo; } CRYPTCATMEMBER;
+		[PInvokeData("mscat.h", MSDNShortId = "08f663d9-9dc2-4ac9-95c5-7f2ed972eb9b")]
+		[StructLayout(LayoutKind.Sequential)]
+		public struct CRYPTCATMEMBER
+		{
+			/// <summary>The size, in bytes, of this structure.</summary>
+			public uint cbStruct;
+
+			/// <summary>A pointer to a null-terminated string that contains the reference tag value.</summary>
+			[MarshalAs(UnmanagedType.LPWStr)] public string pwszReferenceTag;
+
+			/// <summary>A pointer to a null-terminated string that contains the file name.</summary>
+			[MarshalAs(UnmanagedType.LPWStr)] public string pwszFileName;
+
+			/// <summary><c>GUID</c> that identifies the subject type.</summary>
+			public Guid gSubjectType;
+
+			/// <summary>Value that specifies the member flags.</summary>
+			public uint fdwMemberFlags;
+
+			/// <summary>A pointer to a <c>SIP_INDIRECT_DATA</c> structure.</summary>
+			public IntPtr pIndirectData;
+
+			/// <summary>Value that specifies the certificate version.</summary>
+			public uint dwCertVersion;
+
+			/// <summary>Reserved; do not use.</summary>
+			public uint dwReserved;
+
+			/// <summary>Reserved; do not use.</summary>
+			public HANDLE hReserved;
+
+			/// <summary>A CRYPT_ATTR_BLOB structure that contains encoded indirect data.</summary>
+			public CRYPTOAPI_BLOB sEncodedIndirectData;
+
+			/// <summary>A CRYPT_ATTR_BLOB structure that contains encoded member information.</summary>
+			public CRYPTOAPI_BLOB sEncodedMemberInfo;
+		}
+
+		/// <summary>
+		/// <para>
+		/// [The <c>CRYPTCATSTORE</c> structure is available for use in the operating systems specified in the Requirements section. It may
+		/// be altered or unavailable in subsequent versions.]
+		/// </para>
+		/// <para>
+		/// The <c>CRYPTCATSTORE</c> structure represents a catalog file. The CryptCATStoreFromHandle function populates this structure by
+		/// using the handle returned by CryptCATOpen.
+		/// </para>
+		/// </summary>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mscat/ns-mscat-cryptcatstore typedef struct CRYPTCATSTORE_ { DWORD cbStruct;
+		// DWORD dwPublicVersion; LPWSTR pwszP7File; HCRYPTPROV hProv; DWORD dwEncodingType; DWORD fdwStoreFlags; HANDLE hReserved; HANDLE
+		// hAttrs; HCRYPTMSG hCryptMsg; HANDLE hSorted; } CRYPTCATSTORE;
+		[PInvokeData("mscat.h", MSDNShortId = "65a15797-453c-4f47-8ea1-c92e616b50aa")]
+		[StructLayout(LayoutKind.Sequential)]
+		public struct CRYPTCATSTORE
+		{
+			/// <summary>The size, in bytes, of this structure.</summary>
+			public uint cbStruct;
+
+			/// <summary>A value that specifies the "PublicVersion" of the catalog file.</summary>
+			public uint dwPublicVersion;
+
+			/// <summary>
+			/// A pointer to a null-terminated string that contains the name of the catalog file. This member must be initialized before a
+			/// call to the CryptCATPersistStore function.
+			/// </summary>
+			[MarshalAs(UnmanagedType.LPWStr)] public string pwszP7File;
+
+			/// <summary>A handle to the cryptographic service provider (CSP).</summary>
+			public HCRYPTPROV hProv;
+
+			/// <summary>
+			/// A value that specifies the encoding type used for the file. Currently, only X509_ASN_ENCODING and PKCS_7_ASN_ENCODING are
+			/// being used; however, additional encoding types may be added in the future. For either current encoding type, use:
+			/// X509_ASN_ENCODING | PKCS_7_ASN_ENCODING.
+			/// </summary>
+			public CertEncodingType dwEncodingType;
+
+			/// <summary>
+			/// <para>A bitwise combination of the following values.</para>
+			/// <list type="table">
+			/// <listheader>
+			/// <term>Value</term>
+			/// <term>Meaning</term>
+			/// </listheader>
+			/// <item>
+			/// <term>CRYPTCAT_OPEN_EXCLUDE_PAGE_HASHES 0x00010000</term>
+			/// <term>Exclude page hashes in SPC_INDIRECT_DATA.</term>
+			/// </item>
+			/// <item>
+			/// <term>CRYPTCAT_OPEN_FLAGS_MASK 0xffff0000</term>
+			/// <term>For all flags with a value in the upper word, set or clear the flag.</term>
+			/// </item>
+			/// <item>
+			/// <term>CRYPTCAT_OPEN_INCLUDE_PAGE_HASHES 0x00020000</term>
+			/// <term>
+			/// Include page hashes in SPC_INDIRECT_DATA. The CRYPTCAT_OPEN_EXCLUDE_PAGE_HASHES flag takes precedence if it is also set.
+			/// </term>
+			/// </item>
+			/// <item>
+			/// <term>CRYPTCAT_OPEN_NO_CONTENT_HCRYPTMSG 0x20000000</term>
+			/// <term>Open the file for decoding without detached content.</term>
+			/// </item>
+			/// <item>
+			/// <term>CRYPTCAT_OPEN_SORTED 0x40000000</term>
+			/// <term>Open the catalog with the entries sorted alphabetically by subject.</term>
+			/// </item>
+			/// <item>
+			/// <term>CRYPTCAT_OPEN_VERIFYSIGHASH 0x10000000</term>
+			/// <term>Verify the signature hash but not the certificate chain.</term>
+			/// </item>
+			/// </list>
+			/// </summary>
+			public CRYPTCAT_OPEN fdwStoreFlags;
+
+			/// <summary>This member is reserved and must be <c>NULL</c>.</summary>
+			public HANDLE hReserved;
+
+			/// <summary>This member is reserved and must be <c>NULL</c>.</summary>
+			public HANDLE hAttrs;
+
+			/// <summary>
+			/// A handle to the decoded bytes. This member is only set if the file was opened with the
+			/// <c>CRYPTCAT_OPEN_NO_CONTENT_HCRYPTMSG</c> flag set.
+			/// </summary>
+			public HCRYPTMSG hCryptMsg;
+
+			/// <summary>This member is reserved and must be <c>NULL</c>.</summary>
+			public HANDLE hSorted;
+		}
+
+		/// <summary>Provides a handle to a catalog information context.</summary>
+		[StructLayout(LayoutKind.Sequential)]
+		public struct HCATINFO : IHandle
+		{
+			private readonly IntPtr handle;
+
+			/// <summary>Initializes a new instance of the <see cref="HCATINFO"/> struct.</summary>
+			/// <param name="preexistingHandle">An <see cref="IntPtr"/> object that represents the pre-existing handle to use.</param>
+			public HCATINFO(IntPtr preexistingHandle) => handle = preexistingHandle;
+
+			/// <summary>Returns an invalid handle by instantiating a <see cref="HCATINFO"/> object with <see cref="IntPtr.Zero"/>.</summary>
+			public static HCATINFO NULL => new HCATINFO(IntPtr.Zero);
+
+			/// <summary>Gets a value indicating whether this instance is a null handle.</summary>
+			public bool IsNull => handle == IntPtr.Zero;
+
+			/// <summary>Performs an explicit conversion from <see cref="HCATINFO"/> to <see cref="IntPtr"/>.</summary>
+			/// <param name="h">The handle.</param>
+			/// <returns>The result of the conversion.</returns>
+			public static explicit operator IntPtr(HCATINFO h) => h.handle;
+
+			/// <summary>Performs an implicit conversion from <see cref="IntPtr"/> to <see cref="HCATINFO"/>.</summary>
+			/// <param name="h">The pointer to a handle.</param>
+			/// <returns>The result of the conversion.</returns>
+			public static implicit operator HCATINFO(IntPtr h) => new HCATINFO(h);
+
+			/// <summary>Implements the operator !=.</summary>
+			/// <param name="h1">The first handle.</param>
+			/// <param name="h2">The second handle.</param>
+			/// <returns>The result of the operator.</returns>
+			public static bool operator !=(HCATINFO h1, HCATINFO h2) => !(h1 == h2);
+
+			/// <summary>Implements the operator ==.</summary>
+			/// <param name="h1">The first handle.</param>
+			/// <param name="h2">The second handle.</param>
+			/// <returns>The result of the operator.</returns>
+			public static bool operator ==(HCATINFO h1, HCATINFO h2) => h1.Equals(h2);
+
+			/// <inheritdoc/>
+			public override bool Equals(object obj) => obj is HCATINFO h ? handle == h.handle : false;
+
+			/// <inheritdoc/>
+			public override int GetHashCode() => handle.GetHashCode();
+
+			/// <inheritdoc/>
+			public IntPtr DangerousGetHandle() => handle;
+		}
+
+		/// <summary>Provides a <see cref="SafeHandle"/> for <see cref="HCATADMIN"/> that is disposed using <see cref="CryptCATAdminReleaseContext"/>.</summary>
+		public class SafeHCATADMIN : SafeHANDLE
+		{
+			/// <summary>Initializes a new instance of the <see cref="SafeHCATADMIN"/> class and assigns an existing handle.</summary>
+			/// <param name="preexistingHandle">An <see cref="IntPtr"/> object that represents the pre-existing handle to use.</param>
+			/// <param name="ownsHandle">
+			/// <see langword="true"/> to reliably release the handle during the finalization phase; otherwise, <see langword="false"/> (not recommended).
+			/// </param>
+			public SafeHCATADMIN(IntPtr preexistingHandle, bool ownsHandle = true) : base(preexistingHandle, ownsHandle) { }
+
+			/// <summary>Initializes a new instance of the <see cref="SafeHCATADMIN"/> class.</summary>
+			private SafeHCATADMIN() : base() { }
+
+			/// <summary>Performs an implicit conversion from <see cref="SafeHCATADMIN"/> to <see cref="HCATADMIN"/>.</summary>
+			/// <param name="h">The safe handle instance.</param>
+			/// <returns>The result of the conversion.</returns>
+			public static implicit operator HCATADMIN(SafeHCATADMIN h) => h.handle;
+
+			/// <inheritdoc/>
+			protected override bool InternalReleaseHandle() => CryptCATAdminReleaseContext(handle);
+		}
+
+		/// <summary>Provides a <see cref="SafeHandle"/> for <see cref="HCATINFO"/> that is disposed using <see cref="CryptCATAdminReleaseCatalogContext"/>.</summary>
+		public class SafeHCATINFO : SafeHANDLE
+		{
+			private readonly SafeHCATADMIN hAdmin;
+
+			/// <summary>Initializes a new instance of the <see cref="SafeHCATINFO"/> class and assigns an existing handle.</summary>
+			/// <param name="preexistingHandle">An <see cref="IntPtr"/> object that represents the pre-existing handle to use.</param>
+			/// <param name="ownsHandle">
+			/// <see langword="true"/> to reliably release the handle during the finalization phase; otherwise, <see langword="false"/> (not recommended).
+			/// </param>
+			public SafeHCATINFO(IntPtr preexistingHandle, SafeHCATADMIN hCatAdmin, bool ownsHandle = true) : base(preexistingHandle, ownsHandle) =>
+				hAdmin = hCatAdmin ?? throw new ArgumentNullException(nameof(hCatAdmin));
+
+			/// <summary>Initializes a new instance of the <see cref="SafeHCATINFO"/> class.</summary>
+			private SafeHCATINFO() : base() { }
+
+			/// <summary>Performs an implicit conversion from <see cref="SafeHCATINFO"/> to <see cref="HCATINFO"/>.</summary>
+			/// <param name="h">The safe handle instance.</param>
+			/// <returns>The result of the conversion.</returns>
+			public static implicit operator HCATINFO(SafeHCATINFO h) => h.handle;
+
+			/// <inheritdoc/>
+			protected override bool InternalReleaseHandle() => CryptCATAdminReleaseCatalogContext(hAdmin, handle);
+		}
+
 		/*
-		CryptCATAdminAcquireContext	Acquires a handle to a catalog administrator context.
-		CryptCATAdminAcquireContext2	Acquires a handle to a catalog administrator context for a given hash algorithm and hash policy.
-		CryptCATAdminAddCatalog	Adds a catalog to the catalog database.
-		CryptCATAdminCalcHashFromFileHandle	Calculates the hash for a file.
-		CryptCATAdminCalcHashFromFileHandle2	Calculates the hash for a file by using the specified algorithm.
-		CryptCATAdminEnumCatalogFromHash	Enumerates the catalogs that contain a specified hash.
-		CryptCATAdminReleaseCatalogContext	Releases a handle to a catalog context previously returned by the CryptCATAdminAddCatalog function.
-		CryptCATAdminReleaseContext	Releases the handle previously assigned by the CryptCATAdminAcquireContext function.
 		CryptCATAdminRemoveCatalog	Deletes a catalog file and removes that catalog's entry from the Windows catalog database.
 		CryptCATAdminResolveCatalogPath	Retrieves the fully qualified path of the specified catalog.
 		CryptCATCatalogInfoFromContext	Retrieves catalog information from a specified catalog context.
@@ -37,15 +1028,6 @@ namespace Vanara.PInvoke
 		CryptCATPutCatAttrInfo	Allocates memory for a catalog file attribute and adds it to the catalog.
 		CryptCATPutMemberInfo	Allocates memory for a catalog member and adds it to the catalog.
 		CryptCATStoreFromHandle	Retrieves a CRYPTCATSTORE structure from a catalog handle.
-		IsCatalogFile	Retrieves a Boolean value that indicates whether the specified file is a catalog file.
-
-		PFN_CDF_PARSE_ERROR_CALLBACK	Called for Catalog Definition Function errors while parsing a catalog definition file (CDF).
-
-		CATALOG_INFO	The CATALOG_INFO structure contains the name of a catalog file. This structure is used by the CryptCATCatalogInfoFromContext function.
-		CRYPTCATATTRIBUTE	The CRYPTCATATTRIBUTE structure defines a catalog attribute. This structure is used by the CryptCATEnumerateAttr and CryptCATEnumerateCatAttr functions.
-		CRYPTCATCDF	Contains information used to create a signed catalog file (.cat) from a catalog definition file (CDF).
-		CRYPTCATMEMBER	The CRYPTCATMEMBER structure provides information about a catalog member. This structure is used by the CryptCATGetMemberInfo and CryptCATEnumerateAttr functions.
-		CRYPTCATSTORE	Represents a catalog file.
 		*/
 	}
 }
\ No newline at end of file
diff --git a/PInvoke/WinTrust/MsSip.cs b/PInvoke/WinTrust/MsSip.cs
index 3a3f097f..dda8aa48 100644
--- a/PInvoke/WinTrust/MsSip.cs
+++ b/PInvoke/WinTrust/MsSip.cs
@@ -1,40 +1,1078 @@
 using System;
 using System.Runtime.InteropServices;
-using Vanara.Extensions;
 using Vanara.InteropServices;
 using static Vanara.PInvoke.Crypt32;
-using FILETIME = System.Runtime.InteropServices.ComTypes.FILETIME;
 
 namespace Vanara.PInvoke
 {
 	public static partial class WinTrust
 	{
-		/*
-		CryptSIPAddProvider	The CryptSIPAddProvider function registers functions that are exported by a given DLL file that implements a Subject Interface Package (SIP).
-		CryptSIPCreateIndirectData	Returns a SIP_INDIRECT_DATA structure that contains a hash of the supplied SIP_SUBJECTINFO structure, the digest algorithm, and an encoding attribute. The hash can be used as an indirect reference to the data.
-		CryptSIPGetCaps	Retrieves the capabilities of a subject interface package (SIP).
-		CryptSIPGetSignedDataMsg	Retrieves an Authenticode signature from the file.
-		CryptSIPLoad	Loads the dynamic-link library (DLL) that implements a subject interface package (SIP) and assigns appropriate library export functions to a SIP_DISPATCH_INFO structure.
-		CryptSIPPutSignedDataMsg	Stores an Authenticode signature in the target file.
-		CryptSIPRemoveProvider	Removes registry details of a Subject Interface Package (SIP) DLL file added by a previous call to the CryptSIPAddProvider function.
-		CryptSIPRemoveSignedDataMsg	Removes a specified Authenticode signature.
-		CryptSIPRetrieveSubjectGuid	Retrieves a GUID based on the header information in a specified file.
-		CryptSIPRetrieveSubjectGuidForCatalogFile	Retrieves the subject GUID associated with the specified file.
-		CryptSIPVerifyIndirectData	Validates the indirect hashed data against the supplied subject.
+		/// <summary>
+		/// The <c>CryptSIPCreateIndirectData</c> function returns a SIP_INDIRECT_DATA structure that contains a hash of the supplied
+		/// SIP_SUBJECTINFO structure, the digest algorithm, and an encoding attribute. The hash can be used as an indirect reference to the data.
+		/// </summary>
+		/// <param name="pSubjectInfo">
+		/// A pointer to a SIP_SUBJECTINFO structure that contains the subject to which the indirect data reference will point.
+		/// </param>
+		/// <param name="pcbIndirectData">A pointer to a <c>DWORD</c> value to receive the size of the returned SIP_INDIRECT_DATA structure.</param>
+		/// <param name="pIndirectData">A pointer to a SIP_INDIRECT_DATA structure to receive the catalog item.</param>
+		/// <returns>
+		/// <para>The return value is <c>TRUE</c> if the function succeeds; otherwise, <c>FALSE</c>.</para>
+		/// <para>
+		/// If this function returns <c>FALSE</c>, additional error information can be obtained by calling the GetLastError function.
+		/// <c>GetLastError</c> will return one of the following error codes.
+		/// </para>
+		/// <list type="table">
+		/// <listheader>
+		/// <term>Return code</term>
+		/// <term>Description</term>
+		/// </listheader>
+		/// <item>
+		/// <term>ERROR_BAD_FORMAT</term>
+		/// <term>The file or data format is not correct for the specified subject interface package (SIP) type.</term>
+		/// </item>
+		/// <item>
+		/// <term>ERROR_INVALID_PARAMETER</term>
+		/// <term>One or more of the parameters are not valid.</term>
+		/// </item>
+		/// <item>
+		/// <term>ERROR_NOT_ENOUGH_MEMORY</term>
+		/// <term>There was an error allocating memory.</term>
+		/// </item>
+		/// <item>
+		/// <term>NTE_BAD_ALGID</term>
+		/// <term>The specified algorithm is not supported by the SIP.</term>
+		/// </item>
+		/// <item>
+		/// <term>TRUST_E_SUBJECT_FORM_UNKNOWN</term>
+		/// <term>The subject type is not recognized.</term>
+		/// </item>
+		/// </list>
+		/// </returns>
+		/// <remarks>
+		/// If pcbIndirectData points to a <c>DWORD</c> and pIndirectData points to <c>NULL</c>, the size of the data will be returned in pcbIndirectData.
+		/// </remarks>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mssip/nf-mssip-cryptsipcreateindirectdata BOOL CryptSIPCreateIndirectData( IN
+		// SIP_SUBJECTINFO *pSubjectInfo, IN OUT DWORD *pcbIndirectData, OUT SIP_INDIRECT_DATA *pIndirectData );
+		[UnmanagedFunctionPointer(CallingConvention.Winapi)]
+		[PInvokeData("mssip.h", MSDNShortId = "bb4ecc95-972f-415c-9722-59b00a27cddc")]
+		[return: MarshalAs(UnmanagedType.Bool)]
+		public delegate bool pCryptSIPCreateIndirectData(in SIP_SUBJECTINFO pSubjectInfo, ref uint pcbIndirectData, IntPtr pIndirectData);
 
-		pCryptSIPGetCaps	Is implemented by an subject interface package (SIP) to report capabilities.
-		pfnIsFileSupported	Queries the subject interface packages (SIPs) listed in the registry to determine which SIP handles the file type.
-		pfnIsFileSupportedName	Queries the subject interface packages (SIPs) listed in the registry to determine which SIP handles the file type.
+		/// <summary>The <c>pCryptSIPGetCaps</c> function is implemented by an subject interface package (SIP) to report capabilities.</summary>
+		/// <param name="pSubjInfo">Pointer to a SIP_SUBJECTINFO structure that specifies subject information data to the SIP APIs.</param>
+		/// <param name="pCaps">Pointer to a SIP_CAP_SET structure that defines the capabilities of an SIP.</param>
+		/// <returns>None</returns>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mssip/nc-mssip-pcryptsipgetcaps pCryptSIPGetCaps Pcryptsipgetcaps; BOOL
+		// Pcryptsipgetcaps( SIP_SUBJECTINFO *pSubjInfo, SIP_CAP_SET *pCaps ) {...}
+		[UnmanagedFunctionPointer(CallingConvention.Winapi)]
+		[PInvokeData("mssip.h", MSDNShortId = "8EA46B67-F542-4B15-81F4-3DD83DD45764")]
+		[return: MarshalAs(UnmanagedType.Bool)]
+		public delegate bool pCryptSIPGetCaps(in SIP_SUBJECTINFO pSubjInfo, IntPtr pCaps);
 
-		MS_ADDINFO_BLOB	Provides additional information for in-memory BLOB subject types.
-		MS_ADDINFO_CATALOGMEMBER	Provides additional information for catalog member subject types.
-		MS_ADDINFO_FLAT	Provides additional information about flat or end-to-end subject types.
-		SIP_ADD_NEWPROVIDER	Defines a subject interface package (SIP). This structure is used by the CryptSIPAddProvider function.
-		SIP_CAP_SET_V2	Defines the capabilities of a subject interface package (SIP).
-		SIP_CAP_SET_V3	Defines the capabilities of a subject interface package (SIP).
-		SIP_DISPATCH_INFO	Contains a set of function pointers assigned by the CryptSIPLoad function that your application uses to perform subject interface package (SIP) operations.
-		SIP_INDIRECT_DATA	Contains the digest of the hashed subject information.
-		SIP_SUBJECTINFO	Specifies subject information data to the subject interface package (SIP) APIs.
-		*/
+		/// <summary>The <c>CryptSIPGetSignedDataMsg</c> function retrieves an Authenticode signature from the file.</summary>
+		/// <param name="pSubjectInfo">A pointer to a SIP_SUBJECTINFO structure that contains information about the message subject.</param>
+		/// <param name="pdwEncodingType">
+		/// <para>The encoding type of the Authenticode signature.</para>
+		/// <para>This parameter can be a combination of one or more of the following values.</para>
+		/// <list type="table">
+		/// <listheader>
+		/// <term>Value</term>
+		/// <term>Meaning</term>
+		/// </listheader>
+		/// <item>
+		/// <term>PKCS_7_ASN_ENCODING 65536 (0x10000)</term>
+		/// <term>Specifies PKCS #7 message encoding.</term>
+		/// </item>
+		/// <item>
+		/// <term>X509_ASN_ENCODING 1 (0x1)</term>
+		/// <term>Specifies X.509 certificate encoding.</term>
+		/// </item>
+		/// </list>
+		/// </param>
+		/// <param name="dwIndex">This parameter is reserved and should be set to zero.</param>
+		/// <param name="pcbSignedDataMsg">The length, in bytes, of the buffer pointed to by the pbSignedDataMsg parameter.</param>
+		/// <param name="pbSignedDataMsg">
+		/// <para>A pointer to a buffer to receive the returned Authenticode signature.</para>
+		/// <para>
+		/// To determine the size of the buffer needed, set the pbSignedDataMsg parameter to <c>NULL</c> and call the
+		/// <c>CryptSIPGetSignedDataMsg</c> function. This function will place the required size of the buffer, in bytes, in the value
+		/// pointed to by pcbSignedDataMsg. For more information, see Retrieving Data of Unknown Length.
+		/// </para>
+		/// </param>
+		/// <returns>
+		/// <para>If the function succeeds, the function returns <c>TRUE</c>.</para>
+		/// <para>
+		/// If the function fails, it returns <c>FALSE</c>. For extended error information, call GetLastError. Some possible error codes follow.
+		/// </para>
+		/// <list type="table">
+		/// <listheader>
+		/// <term>Return code</term>
+		/// <term>Description</term>
+		/// </listheader>
+		/// <item>
+		/// <term>CRYPT_E_NO_MATCH</term>
+		/// <term>The signature specified by the index could not be found.</term>
+		/// </item>
+		/// <item>
+		/// <term>ERROR_BAD_FORMAT</term>
+		/// <term>The specified data or file format of the subject interface package (SIP) is not valid.</term>
+		/// </item>
+		/// <item>
+		/// <term>ERROR_INVALID_PARAMETER</term>
+		/// <term>The pSubjectInfo parameter or the pgSubjectType member of the SIP_SUBJECTINFO structure is a null pointer.</term>
+		/// </item>
+		/// <item>
+		/// <term>ERROR_INSUFFICIENT_BUFFER</term>
+		/// <term>
+		/// The size of the message buffer was insufficient to hold the retrieved data, the pcbSignedDataMsgparameter has been set to
+		/// indicate the required buffer size.
+		/// </term>
+		/// </item>
+		/// <item>
+		/// <term>TRUST_E_SUBJECT_FORM_UNKNOWN</term>
+		/// <term>The specified subject type is not valid.</term>
+		/// </item>
+		/// </list>
+		/// </returns>
+		/// <remarks>
+		/// Subjects include, but are not limited to, portable executable images (.exe), cabinet (.cab) images, flat files, and catalog
+		/// files. Each subject type uses a different subset of its data for hash calculation and requires a different procedure for storage
+		/// and retrieval. Therefore, each subject type has a unique SIP specification.
+		/// </remarks>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mssip/nf-mssip-cryptsipgetsigneddatamsg BOOL CryptSIPGetSignedDataMsg( IN
+		// SIP_SUBJECTINFO *pSubjectInfo, OUT DWORD *pdwEncodingType, IN DWORD dwIndex, IN OUT DWORD *pcbSignedDataMsg, OUT BYTE
+		// *pbSignedDataMsg );
+		[UnmanagedFunctionPointer(CallingConvention.Winapi)]
+		[PInvokeData("mssip.h", MSDNShortId = "e3fabaa7-2dda-4c6c-8d1a-3ee5363e10b5")]
+		[return: MarshalAs(UnmanagedType.Bool)]
+		public delegate bool pCryptSIPGetSignedDataMsg(in SIP_SUBJECTINFO pSubjectInfo, out CertEncodingType pdwEncodingType, uint dwIndex, ref uint pcbSignedDataMsg, [Out] IntPtr pbSignedDataMsg);
+
+		/// <summary>The <c>CryptSIPPutSignedDataMsg</c> function stores an Authenticode signature in the target file.</summary>
+		/// <param name="pSubjectInfo">Pointer to a SIP_SUBJECTINFO structure that contains information about the message subject.</param>
+		/// <param name="dwEncodingType">
+		/// <para>The encoding type of the message. This can be a combination of one or more of the following values.</para>
+		/// <list type="table">
+		/// <listheader>
+		/// <term>Value</term>
+		/// <term>Meaning</term>
+		/// </listheader>
+		/// <item>
+		/// <term>PKCS_7_ASN_ENCODING 65536 (0x10000)</term>
+		/// <term>Specifies PKCS #7 message encoding.</term>
+		/// </item>
+		/// <item>
+		/// <term>X509_ASN_ENCODING 1 (0x1)</term>
+		/// <term>Specifies X.509 certificate encoding.</term>
+		/// </item>
+		/// </list>
+		/// </param>
+		/// <param name="pdwIndex">Pointer to the message index.</param>
+		/// <param name="cbSignedDataMsg">Length, in bytes, of the buffer pointed to by the pbSignedDataMsg parameter.</param>
+		/// <param name="pbSignedDataMsg">Pointer to the buffer that contains the message.</param>
+		/// <returns>
+		/// <para>If the function succeeds, the function returns <c>TRUE</c>.</para>
+		/// <para>
+		/// If the function fails, it returns <c>FALSE</c>. For extended error information, call GetLastError. Some possible error codes follow.
+		/// </para>
+		/// <list type="table">
+		/// <listheader>
+		/// <term>Return code</term>
+		/// <term>Description</term>
+		/// </listheader>
+		/// <item>
+		/// <term>ERROR_BAD_FORMAT</term>
+		/// <term>The specified data or file format of the subject interface package (SIP) is not valid.</term>
+		/// </item>
+		/// <item>
+		/// <term>ERROR_INVALID_PARAMETER</term>
+		/// <term>This code can be returned for the following reasons:</term>
+		/// </item>
+		/// <item>
+		/// <term>TRUST_E_SUBJECT_FORM_UNKNOWN</term>
+		/// <term>The specified subject type is not valid.</term>
+		/// </item>
+		/// </list>
+		/// </returns>
+		/// <remarks>
+		/// Each subject type uses a different subset of its data for hash calculation and requires a different procedure for storage and
+		/// retrieval. Therefore, each subject type has a unique SIP specification.
+		/// </remarks>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mssip/nf-mssip-cryptsipputsigneddatamsg BOOL CryptSIPPutSignedDataMsg( IN
+		// SIP_SUBJECTINFO *pSubjectInfo, IN DWORD dwEncodingType, OUT DWORD *pdwIndex, IN DWORD cbSignedDataMsg, IN BYTE *pbSignedDataMsg );
+		[UnmanagedFunctionPointer(CallingConvention.Winapi)]
+		[PInvokeData("mssip.h", MSDNShortId = "731f64bf-49f0-4799-b84a-9ca04292aa91")]
+		[return: MarshalAs(UnmanagedType.Bool)]
+		public delegate bool pCryptSIPPutSignedDataMsg(in SIP_SUBJECTINFO pSubjectInfo, CertEncodingType dwEncodingType, out uint pdwIndex, uint cbSignedDataMsg, [In] IntPtr pbSignedDataMsg);
+
+		/// <summary>The <c>CryptSIPRemoveSignedDataMsg</c> function removes a specified Authenticode signature.</summary>
+		/// <param name="pSubjectInfo">A pointer to a SIP_SUBJECTINFO structure that contains information about the message subject.</param>
+		/// <param name="dwIndex">This parameter is reserved and should be set to zero.</param>
+		/// <returns>
+		/// <para>If the function succeeds, the function returns <c>TRUE</c>.</para>
+		/// <para>If the function fails, it returns <c>FALSE</c>. For extended error information, call GetLastError.</para>
+		/// </returns>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mssip/nf-mssip-cryptsipremovesigneddatamsg BOOL CryptSIPRemoveSignedDataMsg(
+		// IN SIP_SUBJECTINFO *pSubjectInfo, IN DWORD dwIndex );
+		[UnmanagedFunctionPointer(CallingConvention.Winapi)]
+		[PInvokeData("mssip.h", MSDNShortId = "c3ea46bb-931a-4ca6-93f5-db7e07b4cb7a")]
+		[return: MarshalAs(UnmanagedType.Bool)]
+		public delegate bool pCryptSIPRemoveSignedDataMsg(in SIP_SUBJECTINFO pSubjectInfo, uint dwIndex = 0);
+
+		/// <summary>The <c>CryptSIPVerifyIndirectData</c> function validates the indirect hashed data against the supplied subject.</summary>
+		/// <param name="pSubjectInfo">A pointer to a SIP_SUBJECTINFO structure that contains information about the message subject.</param>
+		/// <param name="pIndirectData">A pointer to a SIP_INDIRECT_DATA structure that contains information about the hashed subject information.</param>
+		/// <returns>
+		/// <para>The return value is <c>TRUE</c> if the function succeeds; otherwise, <c>FALSE</c>.</para>
+		/// <para>
+		/// If this function returns <c>FALSE</c>, additional error information can be obtained by calling the GetLastError function.
+		/// <c>GetLastError</c> will return one of the following error codes.
+		/// </para>
+		/// <list type="table">
+		/// <listheader>
+		/// <term>Return code</term>
+		/// <term>Description</term>
+		/// </listheader>
+		/// <item>
+		/// <term>ERROR_INVALID_PARAMETER</term>
+		/// <term>One or more of the parameters are not valid.</term>
+		/// </item>
+		/// <item>
+		/// <term>TRUST_E_SUBJECT_FORM_UNKNOWN</term>
+		/// <term>The subject type is an unknown type.</term>
+		/// </item>
+		/// </list>
+		/// </returns>
+		/// <remarks>
+		/// Subjects include, but are not limited to, portable executable images (.exe), cabinet (.cab) images, flat files, and catalog
+		/// files. Each subject type uses a different subset of its data for hash calculation and requires a different procedure for storage
+		/// and retrieval. Therefore each subject type has a unique subject interface package specification.
+		/// </remarks>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mssip/nf-mssip-cryptsipverifyindirectdata BOOL CryptSIPVerifyIndirectData( IN
+		// SIP_SUBJECTINFO *pSubjectInfo, IN SIP_INDIRECT_DATA *pIndirectData );
+		[UnmanagedFunctionPointer(CallingConvention.Winapi)]
+		[PInvokeData("mssip.h", MSDNShortId = "137b8858-a31f-4ef6-96bd-c5e26ae7b3e8")]
+		[return: MarshalAs(UnmanagedType.Bool)]
+		public delegate bool pCryptSIPVerifyIndirectData(in SIP_SUBJECTINFO pSubjectInfo, in SIP_INDIRECT_DATA pIndirectData);
+
+		/// <summary>
+		/// The <c>pfnIsFileSupported</c> callback function queries the subject interface packages (SIPs) listed in the registry to
+		/// determine which SIP handles the file type.
+		/// </summary>
+		/// <param name="hFile">A handle to the file.</param>
+		/// <param name="pgSubject"/>
+		/// <returns>
+		/// <para>If the function succeeds, the function returns <c>TRUE</c>.</para>
+		/// <para>If the function fails, it returns <c>FALSE</c>. For extended error information, call GetLastError.</para>
+		/// </returns>
+		/// <remarks>
+		/// <para>
+		/// If the SIP supports the file type passed by hfile, the function returns <c>TRUE</c>, and sets pgSubject to the GUID that
+		/// identifies the SIP for handling the file type.
+		/// </para>
+		/// <para>
+		/// Each SIP implements its own version of the function that determines whether the file type is supported. The specific name of the
+		/// function may vary depending on the implementation of the SIP, but the signature of the function will match that of the
+		/// <c>pfnIsFileSupported</c> function. The function name is added to the registry by the CryptSIPAddProvider function, which takes
+		/// the function name as a parameter in the <c>pwszIsFunctionName</c> field of the SIP_ADD_NEWPROVIDER structure.
+		/// </para>
+		/// </remarks>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mssip/nc-mssip-pfnisfilesupported pfnIsFileSupported Pfnisfilesupported; BOOL
+		// Pfnisfilesupported( IN HANDLE hFile, OUT GUID *pgSubject ) {...}
+		[UnmanagedFunctionPointer(CallingConvention.Winapi)]
+		[PInvokeData("mssip.h", MSDNShortId = "cf12d057-328a-4975-b7e5-842c4ea2e760")]
+		[return: MarshalAs(UnmanagedType.Bool)]
+		public delegate bool pfnIsFileSupported(HFILE hFile, out Guid pgSubject);
+
+		/// <summary>
+		/// The <c>pfnIsFileSupportedName</c> callback function queries the subject interface packages (SIPs) listed in the registry to
+		/// determine which SIP handles the file type.
+		/// </summary>
+		/// <param name="pwszFileName"/>
+		/// <param name="pgSubject"/>
+		/// <returns>
+		/// The return value is <c>TRUE</c> if the function succeeds; <c>FALSE</c> if the function fails. If the function fails, call the
+		/// GetLastError function to determine the reason for failure.
+		/// </returns>
+		/// <remarks>
+		/// <para>
+		/// If the SIP supports the file type passed by hfile, the function returns <c>TRUE</c>, and sets pgSubject to the GUID that
+		/// identifies the SIP for handling the file type.
+		/// </para>
+		/// <para>
+		/// Each SIP implements its own version of the function that determines if the file type is supported. The specific name of the
+		/// function may vary depending on the implementation of the SIP, but the signature of the function will match that of the
+		/// <c>pfnIsFileSupportedName</c> function. The function name is added to the registry by the CryptSIPAddProvider function, which
+		/// takes the function name as parameter in the <c>pwszIsFunctionNameFmt2</c> field in the SIP_ADD_NEWPROVIDER structure.
+		/// </para>
+		/// </remarks>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mssip/nc-mssip-pfnisfilesupportedname pfnIsFileSupportedName
+		// Pfnisfilesupportedname; BOOL Pfnisfilesupportedname( IN WCHAR *pwszFileName, OUT GUID *pgSubject ) {...}
+		[UnmanagedFunctionPointer(CallingConvention.Winapi)]
+		[PInvokeData("mssip.h", MSDNShortId = "cc2304ef-c319-45eb-b2ec-7410510af213")]
+		[return: MarshalAs(UnmanagedType.Bool)]
+		public delegate bool pfnIsFileSupportedName([MarshalAs(UnmanagedType.LPWStr)] string pwszFileName, out Guid pgSubject);
+
+		/// <summary>
+		/// The <c>CryptSIPAddProvider</c> function registers functions that are exported by a given DLL file that implements a Subject
+		/// Interface Package (SIP).
+		/// </summary>
+		/// <param name="psNewProv">A pointer to a SIP_ADD_NEWPROVIDER structure that specifies the DLL file and function names to register.</param>
+		/// <returns>
+		/// The return value is <c>TRUE</c> if the function succeeds; <c>FALSE</c> if the function fails. If the function fails, call the
+		/// GetLastError function to determine the reason for failure.
+		/// </returns>
+		/// <remarks>
+		/// <para>
+		/// Typically, you call this function as part of an in-process COM server registration. The <c>CryptSIPAddProvider</c> function
+		/// persists the appropriate Registry entries for the SIP provider functions.
+		/// </para>
+		/// <para>When you have finished using the added SIP provider, remove it by calling the CryptSIPRemoveProvider function.</para>
+		/// </remarks>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mssip/nf-mssip-cryptsipaddprovider BOOL CryptSIPAddProvider( IN
+		// SIP_ADD_NEWPROVIDER *psNewProv );
+		[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
+		[PInvokeData("mssip.h", MSDNShortId = "99633c2f-e5ed-49e4-9c98-7501f66e5571")]
+		[return: MarshalAs(UnmanagedType.Bool)]
+		public static extern bool CryptSIPAddProvider([In] in SIP_ADD_NEWPROVIDER psNewProv);
+
+		/// <summary>
+		/// The <c>CryptSIPCreateIndirectData</c> function returns a SIP_INDIRECT_DATA structure that contains a hash of the supplied
+		/// SIP_SUBJECTINFO structure, the digest algorithm, and an encoding attribute. The hash can be used as an indirect reference to the data.
+		/// </summary>
+		/// <param name="pSubjectInfo">
+		/// A pointer to a SIP_SUBJECTINFO structure that contains the subject to which the indirect data reference will point.
+		/// </param>
+		/// <param name="pcbIndirectData">A pointer to a <c>DWORD</c> value to receive the size of the returned SIP_INDIRECT_DATA structure.</param>
+		/// <param name="pIndirectData">A pointer to a SIP_INDIRECT_DATA structure to receive the catalog item.</param>
+		/// <returns>
+		/// <para>The return value is <c>TRUE</c> if the function succeeds; otherwise, <c>FALSE</c>.</para>
+		/// <para>
+		/// If this function returns <c>FALSE</c>, additional error information can be obtained by calling the GetLastError function.
+		/// <c>GetLastError</c> will return one of the following error codes.
+		/// </para>
+		/// <list type="table">
+		/// <listheader>
+		/// <term>Return code</term>
+		/// <term>Description</term>
+		/// </listheader>
+		/// <item>
+		/// <term>ERROR_BAD_FORMAT</term>
+		/// <term>The file or data format is not correct for the specified subject interface package (SIP) type.</term>
+		/// </item>
+		/// <item>
+		/// <term>ERROR_INVALID_PARAMETER</term>
+		/// <term>One or more of the parameters are not valid.</term>
+		/// </item>
+		/// <item>
+		/// <term>ERROR_NOT_ENOUGH_MEMORY</term>
+		/// <term>There was an error allocating memory.</term>
+		/// </item>
+		/// <item>
+		/// <term>NTE_BAD_ALGID</term>
+		/// <term>The specified algorithm is not supported by the SIP.</term>
+		/// </item>
+		/// <item>
+		/// <term>TRUST_E_SUBJECT_FORM_UNKNOWN</term>
+		/// <term>The subject type is not recognized.</term>
+		/// </item>
+		/// </list>
+		/// </returns>
+		/// <remarks>
+		/// If pcbIndirectData points to a <c>DWORD</c> and pIndirectData points to <c>NULL</c>, the size of the data will be returned in pcbIndirectData.
+		/// </remarks>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mssip/nf-mssip-cryptsipcreateindirectdata BOOL CryptSIPCreateIndirectData( IN
+		// SIP_SUBJECTINFO *pSubjectInfo, IN OUT DWORD *pcbIndirectData, OUT SIP_INDIRECT_DATA *pIndirectData );
+		[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
+		[PInvokeData("mssip.h", MSDNShortId = "bb4ecc95-972f-415c-9722-59b00a27cddc")]
+		[return: MarshalAs(UnmanagedType.Bool)]
+		public static extern bool CryptSIPCreateIndirectData(in SIP_SUBJECTINFO pSubjectInfo, ref uint pcbIndirectData, IntPtr pIndirectData);
+
+		/// <summary>The <c>CryptSIPGetCaps</c> function retrieves the capabilities of a subject interface package (SIP).</summary>
+		/// <param name="pSubjInfo">Pointer to a SIP_SUBJECTINFO structure that specifies subject information data to the SIP APIs.</param>
+		/// <param name="pCaps">Pointer to a SIP_CAP_SET structure that defines the capabilities of an SIP.</param>
+		/// <returns>None</returns>
+		/// <remarks>
+		/// Unlike other SIP functions, <c>CryptSIPGetCaps</c> is not registered in the dispatch table. For more information, see the
+		/// SIP_DISPATCH_INFO structure. Instead, callers must map the object identifier (OID) to the function entry point.
+		/// </remarks>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mssip/nf-mssip-cryptsipgetcaps BOOL CryptSIPGetCaps( SIP_SUBJECTINFO
+		// *pSubjInfo, SIP_CAP_SET *pCaps );
+		[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
+		[PInvokeData("mssip.h", MSDNShortId = "F939F6D5-DDFE-478F-8FDD-8FA9FAB26010")]
+		[return: MarshalAs(UnmanagedType.Bool)]
+		public static extern bool CryptSIPGetCaps(in SIP_SUBJECTINFO pSubjInfo, ref SIP_CAP_SET_V2 pCaps);
+
+		/// <summary>The <c>CryptSIPGetCaps</c> function retrieves the capabilities of a subject interface package (SIP).</summary>
+		/// <param name="pSubjInfo">Pointer to a SIP_SUBJECTINFO structure that specifies subject information data to the SIP APIs.</param>
+		/// <param name="pCaps">Pointer to a SIP_CAP_SET structure that defines the capabilities of an SIP.</param>
+		/// <returns>None</returns>
+		/// <remarks>
+		/// Unlike other SIP functions, <c>CryptSIPGetCaps</c> is not registered in the dispatch table. For more information, see the
+		/// SIP_DISPATCH_INFO structure. Instead, callers must map the object identifier (OID) to the function entry point.
+		/// </remarks>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mssip/nf-mssip-cryptsipgetcaps BOOL CryptSIPGetCaps( SIP_SUBJECTINFO
+		// *pSubjInfo, SIP_CAP_SET *pCaps );
+		[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
+		[PInvokeData("mssip.h", MSDNShortId = "F939F6D5-DDFE-478F-8FDD-8FA9FAB26010")]
+		[return: MarshalAs(UnmanagedType.Bool)]
+		public static extern bool CryptSIPGetCaps(in SIP_SUBJECTINFO pSubjInfo, ref SIP_CAP_SET_V3 pCaps);
+
+		/// <summary>The <c>CryptSIPGetSignedDataMsg</c> function retrieves an Authenticode signature from the file.</summary>
+		/// <param name="pSubjectInfo">A pointer to a SIP_SUBJECTINFO structure that contains information about the message subject.</param>
+		/// <param name="pdwEncodingType">
+		/// <para>The encoding type of the Authenticode signature.</para>
+		/// <para>This parameter can be a combination of one or more of the following values.</para>
+		/// <list type="table">
+		/// <listheader>
+		/// <term>Value</term>
+		/// <term>Meaning</term>
+		/// </listheader>
+		/// <item>
+		/// <term>PKCS_7_ASN_ENCODING 65536 (0x10000)</term>
+		/// <term>Specifies PKCS #7 message encoding.</term>
+		/// </item>
+		/// <item>
+		/// <term>X509_ASN_ENCODING 1 (0x1)</term>
+		/// <term>Specifies X.509 certificate encoding.</term>
+		/// </item>
+		/// </list>
+		/// </param>
+		/// <param name="dwIndex">This parameter is reserved and should be set to zero.</param>
+		/// <param name="pcbSignedDataMsg">The length, in bytes, of the buffer pointed to by the pbSignedDataMsg parameter.</param>
+		/// <param name="pbSignedDataMsg">
+		/// <para>A pointer to a buffer to receive the returned Authenticode signature.</para>
+		/// <para>
+		/// To determine the size of the buffer needed, set the pbSignedDataMsg parameter to <c>NULL</c> and call the
+		/// <c>CryptSIPGetSignedDataMsg</c> function. This function will place the required size of the buffer, in bytes, in the value
+		/// pointed to by pcbSignedDataMsg. For more information, see Retrieving Data of Unknown Length.
+		/// </para>
+		/// </param>
+		/// <returns>
+		/// <para>If the function succeeds, the function returns <c>TRUE</c>.</para>
+		/// <para>
+		/// If the function fails, it returns <c>FALSE</c>. For extended error information, call GetLastError. Some possible error codes follow.
+		/// </para>
+		/// <list type="table">
+		/// <listheader>
+		/// <term>Return code</term>
+		/// <term>Description</term>
+		/// </listheader>
+		/// <item>
+		/// <term>CRYPT_E_NO_MATCH</term>
+		/// <term>The signature specified by the index could not be found.</term>
+		/// </item>
+		/// <item>
+		/// <term>ERROR_BAD_FORMAT</term>
+		/// <term>The specified data or file format of the subject interface package (SIP) is not valid.</term>
+		/// </item>
+		/// <item>
+		/// <term>ERROR_INVALID_PARAMETER</term>
+		/// <term>The pSubjectInfo parameter or the pgSubjectType member of the SIP_SUBJECTINFO structure is a null pointer.</term>
+		/// </item>
+		/// <item>
+		/// <term>ERROR_INSUFFICIENT_BUFFER</term>
+		/// <term>
+		/// The size of the message buffer was insufficient to hold the retrieved data, the pcbSignedDataMsgparameter has been set to
+		/// indicate the required buffer size.
+		/// </term>
+		/// </item>
+		/// <item>
+		/// <term>TRUST_E_SUBJECT_FORM_UNKNOWN</term>
+		/// <term>The specified subject type is not valid.</term>
+		/// </item>
+		/// </list>
+		/// </returns>
+		/// <remarks>
+		/// Subjects include, but are not limited to, portable executable images (.exe), cabinet (.cab) images, flat files, and catalog
+		/// files. Each subject type uses a different subset of its data for hash calculation and requires a different procedure for storage
+		/// and retrieval. Therefore, each subject type has a unique SIP specification.
+		/// </remarks>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mssip/nf-mssip-cryptsipgetsigneddatamsg BOOL CryptSIPGetSignedDataMsg( IN
+		// SIP_SUBJECTINFO *pSubjectInfo, OUT DWORD *pdwEncodingType, IN DWORD dwIndex, IN OUT DWORD *pcbSignedDataMsg, OUT BYTE
+		// *pbSignedDataMsg );
+		[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
+		[PInvokeData("mssip.h", MSDNShortId = "e3fabaa7-2dda-4c6c-8d1a-3ee5363e10b5")]
+		[return: MarshalAs(UnmanagedType.Bool)]
+		public static extern bool CryptSIPGetSignedDataMsg(in SIP_SUBJECTINFO pSubjectInfo, out CertEncodingType pdwEncodingType, uint dwIndex, ref uint pcbSignedDataMsg, [Out] IntPtr pbSignedDataMsg);
+
+		/// <summary>
+		/// The <c>CryptSIPLoad</c> function loads the dynamic-link library (DLL) that implements a subject interface package (SIP) and
+		/// assigns appropriate library export functions to a SIP_DISPATCH_INFO structure. The exported functions must have been previously
+		/// registered by calling the CryptSIPAddProvider function.
+		/// </summary>
+		/// <param name="pgSubject">A pointer to a GUID returned by calling the CryptSIPRetrieveSubjectGuid function.</param>
+		/// <param name="dwFlags">This parameter is reserved and must be set to zero.</param>
+		/// <param name="pSipDispatch">
+		/// A pointer to a SIP_DISPATCH_INFO structure that contains pointers to SIP provider functions that are specific to the subject
+		/// type. The caller must initialize this structure to binary zeros, and set the <c>cbSize</c> member to before calling the
+		/// <c>CryptSIPLoad</c> function.
+		/// </param>
+		/// <returns>
+		/// <para>If the function succeeds, the function returns <c>TRUE</c>.</para>
+		/// <para>If the function fails, it returns <c>FALSE</c>. For extended error information, call GetLastError.</para>
+		/// </returns>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mssip/nf-mssip-cryptsipload BOOL CryptSIPLoad( IN const GUID *pgSubject, IN
+		// DWORD dwFlags, IN OUT SIP_DISPATCH_INFO *pSipDispatch );
+		[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
+		[PInvokeData("mssip.h", MSDNShortId = "3378ecee-bd5d-45e5-9a1f-a3734d086782")]
+		[return: MarshalAs(UnmanagedType.Bool)]
+		public static extern bool CryptSIPLoad(in Guid pgSubject, [Optional] uint dwFlags, ref SIP_DISPATCH_INFO pSipDispatch);
+
+		/// <summary>The <c>CryptSIPPutSignedDataMsg</c> function stores an Authenticode signature in the target file.</summary>
+		/// <param name="pSubjectInfo">Pointer to a SIP_SUBJECTINFO structure that contains information about the message subject.</param>
+		/// <param name="dwEncodingType">
+		/// <para>The encoding type of the message. This can be a combination of one or more of the following values.</para>
+		/// <list type="table">
+		/// <listheader>
+		/// <term>Value</term>
+		/// <term>Meaning</term>
+		/// </listheader>
+		/// <item>
+		/// <term>PKCS_7_ASN_ENCODING 65536 (0x10000)</term>
+		/// <term>Specifies PKCS #7 message encoding.</term>
+		/// </item>
+		/// <item>
+		/// <term>X509_ASN_ENCODING 1 (0x1)</term>
+		/// <term>Specifies X.509 certificate encoding.</term>
+		/// </item>
+		/// </list>
+		/// </param>
+		/// <param name="pdwIndex">Pointer to the message index.</param>
+		/// <param name="cbSignedDataMsg">Length, in bytes, of the buffer pointed to by the pbSignedDataMsg parameter.</param>
+		/// <param name="pbSignedDataMsg">Pointer to the buffer that contains the message.</param>
+		/// <returns>
+		/// <para>If the function succeeds, the function returns <c>TRUE</c>.</para>
+		/// <para>
+		/// If the function fails, it returns <c>FALSE</c>. For extended error information, call GetLastError. Some possible error codes follow.
+		/// </para>
+		/// <list type="table">
+		/// <listheader>
+		/// <term>Return code</term>
+		/// <term>Description</term>
+		/// </listheader>
+		/// <item>
+		/// <term>ERROR_BAD_FORMAT</term>
+		/// <term>The specified data or file format of the subject interface package (SIP) is not valid.</term>
+		/// </item>
+		/// <item>
+		/// <term>ERROR_INVALID_PARAMETER</term>
+		/// <term>This code can be returned for the following reasons:</term>
+		/// </item>
+		/// <item>
+		/// <term>TRUST_E_SUBJECT_FORM_UNKNOWN</term>
+		/// <term>The specified subject type is not valid.</term>
+		/// </item>
+		/// </list>
+		/// </returns>
+		/// <remarks>
+		/// Each subject type uses a different subset of its data for hash calculation and requires a different procedure for storage and
+		/// retrieval. Therefore, each subject type has a unique SIP specification.
+		/// </remarks>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mssip/nf-mssip-cryptsipputsigneddatamsg BOOL CryptSIPPutSignedDataMsg( IN
+		// SIP_SUBJECTINFO *pSubjectInfo, IN DWORD dwEncodingType, OUT DWORD *pdwIndex, IN DWORD cbSignedDataMsg, IN BYTE *pbSignedDataMsg );
+		[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
+		[PInvokeData("mssip.h", MSDNShortId = "731f64bf-49f0-4799-b84a-9ca04292aa91")]
+		[return: MarshalAs(UnmanagedType.Bool)]
+		public static extern bool CryptSIPPutSignedDataMsg(in SIP_SUBJECTINFO pSubjectInfo, CertEncodingType dwEncodingType, out uint pdwIndex, uint cbSignedDataMsg, [In] IntPtr pbSignedDataMsg);
+
+		/// <summary>
+		/// The <c>CryptSIPRemoveProvider</c> function removes registry details of a Subject Interface Package (SIP) DLL file added by a
+		/// previous call to the CryptSIPAddProvider function.
+		/// </summary>
+		/// <param name="pgProv">A pointer to the GUID that identifies the SIP DLL to remove.</param>
+		/// <returns>
+		/// The return value is <c>TRUE</c> if the function succeeds; <c>FALSE</c> if the function fails. If the function fails, call the
+		/// GetLastError function to determine the reason for failure.
+		/// </returns>
+		/// <remarks>
+		/// Typically you call this function to unregister an in-process COM server. The <c>CryptSIPRemoveProvider</c> function removes the
+		/// appropriate Registry entries for the SIP provider functions.
+		/// </remarks>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mssip/nf-mssip-cryptsipremoveprovider BOOL CryptSIPRemoveProvider( IN GUID
+		// *pgProv );
+		[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
+		[PInvokeData("mssip.h", MSDNShortId = "0a269956-b2c7-414a-b002-7cec0d52bfd6")]
+		[return: MarshalAs(UnmanagedType.Bool)]
+		public static extern bool CryptSIPRemoveProvider(in Guid pgProv);
+
+		/// <summary>The <c>CryptSIPRemoveSignedDataMsg</c> function removes a specified Authenticode signature.</summary>
+		/// <param name="pSubjectInfo">A pointer to a SIP_SUBJECTINFO structure that contains information about the message subject.</param>
+		/// <param name="dwIndex">This parameter is reserved and should be set to zero.</param>
+		/// <returns>
+		/// <para>If the function succeeds, the function returns <c>TRUE</c>.</para>
+		/// <para>If the function fails, it returns <c>FALSE</c>. For extended error information, call GetLastError.</para>
+		/// </returns>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mssip/nf-mssip-cryptsipremovesigneddatamsg BOOL CryptSIPRemoveSignedDataMsg(
+		// IN SIP_SUBJECTINFO *pSubjectInfo, IN DWORD dwIndex );
+		[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
+		[PInvokeData("mssip.h", MSDNShortId = "c3ea46bb-931a-4ca6-93f5-db7e07b4cb7a")]
+		[return: MarshalAs(UnmanagedType.Bool)]
+		public static extern bool CryptSIPRemoveSignedDataMsg(in SIP_SUBJECTINFO pSubjectInfo, uint dwIndex = 0);
+
+		/// <summary>
+		/// The <c>CryptSIPRetrieveSubjectGuid</c> function retrieves a GUID based on the header information in a specified file. The GUID
+		/// is used by the CryptSIPLoad function to load the subject interface package (SIP) implementation for the given file type.
+		/// </summary>
+		/// <param name="FileName">The name of the file.</param>
+		/// <param name="hFileIn">A handle to the file to check.</param>
+		/// <param name="pgSubject">A GUID that identifies the subject.</param>
+		/// <returns>
+		/// <para>If the function succeeds, the function returns <c>TRUE</c>.</para>
+		/// <para>If the function fails, it returns <c>FALSE</c>. For extended error information, call GetLastError.</para>
+		/// </returns>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mssip/nf-mssip-cryptsipretrievesubjectguid BOOL CryptSIPRetrieveSubjectGuid(
+		// IN LPCWSTR FileName, IN HANDLE hFileIn, OUT GUID *pgSubject );
+		[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
+		[PInvokeData("mssip.h", MSDNShortId = "b81472bc-6d9c-4634-a378-e39786a0ca09")]
+		[return: MarshalAs(UnmanagedType.Bool)]
+		public static extern bool CryptSIPRetrieveSubjectGuid([MarshalAs(UnmanagedType.LPWStr)] string FileName, HFILE hFileIn, out Guid pgSubject);
+
+		/// <summary>
+		/// The <c>CryptSIPRetrieveSubjectGuidForCatalogFile</c> function retrieves the subject GUID associated with the specified file.
+		/// </summary>
+		/// <param name="FileName">The name of the file. If the hFileIn parameter is set, the value in this parameter is ignored.</param>
+		/// <param name="hFileIn">
+		/// A handle to the file to check. This parameter must contain a valid handle if the FileName parameter is <c>NULL</c>.
+		/// </param>
+		/// <param name="pgSubject">A globally unique ID that identifies the subject.</param>
+		/// <returns>
+		/// <para>The return value is <c>TRUE</c> if the function succeeds; otherwise, <c>FALSE</c>.</para>
+		/// <para>
+		/// If this function returns <c>FALSE</c>, additional error information can be obtained by calling the GetLastError function.
+		/// <c>GetLastError</c> will return one of the following error codes.
+		/// </para>
+		/// <list type="table">
+		/// <listheader>
+		/// <term>Return code</term>
+		/// <term>Description</term>
+		/// </listheader>
+		/// <item>
+		/// <term>ERROR_INVALID_PARAMETER</term>
+		/// <term>One or more of the parameters are not valid.</term>
+		/// </item>
+		/// </list>
+		/// </returns>
+		/// <remarks>
+		/// This function only supports subject interface packages (SIPs) that are used for portable executable images (.exe), cabinet
+		/// (.cab) images, and flat files.
+		/// </remarks>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mssip/nf-mssip-cryptsipretrievesubjectguidforcatalogfile BOOL
+		// CryptSIPRetrieveSubjectGuidForCatalogFile( IN LPCWSTR FileName, IN HANDLE hFileIn, OUT GUID *pgSubject );
+		[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
+		[PInvokeData("mssip.h", MSDNShortId = "7f757dc8-948c-476e-aca3-a9051e962ed4")]
+		[return: MarshalAs(UnmanagedType.Bool)]
+		public static extern bool CryptSIPRetrieveSubjectGuidForCatalogFile([MarshalAs(UnmanagedType.LPWStr)] string FileName, HFILE hFileIn, out Guid pgSubject);
+
+		/// <summary>The <c>CryptSIPVerifyIndirectData</c> function validates the indirect hashed data against the supplied subject.</summary>
+		/// <param name="pSubjectInfo">A pointer to a SIP_SUBJECTINFO structure that contains information about the message subject.</param>
+		/// <param name="pIndirectData">A pointer to a SIP_INDIRECT_DATA structure that contains information about the hashed subject information.</param>
+		/// <returns>
+		/// <para>The return value is <c>TRUE</c> if the function succeeds; otherwise, <c>FALSE</c>.</para>
+		/// <para>
+		/// If this function returns <c>FALSE</c>, additional error information can be obtained by calling the GetLastError function.
+		/// <c>GetLastError</c> will return one of the following error codes.
+		/// </para>
+		/// <list type="table">
+		/// <listheader>
+		/// <term>Return code</term>
+		/// <term>Description</term>
+		/// </listheader>
+		/// <item>
+		/// <term>ERROR_INVALID_PARAMETER</term>
+		/// <term>One or more of the parameters are not valid.</term>
+		/// </item>
+		/// <item>
+		/// <term>TRUST_E_SUBJECT_FORM_UNKNOWN</term>
+		/// <term>The subject type is an unknown type.</term>
+		/// </item>
+		/// </list>
+		/// </returns>
+		/// <remarks>
+		/// Subjects include, but are not limited to, portable executable images (.exe), cabinet (.cab) images, flat files, and catalog
+		/// files. Each subject type uses a different subset of its data for hash calculation and requires a different procedure for storage
+		/// and retrieval. Therefore each subject type has a unique subject interface package specification.
+		/// </remarks>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mssip/nf-mssip-cryptsipverifyindirectdata BOOL CryptSIPVerifyIndirectData( IN
+		// SIP_SUBJECTINFO *pSubjectInfo, IN SIP_INDIRECT_DATA *pIndirectData );
+		[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
+		[PInvokeData("mssip.h", MSDNShortId = "137b8858-a31f-4ef6-96bd-c5e26ae7b3e8")]
+		[return: MarshalAs(UnmanagedType.Bool)]
+		public static extern bool CryptSIPVerifyIndirectData(in SIP_SUBJECTINFO pSubjectInfo, in SIP_INDIRECT_DATA pIndirectData);
+
+		/// <summary>The <c>MS_ADDINFO_BLOB</c> structure provides additional information for in-memory BLOB subject types.</summary>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mssip/ns-mssip-ms_addinfo_blob typedef struct MS_ADDINFO_BLOB_ { DWORD
+		// cbStruct; DWORD cbMemObject; BYTE *pbMemObject; DWORD cbMemSignedMsg; BYTE *pbMemSignedMsg; } MS_ADDINFO_BLOB, *PMS_ADDINFO_BLOB;
+		[PInvokeData("mssip.h", MSDNShortId = "236c8778-0b80-4157-8a81-24712ebf9a77")]
+		[StructLayout(LayoutKind.Sequential)]
+		public struct MS_ADDINFO_BLOB
+		{
+			/// <summary>The size, in bytes, of this structure.</summary>
+			public uint cbStruct;
+
+			/// <summary>The size, in bytes, of the data in the pbMemObject member.</summary>
+			public uint cbMemObject;
+
+			/// <summary>A pointer to the in-memory BLOB subject.</summary>
+			public IntPtr pbMemObject;
+
+			/// <summary>The size, in bytes, of the data in the pbMemSignedMsg member.</summary>
+			public uint cbMemSignedMsg;
+
+			/// <summary>A pointer to the signed message.</summary>
+			public IntPtr pbMemSignedMsg;
+		}
+
+		/// <summary>The <c>MS_ADDINFO_CATALOGMEMBER</c> structure provides additional information for catalog member subject types.</summary>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mssip/ns-mssip-ms_addinfo_catalogmember typedef struct
+		// MS_ADDINFO_CATALOGMEMBER_ { DWORD cbStruct; struct CRYPTCATSTORE_ *pStore; struct CRYPTCATMEMBER_ *pMember; }
+		// MS_ADDINFO_CATALOGMEMBER, *PMS_ADDINFO_CATALOGMEMBER;
+		[PInvokeData("mssip.h", MSDNShortId = "40a00c8a-95e4-406c-b04e-0d29beb70d67")]
+		[StructLayout(LayoutKind.Sequential)]
+		public struct MS_ADDINFO_CATALOGMEMBER
+		{
+			/// <summary>The size, in bytes, of this structure.</summary>
+			public uint cbStruct;
+
+			/// <summary>A CRYPTCATSTORE structure that contains a catalog file store.</summary>
+			public IntPtr pStore;
+
+			/// <summary>A CRYPTCATMEMBER structure that contains a catalog member.</summary>
+			public IntPtr pMember;
+		}
+
+		/// <summary>The <c>MS_ADDINFO_FLAT</c> structure provides additional information about flat or end-to-end subject types.</summary>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mssip/ns-mssip-ms_addinfo_flat typedef struct MS_ADDINFO_FLAT_ { DWORD
+		// cbStruct; struct SIP_INDIRECT_DATA_ *pIndirectData; } MS_ADDINFO_FLAT, *PMS_ADDINFO_FLAT;
+		[PInvokeData("mssip.h", MSDNShortId = "9f5bebd1-8eda-456d-9339-3334a19c0ea4")]
+		[StructLayout(LayoutKind.Sequential)]
+		public struct MS_ADDINFO_FLAT
+		{
+			/// <summary>The size, in bytes, of this structure.</summary>
+			public uint cbStruct;
+
+			/// <summary>A SIP_INDIRECT_DATA structure that contains the hash of a flat file subject.</summary>
+			public IntPtr pIndirectData;
+		}
+
+		/// <summary>
+		/// The <c>SIP_ADD_NEWPROVIDER</c> structure defines a subject interface package (SIP). This structure is used by the
+		/// CryptSIPAddProvider function.
+		/// </summary>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mssip/ns-mssip-sip_add_newprovider typedef struct SIP_ADD_NEWPROVIDER_ { DWORD
+		// cbStruct; GUID *pgSubject; WCHAR *pwszDLLFileName; WCHAR *pwszMagicNumber; WCHAR *pwszIsFunctionName; WCHAR *pwszGetFuncName;
+		// WCHAR *pwszPutFuncName; WCHAR *pwszCreateFuncName; WCHAR *pwszVerifyFuncName; WCHAR *pwszRemoveFuncName; WCHAR
+		// *pwszIsFunctionNameFmt2; PWSTR pwszGetCapFuncName; } SIP_ADD_NEWPROVIDER, *PSIP_ADD_NEWPROVIDER;
+		[PInvokeData("mssip.h", MSDNShortId = "5ca88c0c-a7c9-4517-a874-49d38c1bc7c3")]
+		[StructLayout(LayoutKind.Sequential)]
+		public struct SIP_ADD_NEWPROVIDER
+		{
+			/// <summary>The size, in bytes, of this structure. Set this value to .</summary>
+			public uint cbStruct;
+
+			/// <summary>Pointer to the GUID that identifies the SIP.</summary>
+			public GuidPtr pgSubject;
+
+			/// <summary>Pointer to a null-terminated string that contains the name of the DLL file.</summary>
+			[MarshalAs(UnmanagedType.LPWStr)] public string pwszDLLFileName;
+
+			/// <summary>This member is not used.</summary>
+			[MarshalAs(UnmanagedType.LPWStr)] public string pwszMagicNumber;
+
+			/// <summary>
+			/// Pointer to a null-terminated string that contains the name of the function that determines whether the file contents are
+			/// supported by this SIP. This member can be <c>NULL</c>. The signature for this function pointer is described in pfnIsFileSupported.
+			/// </summary>
+			[MarshalAs(UnmanagedType.LPWStr)] public string pwszIsFunctionName;
+
+			/// <summary>
+			/// Pointer to a null-terminated string that contains the name of the function that retrieves the signed data. The signature for
+			/// this function pointer is described in CryptSIPGetSignedDataMsg.
+			/// </summary>
+			[MarshalAs(UnmanagedType.LPWStr)] public string pwszGetFuncName;
+
+			/// <summary>
+			/// Pointer to a null-terminated string that contains the name of the function that stores the Authenticode signature in the
+			/// target file. The signature for this function pointer is described in CryptSIPPutSignedDataMsg.
+			/// </summary>
+			[MarshalAs(UnmanagedType.LPWStr)] public string pwszPutFuncName;
+
+			/// <summary>
+			/// Pointer to a null-terminated string that contains the name of the function that creates the hash. The signature for this
+			/// function pointer is described in CryptSIPCreateIndirectData.
+			/// </summary>
+			[MarshalAs(UnmanagedType.LPWStr)] public string pwszCreateFuncName;
+
+			/// <summary>
+			/// Pointer to a null-terminated string that contains the name of the function that verifies the hash. The signature for this
+			/// function pointer is described in CryptSIPVerifyIndirectData.
+			/// </summary>
+			[MarshalAs(UnmanagedType.LPWStr)] public string pwszVerifyFuncName;
+
+			/// <summary>
+			/// Pointer to a null-terminated string that contains the name of the function that removes the signed data. The signature for
+			/// this function pointer is described in CryptSIPRemoveSignedDataMsg.
+			/// </summary>
+			[MarshalAs(UnmanagedType.LPWStr)] public string pwszRemoveFuncName;
+
+			/// <summary>
+			/// Pointer to a null-terminated string that contains the name of the function that determines whether the file name extension
+			/// is supported by this SIP. This member can be <c>NULL</c>. The signature for this function pointer is described in pfnIsFileSupportedName.
+			/// </summary>
+			[MarshalAs(UnmanagedType.LPWStr)] public string pwszIsFunctionNameFmt2;
+
+			/// <summary>
+			/// <para>
+			/// Pointer to a null-terminated string that contains the name of the function that determines the capabilities of the SIP. If
+			/// this parameter is set to <c>NULL</c>, multiple signatures are not available for this SIP. The signature for this function
+			/// pointer is described in pCryptSIPGetCaps.
+			/// </para>
+			/// <para>
+			/// <c>Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Vista, Windows Server 2003 and Windows XP:</c> This
+			/// member is not available.
+			/// </para>
+			/// </summary>
+			[MarshalAs(UnmanagedType.LPWStr)] public string pwszGetCapFuncName;
+		}
+
+		/// <summary>The <c>SIP_CAP_SET</c> structure defines the capabilities of a subject interface package (SIP).</summary>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mssip/ns-mssip-sip_cap_set_v2 typedef struct _SIP_CAP_SET_V2 { DWORD cbSize;
+		// DWORD dwVersion; BOOL isMultiSign; DWORD dwReserved; } SIP_CAP_SET_V2, *PSIP_CAP_SET_V2;
+		[PInvokeData("mssip.h", MSDNShortId = "0B6D173B-0183-4A7C-BB92-2D451F746164")]
+		[StructLayout(LayoutKind.Sequential)]
+		public struct SIP_CAP_SET_V2
+		{
+			/// <summary>Size, in bytes, of this structure.</summary>
+			public uint cbSize;
+
+			/// <summary>The SIP version. By default, this value is two (2).</summary>
+			public uint dwVersion;
+
+			/// <summary>
+			/// A value of one (1) indicates that the SIP supports multiple embedded signatures. Otherwise, set this value to zero (0).
+			/// </summary>
+			[MarshalAs(UnmanagedType.Bool)] public bool isMultiSign;
+
+			/// <summary>Reserved for future use. Set this value to zero (0).</summary>
+			public uint dwReserved;
+		}
+
+		/// <summary>The <c>SIP_CAP_SET</c> structure defines the capabilities of a subject interface package (SIP).</summary>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mssip/ns-mssip-sip_cap_set_v3 typedef struct _SIP_CAP_SET_V3 { DWORD cbSize;
+		// DWORD dwVersion; BOOL isMultiSign; union { DWORD dwFlags; DWORD dwReserved; }; } SIP_CAP_SET_V3, *PSIP_CAP_SET_V3;
+		[PInvokeData("mssip.h", MSDNShortId = "0B6D173B-0183-4A7C-BB92-2D451F746164")]
+		[StructLayout(LayoutKind.Sequential)]
+		public struct SIP_CAP_SET_V3
+		{
+			/// <summary>Size, in bytes, of this structure.</summary>
+			public uint cbSize;
+
+			/// <summary>The SIP version. By default, this value is two (2).</summary>
+			public uint dwVersion;
+
+			/// <summary>
+			/// A value of one (1) indicates that the SIP supports multiple embedded signatures. Otherwise, set this value to zero (0).
+			/// </summary>
+			[MarshalAs(UnmanagedType.Bool)] public bool isMultiSign;
+
+			/// <summary/>
+			public uint dwFlags;
+
+			/// <summary>Reserved for future use. Set this value to zero (0).</summary>
+			public uint dwReserved;
+		}
+
+		/// <summary>
+		/// The <c>SIP_DISPATCH_INFO</c> structure contains a set of function pointers assigned by the CryptSIPLoad function that your
+		/// application uses to perform subject interface package (SIP) operations.
+		/// </summary>
+		/// <remarks>
+		/// Your application must initialize this structure to binary zeros and set <c>cbSize</c> to by calling the memset function before
+		/// calling the CryptSIPLoad function. Your application can use the function pointers in the returned <c>SIP_DISPATCH_INFO</c>
+		/// structure to perform the necessary SIP operations. The function pointers can point to functions exported by third party SIPs.
+		/// </remarks>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mssip/ns-mssip-sip_dispatch_info typedef struct SIP_DISPATCH_INFO_ { DWORD
+		// cbSize; HANDLE hSIP; pCryptSIPGetSignedDataMsg pfGet; pCryptSIPPutSignedDataMsg pfPut; pCryptSIPCreateIndirectData pfCreate;
+		// pCryptSIPVerifyIndirectData pfVerify; pCryptSIPRemoveSignedDataMsg pfRemove; } SIP_DISPATCH_INFO, *LPSIP_DISPATCH_INFO;
+		[PInvokeData("mssip.h", MSDNShortId = "d34b5081-0af8-4dcc-8133-a91d0603d419")]
+		[StructLayout(LayoutKind.Sequential)]
+		public struct SIP_DISPATCH_INFO
+		{
+			/// <summary>The size, in bytes, of this structure.</summary>
+			public uint cbSize;
+
+			/// <summary>This member is reserved and must be set to <c>NULL</c>.</summary>
+			public HANDLE hSIP;
+
+			/// <summary>
+			/// A pointer to the function that retrieves the signed data for the subject. The signature for this function pointer is
+			/// described in CryptSIPGetSignedDataMsg.
+			/// </summary>
+			public pCryptSIPGetSignedDataMsg pfGet;
+
+			/// <summary>
+			/// A pointer to the function that stores the signed data for the subject. The signature for this function pointer is described
+			/// in CryptSIPPutSignedDataMsg.
+			/// </summary>
+			public pCryptSIPPutSignedDataMsg pfPut;
+
+			/// <summary>
+			/// A pointer to the function that returns a SIP_INDIRECT_DATA structure that contains the subject data. This structure contains
+			/// the hash of the target. The signature for this function pointer is described in CryptSIPCreateIndirectData.
+			/// </summary>
+			public pCryptSIPCreateIndirectData pfCreate;
+
+			/// <summary>
+			/// A pointer to the function that verifies the SIP_INDIRECT_DATA structure that contains the subject data. This structure
+			/// contains the hash of the target. The signature for this function pointer is described in CryptSIPVerifyIndirectData.
+			/// </summary>
+			public pCryptSIPVerifyIndirectData pfVerify;
+
+			/// <summary>
+			/// A pointer to the function that removes the signed data for the subject. The signature for this function pointer is described
+			/// in CryptSIPRemoveSignedDataMsg.
+			/// </summary>
+			public pCryptSIPRemoveSignedDataMsg pfRemove;
+		}
+
+		/// <summary>The <c>SIP_INDIRECT_DATA</c> structure contains the digest of the hashed subject information.</summary>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mssip/ns-mssip-sip_indirect_data typedef struct SIP_INDIRECT_DATA_ {
+		// CRYPT_ATTRIBUTE_TYPE_VALUE Data; CRYPT_ALGORITHM_IDENTIFIER DigestAlgorithm; CRYPT_HASH_BLOB Digest; } SIP_INDIRECT_DATA, *PSIP_INDIRECT_DATA;
+		[PInvokeData("mssip.h", MSDNShortId = "d34b599b-fe49-47c4-bb52-73ee14d73253")]
+		[StructLayout(LayoutKind.Sequential)]
+		public struct SIP_INDIRECT_DATA
+		{
+			/// <summary>A CRYPT_ATTRIBUTE_TYPE_VALUE structure used to encode the attribute.</summary>
+			public CRYPT_ATTRIBUTE_TYPE_VALUE Data;
+
+			/// <summary>A CRYPT_ALGORITHM_IDENTIFIER structure that contains the digest algorithm to use to create the hash.</summary>
+			public CRYPT_ALGORITHM_IDENTIFIER DigestAlgorithm;
+
+			/// <summary>
+			/// A CRYPT_HASH_BLOB structure that contains the hash of the subject. For information about <c>CRYPT_HASH_BLOB</c>, see <c>CRYPT_INTEGER_BLOB</c>.
+			/// </summary>
+			public CRYPTOAPI_BLOB Digest;
+		}
+
+		/// <summary>The <c>SIP_SUBJECTINFO</c> structure specifies subject information data to the subject interface package (SIP) APIs.</summary>
+		/// <remarks>
+		/// <para>
+		/// Upon first use of the <c>SIP_SUBJECTINFO</c> structure, initialize the entire structure to binary zero. Do not initialize the
+		/// structure between SIP function calls.
+		/// </para>
+		/// <para>
+		/// Subjects include, but are not limited to, portable executable images (.exe), cabinet (.cab) images, flat files, and catalog
+		/// files. Each subject type uses a different subset of its data for hash calculation and requires a different procedure for storage
+		/// and retrieval. Therefore each subject type has a unique subject interface package specification.
+		/// </para>
+		/// </remarks>
+		// https://docs.microsoft.com/en-us/windows/win32/api/mssip/ns-mssip-sip_subjectinfo typedef struct SIP_SUBJECTINFO_ { DWORD cbSize;
+		// GUID *pgSubjectType; HANDLE hFile; LPCWSTR pwsFileName; LPCWSTR pwsDisplayName; DWORD dwReserved1; DWORD dwIntVersion; HCRYPTPROV
+		// hProv; CRYPT_ALGORITHM_IDENTIFIER DigestAlgorithm; DWORD dwFlags; DWORD dwEncodingType; DWORD dwReserved2; DWORD fdwCAPISettings;
+		// DWORD fdwSecuritySettings; DWORD dwIndex; DWORD dwUnionChoice; union { #if ... MS_ADDINFO_FLAT_ *psFlat; #else struct
+		// MS_ADDINFO_FLAT_ *psFlat; #endif #if ... MS_ADDINFO_CATALOGMEMBER_ *psCatMember; #else struct MS_ADDINFO_CATALOGMEMBER_
+		// *psCatMember; #endif #if ... MS_ADDINFO_BLOB_ *psBlob; #else struct MS_ADDINFO_BLOB_ *psBlob; #endif }; LPVOID pClientData; }
+		// SIP_SUBJECTINFO, *LPSIP_SUBJECTINFO;
+		[PInvokeData("mssip.h", MSDNShortId = "6274cd08-d67f-410d-9303-3a42b7f1edc6")]
+		[StructLayout(LayoutKind.Sequential)]
+		public struct SIP_SUBJECTINFO
+		{
+			/// <summary>The size, in bytes, of this structure.</summary>
+			public uint cbSize;
+
+			/// <summary>A pointer to a <c>GUID</c> structure that identifies the subject type.</summary>
+			public GuidPtr pgSubjectType;
+
+			/// <summary>
+			/// A file handle that represents the subject. If the storage type of the subject is a file, set hFile to
+			/// <c>INVALID_HANDLE_VALUE</c> and set the pwsFileName parameter to the name of the file.
+			/// </summary>
+			public HFILE hFile;
+
+			/// <summary>A pointer to a null-terminated Unicode string that contains the file name of the subject.</summary>
+			[MarshalAs(UnmanagedType.LPWStr)] public string pwsFileName;
+
+			/// <summary>A pointer to a null-terminated Unicode string that contains the display name of the subject.</summary>
+			[MarshalAs(UnmanagedType.LPWStr)] public string pwsDisplayName;
+
+			/// <summary>This member is reserved for future use.</summary>
+			public uint dwReserved1;
+
+			/// <summary>
+			/// This member is reserved. Do not modify this member. It is used by the SIP to pass the internal version number between get
+			/// and verify functions.
+			/// </summary>
+			public uint dwIntVersion;
+
+			/// <summary>An HCRYPTPROV handle to the cryptography provider.</summary>
+			public HCRYPTPROV hProv;
+
+			/// <summary>
+			/// A CRYPT_ALGORITHM_IDENTIFIER structure that contains the identifier for the hash algorithm used to hash the file.
+			/// </summary>
+			public CRYPT_ALGORITHM_IDENTIFIER DigestAlgorithm;
+
+			/// <summary>
+			/// A value that modifies the behavior of the functions that use this structure. For more information about possible values for
+			/// this member, see the dwFlags parameter of SignerSignEx.
+			/// </summary>
+			public uint dwFlags;
+
+			/// <summary>
+			/// A value that specifies the encoding type used for the file. Currently, only <c>X509_ASN_ENCODING</c> and
+			/// <c>PKCS_7_ASN_ENCODING</c> are being used; however, additional encoding types may be added in the future. For either current
+			/// encoding type, use: <c>X509_ASN_ENCODING</c> | <c>PKCS_7_ASN_ENCODING</c>.
+			/// </summary>
+			public CertEncodingType dwEncodingType;
+
+			/// <summary>This member is reserved for future use.</summary>
+			public uint dwReserved2;
+
+			/// <summary>This member is not used.</summary>
+			public uint fdwCAPISettings;
+
+			/// <summary>This member is not used.</summary>
+			public uint fdwSecuritySettings;
+
+			/// <summary>The message index of the last call to <c>CryptSIPGetSignedDataMsg</c>. operation.</summary>
+			public uint dwIndex;
+
+			/// <summary>
+			/// <para>Specifies the type of additional information provided.</para>
+			/// <list type="table">
+			/// <listheader>
+			/// <term>Defined constant/value</term>
+			/// <term>Meaning</term>
+			/// </listheader>
+			/// <item>
+			/// <term>MSSIP_ADDINFO_NONE 0</term>
+			/// <term>There is no additional information about the subject.</term>
+			/// </item>
+			/// <item>
+			/// <term>MSSIP_ADDINFO_FLAT 1</term>
+			/// <term>The additional information is a flat file.</term>
+			/// </item>
+			/// <item>
+			/// <term>MSSIP_ADDINFO_CATMEMBER 2</term>
+			/// <term>The additional information is a catalog member.</term>
+			/// </item>
+			/// <item>
+			/// <term>MSSIP_ADDINFO_BLOB 3</term>
+			/// <term>The additional information is a BLOB.</term>
+			/// </item>
+			/// <item>
+			/// <term>MSSIP_ADDINFO_NONMSSIP 500</term>
+			/// <term>The additional information is in a user defined format.</term>
+			/// </item>
+			/// </list>
+			/// </summary>
+			public uint dwUnionChoice;
+
+			/// <summary>A pointer to either a MS_ADDINFO_FLAT, MS_ADDINFO_CATALOGMEMBER, or MS_ADDINFO_BLOB structure.</summary>
+			public IntPtr pUnionData;
+
+			/// <summary>A pointer to SIP-specific data.</summary>
+			public IntPtr pClientData;
+		}
 	}
 }
\ No newline at end of file
diff --git a/PInvoke/WinTrust/WinTrust.cs b/PInvoke/WinTrust/WinTrust.cs
index f4161f01..bdfa4760 100644
--- a/PInvoke/WinTrust/WinTrust.cs
+++ b/PInvoke/WinTrust/WinTrust.cs
@@ -9,6 +9,30 @@ namespace Vanara.PInvoke
 {
 	public static partial class WinTrust
 	{
+		/// <summary>Confidence values.</summary>
+		[PInvokeData("wintrust.h", MSDNShortId = "622e7a72-445a-4820-b236-1c90dad08351")]
+		[Flags]
+		public enum CertConfidence
+		{
+			/// <summary>The signature of the certificate is valid.</summary>
+			CERT_CONFIDENCE_SIG = 0x10000000,
+
+			/// <summary>The time of the certificate issuer is valid.</summary>
+			CERT_CONFIDENCE_TIME = 0x01000000,
+
+			/// <summary>The time of the certificate is valid.</summary>
+			CERT_CONFIDENCE_TIMENEST = 0x00100000,
+
+			/// <summary>The authority ID extension is valid.</summary>
+			CERT_CONFIDENCE_AUTHIDEXT = 0x00010000,
+
+			/// <summary>At a minimum, the signature of the certificate and authority ID extension are valid.</summary>
+			CERT_CONFIDENCE_HYGIENE = 0x00001000,
+
+			/// <summary>A combination of all of the other confidence values.</summary>
+			CERT_CONFIDENCE_HIGHEST = 0x11111000,
+		}
+
 		/// <summary>Action to perform.</summary>
 		[PInvokeData("wintrust.h", MSDNShortId = "B2ED5489-792F-4B00-A21E-EE1B1462D1C8")]
 		public enum DWACTION
@@ -83,9 +107,10 @@ namespace Vanara.PInvoke
 		public enum WTD_REVOKE
 		{
 			/// <summary>
-			/// No additional revocation checking will be done when the WTD_REVOKE_NONE flag is used in conjunction with the HTTPSPROV_ACTION
-			/// value set in the pgActionID parameter of the WinVerifyTrust function. To ensure the WinVerifyTrust function does not attempt
-			/// any network retrieval when verifying code signatures, WTD_CACHE_ONLY_URL_RETRIEVAL must be set in the dwProvFlags parameter.
+			/// No additional revocation checking will be done when the WTD_REVOKE_NONE flag is used in conjunction with the
+			/// HTTPSPROV_ACTION value set in the pgActionID parameter of the WinVerifyTrust function. To ensure the WinVerifyTrust function
+			/// does not attempt any network retrieval when verifying code signatures, WTD_CACHE_ONLY_URL_RETRIEVAL must be set in the
+			/// dwProvFlags parameter.
 			/// </summary>
 			WTD_REVOKE_NONE = 0x00000000,
 
@@ -134,8 +159,8 @@ namespace Vanara.PInvoke
 			WTD_NO_IE4_CHAIN_FLAG = 0x00000002,
 
 			/// <summary>
-			/// The default verification of the policy provider, such as code signing for Authenticode, is not performed, and the certificate
-			/// is assumed valid for all usages.
+			/// The default verification of the policy provider, such as code signing for Authenticode, is not performed, and the
+			/// certificate is assumed valid for all usages.
 			/// </summary>
 			WTD_NO_POLICY_USAGE_FLAG = 0x00000004,
 
@@ -181,9 +206,9 @@ namespace Vanara.PInvoke
 			WTD_DISABLE_MD2_MD4 = 0x00002000,
 
 			/// <summary>
-			/// If this flag is specified it is assumed that the file being verified has been downloaded from the web and has the Mark of the
-			/// Web attribute. Policies that are meant to apply to Mark of the Web files will be enforced. <note>Note This flag is supported
-			/// on Windows 8.1 and later operating systems or on systems that have installed KB2862966.</note>
+			/// If this flag is specified it is assumed that the file being verified has been downloaded from the web and has the Mark of
+			/// the Web attribute. Policies that are meant to apply to Mark of the Web files will be enforced. <note>Note This flag is
+			/// supported on Windows 8.1 and later operating systems or on systems that have installed KB2862966.</note>
 			/// </summary>
 			WTD_MOTW = 0x00004000,
 
@@ -209,8 +234,8 @@ namespace Vanara.PInvoke
 		}
 
 		/// <summary>
-		/// A DWORD value that specifies the user interface context for the WinVerifyTrust function. This causes the text in the Authenticode
-		/// dialog box to match the action taken on the file.
+		/// A DWORD value that specifies the user interface context for the WinVerifyTrust function. This causes the text in the
+		/// Authenticode dialog box to match the action taken on the file.
 		/// </summary>
 		[PInvokeData("wintrust.h", MSDNShortId = "8fb68f44-6f69-4eac-90de-02689e3e86cf")]
 		public enum WTD_UICONTEXT
@@ -298,8 +323,8 @@ namespace Vanara.PInvoke
 		/// <item>
 		/// <term>WT_TRUSTDBDIALOG_ONLY_PUB_TAB_FLAG 2 (0x2)</term>
 		/// <term>
-		/// Only display the Trusted Publisher tab. By default, all of the user interface tabs are displayed and the Trusted Publisher tab is
-		/// initially selected.
+		/// Only display the Trusted Publisher tab. By default, all of the user interface tabs are displayed and the Trusted Publisher tab
+		/// is initially selected.
 		/// </term>
 		/// </item>
 		/// </list>
@@ -705,8 +730,8 @@ namespace Vanara.PInvoke
 
 		/// <summary>
 		/// <para>
-		/// The <c>WinVerifyTrust</c> function performs a trust verification action on a specified object. The function passes the inquiry to
-		/// a trust provider that supports the action identifier, if one exists.
+		/// The <c>WinVerifyTrust</c> function performs a trust verification action on a specified object. The function passes the inquiry
+		/// to a trust provider that supports the action identifier, if one exists.
 		/// </para>
 		/// <para>For certificate verification, use the CertGetCertificateChain and CertVerifyCertificateChainPolicy functions.</para>
 		/// </summary>
@@ -732,8 +757,8 @@ namespace Vanara.PInvoke
 		/// <item>
 		/// <term>A valid window handle</term>
 		/// <term>
-		/// A trust provider can treat any value other than INVALID_HANDLE_VALUE or zero as a valid window handle that it can use to interact
-		/// with the user.
+		/// A trust provider can treat any value other than INVALID_HANDLE_VALUE or zero as a valid window handle that it can use to
+		/// interact with the user.
 		/// </term>
 		/// </item>
 		/// </list>
@@ -813,9 +838,9 @@ namespace Vanara.PInvoke
 		/// from the trust provider.
 		/// </para>
 		/// <para>
-		/// For example, a trust provider might indicate that the subject is not trusted, or is trusted but with limitations or warnings. The
-		/// return value can be a trust-provider-specific value described in the documentation for an individual trust provider, or it can be
-		/// one of the following error codes.
+		/// For example, a trust provider might indicate that the subject is not trusted, or is trusted but with limitations or warnings.
+		/// The return value can be a trust-provider-specific value described in the documentation for an individual trust provider, or it
+		/// can be one of the following error codes.
 		/// </para>
 		/// <list type="table">
 		/// <listheader>
@@ -853,16 +878,16 @@ namespace Vanara.PInvoke
 		/// </para>
 		/// <para>
 		/// For example, the Software Publisher Trust Provider can verify that an executable image file comes from a trusted software
-		/// publisher and that the file has not been modified since it was published. In this case, the pWinTrustData parameter specifies the
-		/// name of the file and the type of file, such as a Microsoft Portable Executable image file.
+		/// publisher and that the file has not been modified since it was published. In this case, the pWinTrustData parameter specifies
+		/// the name of the file and the type of file, such as a Microsoft Portable Executable image file.
 		/// </para>
 		/// <para>
 		/// Each trust provider supports a specific set of actions that it can evaluate. Each action has a GUID that identifies it. A trust
 		/// provider can support any number of action identifiers, but two trust providers cannot support the same action identifier.
 		/// </para>
 		/// <para>
-		/// For an example that demonstrates how to use this function to verify the signature of a portable executable (PE) file, see Example
-		/// C Program: Verifying the Signature of a PE File.
+		/// For an example that demonstrates how to use this function to verify the signature of a portable executable (PE) file, see
+		/// Example C Program: Verifying the Signature of a PE File.
 		/// </para>
 		/// </remarks>
 		// https://docs.microsoft.com/en-us/windows/desktop/api/wintrust/nf-wintrust-winverifytrust LONG WinVerifyTrust( HWND hwnd, GUID
@@ -874,8 +899,9 @@ namespace Vanara.PInvoke
 		/// <summary>
 		/// <para>
 		/// The <c>WinVerifyTrustEx</c> function performs a trust verification action on a specified object and takes a pointer to a
-		/// WINTRUST_DATA structure. The function passes the inquiry to a trust provider, if one exists, that supports the action identifier.
-		/// This function has no associated import library. You must use the LoadLibrary and GetProcAddress functions to dynamically link to Wintrust.dll.
+		/// WINTRUST_DATA structure. The function passes the inquiry to a trust provider, if one exists, that supports the action
+		/// identifier. This function has no associated import library. You must use the LoadLibrary and GetProcAddress functions to
+		/// dynamically link to Wintrust.dll.
 		/// </para>
 		/// <para>For certificate verification, use the CertGetCertificateChain and CertVerifyCertificateChainPolicy functions.</para>
 		/// </summary>
@@ -901,8 +927,8 @@ namespace Vanara.PInvoke
 		/// <item>
 		/// <term>A valid window handle</term>
 		/// <term>
-		/// A trust provider can treat any value other than INVALID_HANDLE_VALUE or zero as a valid window handle that it can use to interact
-		/// with the user.
+		/// A trust provider can treat any value other than INVALID_HANDLE_VALUE or zero as a valid window handle that it can use to
+		/// interact with the user.
 		/// </term>
 		/// </item>
 		/// </list>
@@ -983,9 +1009,9 @@ namespace Vanara.PInvoke
 		/// Otherwise, the function returns a status code from the trust provider.
 		/// </para>
 		/// <para>
-		/// For example, a trust provider might indicate that the subject is not trusted, or is trusted but with limitations or warnings. The
-		/// return value can be a trust provider–specific value described in the documentation for an individual trust provider, or it can be
-		/// one of the following error codes.
+		/// For example, a trust provider might indicate that the subject is not trusted, or is trusted but with limitations or warnings.
+		/// The return value can be a trust provider–specific value described in the documentation for an individual trust provider, or it
+		/// can be one of the following error codes.
 		/// </para>
 		/// <list type="table">
 		/// <listheader>
@@ -1026,9 +1052,9 @@ namespace Vanara.PInvoke
 		/// and CertVerifyCertificateChainPolicy functions. For Microsoft Authenticode technology signature verification, use the .NET Framework.]
 		/// </para>
 		/// <para>
-		/// The <c>WTHelperCertCheckValidSignature</c> function checks whether a signature is valid. It can be used by trust providers to get
-		/// an initial assessment of the validity of a signature before calling the function pointed to by the <c>pfnFinalPolicy</c> member
-		/// of a CRYPT_PROVIDER_FUNCTIONS structure.
+		/// The <c>WTHelperCertCheckValidSignature</c> function checks whether a signature is valid. It can be used by trust providers to
+		/// get an initial assessment of the validity of a signature before calling the function pointed to by the <c>pfnFinalPolicy</c>
+		/// member of a CRYPT_PROVIDER_FUNCTIONS structure.
 		/// </para>
 		/// </summary>
 		/// <param name="pProvData">A pointer to the CRYPT_PROVIDER_DATA structure that contains the signer and countersigner information.</param>
@@ -1044,6 +1070,87 @@ namespace Vanara.PInvoke
 		[PInvokeData("wintrust.h", MSDNShortId = "d46eea18-03cb-4199-873e-0e9e13061598")]
 		public static extern HRESULT WTHelperCertCheckValidSignature(in CRYPT_PROVIDER_DATA pProvData);
 
+		/// <summary>
+		/// <para>
+		/// [The <c>WTHelperCertFindIssuerCertificate</c> function is available for use in the operating systems specified in the
+		/// Requirements section. It may be altered or unavailable in subsequent versions.]
+		/// </para>
+		/// <para>
+		/// The <c>WTHelperCertFindIssuerCertificate</c> function finds an issuer certificate from the specified certificate stores that
+		/// matches the specified subject certificate.
+		/// </para>
+		/// </summary>
+		/// <param name="pChildContext">The subject certificate for which to find a matching issuer certificate.</param>
+		/// <param name="chStores">The number of elements in the pahStores array.</param>
+		/// <param name="pahStores">An array of certificate stores in which to search.</param>
+		/// <param name="psftVerifyAsOf">The time of verification.</param>
+		/// <param name="dwEncoding">
+		/// A <c>DWORD</c> value that specifies the encoding types of the certificate to check. For information about possible encoding
+		/// types, see Certificate and Message Encoding Types.
+		/// </param>
+		/// <param name="pdwConfidence">
+		/// <para>This parameter can be a bitwise combination of zero or more of the following confidence values.</para>
+		/// <list type="table">
+		/// <listheader>
+		/// <term>Value</term>
+		/// <term>Meaning</term>
+		/// </listheader>
+		/// <item>
+		/// <term>CERT_CONFIDENCE_SIG 0x10000000</term>
+		/// <term>The signature of the certificate is valid.</term>
+		/// </item>
+		/// <item>
+		/// <term>CERT_CONFIDENCE_TIME 0x01000000</term>
+		/// <term>The time of the certificate issuer is valid.</term>
+		/// </item>
+		/// <item>
+		/// <term>CERT_CONFIDENCE_TIMENEST 0x00100000</term>
+		/// <term>The time of the certificate is valid.</term>
+		/// </item>
+		/// <item>
+		/// <term>CERT_CONFIDENCE_AUTHIDEXT 0x00010000</term>
+		/// <term>The authority ID extension is valid.</term>
+		/// </item>
+		/// <item>
+		/// <term>CERT_CONFIDENCE_HYGIENE 0x00001000</term>
+		/// <term>At a minimum, the signature of the certificate and authority ID extension are valid.</term>
+		/// </item>
+		/// <item>
+		/// <term>CERT_CONFIDENCE_HIGHEST 0x11111000</term>
+		/// <term>A combination of all of the other confidence values.</term>
+		/// </item>
+		/// </list>
+		/// </param>
+		/// <param name="dwError">A pointer to a <c>DWORD</c> variable that contains the error value for this certificate, if applicable.</param>
+		/// <returns>An issuer certificate that matches the subject certificate specified by the pChildContext parameter.</returns>
+		/// <remarks>
+		/// <para>To successfully find a matching issuer certificate, the following requirements must be met:</para>
+		/// <list type="bullet">
+		/// <item>
+		/// <term>The signature of the subject certificate specified by the pChildContext parameter must be valid.</term>
+		/// </item>
+		/// <item>
+		/// <term>
+		/// The <c>rgExtension</c> member of the <c>pCertInfo</c> member of the pChildContext parameter must contain a
+		/// <c>CERT_AUTHORITY_KEY_ID_INFO</c> structure. The <c>CertIssuer</c> and <c>CertSerialMember</c> members of this structure much
+		/// match the corresponding members for the issuer certificate.
+		/// </term>
+		/// </item>
+		/// <item>
+		/// <term>The value of the psftVerifyAsOf parameter must be within the period of validity of the subject certificate.</term>
+		/// </item>
+		/// <item>
+		/// <term>The period of validity of the subject certificate must be within the period of validity of the issuer certificate.</term>
+		/// </item>
+		/// </list>
+		/// </remarks>
+		// https://docs.microsoft.com/en-us/windows/win32/seccrypto/wthelpercertfindissuercertificate PCCERT_CONTEXT WINAPI
+		// WTHelperCertFindIssuerCertificate( _In_ PCCERT_CONTEXT pChildContext, _In_ DWORD chStores, _In_ HCERTSTORE *pahStores, _In_
+		// FILETIME *psftVerifyAsOf, _In_ DWORD dwEncoding, _Out_opt_ DWORD *pdwConfidence, _Out_ DWORD *dwError );
+		[DllImport(Lib.Wintrust, SetLastError = false, ExactSpelling = true)]
+		[PInvokeData("wintrust.h", MSDNShortId = "c724f602-fc73-4857-941f-0f22a9e472d1")]
+		public static extern IntPtr WTHelperCertFindIssuerCertificate(in CERT_CONTEXT pChildContext, uint chStores, [In] HCERTSTORE[] pahStores, in FILETIME psftVerifyAsOf, CertEncodingType dwEncoding, out CertConfidence pdwConfidence, out Win32Error dwError);
+
 		/// <summary>
 		/// <para>
 		/// [The <c>WTHelperCertIsSelfSigned</c> function is available for use in the operating systems specified in the Requirements
@@ -1071,6 +1178,81 @@ namespace Vanara.PInvoke
 		[return: MarshalAs(UnmanagedType.Bool)]
 		public static extern bool WTHelperCertIsSelfSigned(uint dwEncoding, in CERT_INFO pCert);
 
+		/// <summary>
+		/// <para>
+		/// [The <c>WTHelperGetFileHash</c> function is available for use in the operating systems specified in the Requirements section. It
+		/// may be altered or unavailable in subsequent versions.]
+		/// </para>
+		/// <para>
+		/// The <c>WTHelperGetFileHash</c> function verifies the signature of a signed file and obtains the hash value and algorithm
+		/// identifier for the file.
+		/// </para>
+		/// </summary>
+		/// <param name="pwszFilename">
+		/// A pointer to a null-terminated Unicode string that contains the path and file name of the file to get the hash for.
+		/// </param>
+		/// <param name="dwFlags">This parameter is not used and should be zero.</param>
+		/// <param name="pvReserved">This parameter is not used and should be <c>NULL</c>.</param>
+		/// <param name="pbFileHash">
+		/// A pointer to a buffer to receive the hash value for the file. The pcbFileHash parameter contains the size of this buffer.
+		/// </param>
+		/// <param name="pcbFileHash">
+		/// <para>
+		/// A pointer to a <c>DWORD</c> variable that, on input, contains the size, in bytes, of the pbFileHash buffer and, on output,
+		/// receives the size, in bytes, of the hash value.
+		/// </para>
+		/// <para>
+		/// To obtain the required size of the hash value, pass <c>NULL</c> for the pbFileHash parameter. This function will place the
+		/// required size, in bytes, of the hash value in this location.
+		/// </para>
+		/// <para>
+		/// If the pbFileHash parameter is not <c>NULL</c>, and the size is not large enough to receive the hash value, this function will
+		/// place the required size, in bytes, in this location and return <c>ERROR_MORE_DATA</c>.
+		/// </para>
+		/// </param>
+		/// <param name="pHashAlgid">
+		/// A pointer to an <c>ALG_ID</c> variable to receive the identifier of the algorithm used to create the hash value. This parameter
+		/// can be <c>NULL</c> if this information is not needed.
+		/// </param>
+		/// <returns>
+		/// <para>Returns a status code that indicates the success or failure of the function.</para>
+		/// <para>Possible return codes include, but are not limited to, the following.</para>
+		/// <list type="table">
+		/// <listheader>
+		/// <term>Return code</term>
+		/// <term>Description</term>
+		/// </listheader>
+		/// <item>
+		/// <term>ERROR_SUCCESS</term>
+		/// <term>The file is signed, and the signature was verified.</term>
+		/// </item>
+		/// <item>
+		/// <term>ERROR_MORE_DATA</term>
+		/// <term>
+		/// The pbFileHash parameter is not NULL, and the size specified by the pcbFileHash parameter is not large enough to receive the hash.
+		/// </term>
+		/// </item>
+		/// <item>
+		/// <term>ERROR_NOT_ENOUGH_MEMORY</term>
+		/// <term>A memory allocation failure occurred.</term>
+		/// </item>
+		/// <item>
+		/// <term>TRUST_E_BAD_DIGEST</term>
+		/// <term>The signature of the file was not verified.</term>
+		/// </item>
+		/// <item>
+		/// <term>TRUST_E_NOSIGNATURE</term>
+		/// <term>The file was not signed or had a signature that is not valid.</term>
+		/// </item>
+		/// </list>
+		/// </returns>
+		// https://docs.microsoft.com/en-us/windows/win32/seccrypto/wthelpergetfilehash LONG WINAPI WTHelperGetFileHash( _In_ LPCWSTR
+		// pwszFilename, _In_ DWORD dwFlags, _Inout_opt_ PVOID pvReserved, _Out_opt_ BYTE *pbFileHash, _Inout_opt_ DWORD *pcbFileHash,
+		// _Out_opt_ ALG_ID *pHashAlgid );
+		[DllImport(Lib.Wintrust, SetLastError = false, ExactSpelling = true)]
+		[PInvokeData("wintrust.h", MSDNShortId = "130b3c3e-cc67-44ec-acc7-daa87b714299")]
+		public static extern int WTHelperGetFileHash([MarshalAs(UnmanagedType.LPWStr)] string pwszFilename, [Optional] uint dwFlags, [In, Out, Optional] IntPtr pvReserved, [Out] IntPtr pbFileHash, ref uint pcbFileHash, out ALG_ID pHashAlgid);
+
 		/// <summary>
 		/// <para>
 		/// [The <c>WTHelperGetProvCertFromChain</c> function is available for use in the operating systems specified in the Requirements
@@ -1078,8 +1260,8 @@ namespace Vanara.PInvoke
 		/// and CertVerifyCertificateChainPolicy functions. For Microsoft Authenticode technology signature verification, use the .NET Framework.]
 		/// </para>
 		/// <para>
-		/// The <c>WTHelperGetProvCertFromChain</c> function retrieves a trust provider certificate from the certificate chain. This function
-		/// has no associated import library. You must use the LoadLibrary and GetProcAddress functions to dynamically link to Wintrust.dll.
+		/// The <c>WTHelperGetProvCertFromChain</c> function retrieves a trust provider certificate from the certificate chain. This
+		/// function has no associated import library. You must use the LoadLibrary and GetProcAddress functions to dynamically link to Wintrust.dll.
 		/// </para>
 		/// </summary>
 		/// <param name="pSgnr">
@@ -1129,15 +1311,74 @@ namespace Vanara.PInvoke
 
 		/// <summary>
 		/// <para>
-		/// [The <c>CRYPT_PROVIDER_CERT</c> structure is available for use in the operating systems specified in the Requirements section. It
-		/// may be altered or unavailable in subsequent versions.]
+		/// [The <c>WTHelperGetProvSignerFromChain</c> function is available for use in the operating systems specified in the Requirements
+		/// section. It may be altered or unavailable in subsequent versions. For certificate verification, use the CertGetCertificateChain
+		/// and CertVerifyCertificateChainPolicy functions. For Microsoft Authenticode technology signature verification, use the .NET Framework.]
+		/// </para>
+		/// <para>
+		/// The <c>WTHelperGetProvSignerFromChain</c> function retrieves a signer or countersigner by index from the chain. This function
+		/// has no associated import library. You must use the LoadLibrary and GetProcAddress functions to dynamically link to Wintrust.dll.
+		/// </para>
+		/// </summary>
+		/// <param name="pProvData">A pointer to the CRYPT_PROVIDER_DATA structure that contains the signer and countersigner information.</param>
+		/// <param name="idxSigner">The index of the signer. The index is zero based.</param>
+		/// <param name="fCounterSigner">
+		/// If <c>TRUE</c>, the countersigner, as specified by idxCounterSigner, is retrieved by this function; the signer that contains the
+		/// countersigner is identified by idxSigner. If <c>FALSE</c>, the signer, as specified by idxSigner, is retrieved by this function.
+		/// </param>
+		/// <param name="idxCounterSigner">
+		/// The index of the countersigner. The index is zero based. The countersigner applies to the signer identified by idxSigner.
+		/// </param>
+		/// <returns>
+		/// <para>
+		/// If the function succeeds, the function returns a pointer to a CRYPT_PROVIDER_SGNR structure for the requested signer or countersigner.
+		/// </para>
+		/// <para>If the function fails, it returns <c>NULL</c>.</para>
+		/// </returns>
+		// https://docs.microsoft.com/en-us/windows/win32/api/wintrust/nf-wintrust-wthelpergetprovsignerfromchain CRYPT_PROVIDER_SGNR *
+		// WTHelperGetProvSignerFromChain( CRYPT_PROVIDER_DATA *pProvData, DWORD idxSigner, BOOL fCounterSigner, DWORD idxCounterSigner );
+		[DllImport(Lib.Wintrust, SetLastError = false, ExactSpelling = true)]
+		[PInvokeData("wintrust.h", MSDNShortId = "8e1ebf82-73c2-445b-9964-6739f7c90c47")]
+		public static extern IntPtr WTHelperGetProvSignerFromChain(in CRYPT_PROVIDER_DATA pProvData, uint idxSigner, [MarshalAs(UnmanagedType.Bool)] bool fCounterSigner, uint idxCounterSigner);
+
+		/// <summary>
+		/// <para>
+		/// [The <c>WTHelperProvDataFromStateData</c> function is available for use in the operating systems specified in the Requirements
+		/// section. It may be altered or unavailable in subsequent versions. For certificate verification, use the CertGetCertificateChain
+		/// and CertVerifyCertificateChainPolicy functions. For Microsoft Authenticode technology signature verification, use the .NET Framework.]
+		/// </para>
+		/// <para>
+		/// The <c>WTHelperProvDataFromStateData</c> function retrieves trust provider information from a specified handle. This function
+		/// has no associated import library. You must use the LoadLibrary and GetProcAddress functions to dynamically link to Wintrust.dll.
+		/// </para>
+		/// </summary>
+		/// <param name="hStateData">
+		/// A handle previously set by the WinVerifyTrustEx function as the <c>hWVTStateData</c> member of the WINTRUST_DATA structure.
+		/// </param>
+		/// <returns>
+		/// <para>
+		/// If the function succeeds, the function returns a pointer to a CRYPT_PROVIDER_DATA structure. The returned pointer can be used by
+		/// the WTHelperGetProvSignerFromChain function.
+		/// </para>
+		/// <para>If the function fails, it returns <c>NULL</c>.</para>
+		/// </returns>
+		// https://docs.microsoft.com/en-us/windows/win32/api/wintrust/nf-wintrust-wthelperprovdatafromstatedata CRYPT_PROVIDER_DATA *
+		// WTHelperProvDataFromStateData( HANDLE hStateData );
+		[DllImport(Lib.Wintrust, SetLastError = false, ExactSpelling = true)]
+		[PInvokeData("wintrust.h", MSDNShortId = "ca2ca612-2da6-4fe1-8b1e-bc6307eb92af")]
+		public static extern IntPtr WTHelperProvDataFromStateData(HANDLE hStateData);
+
+		/// <summary>
+		/// <para>
+		/// [The <c>CRYPT_PROVIDER_CERT</c> structure is available for use in the operating systems specified in the Requirements section.
+		/// It may be altered or unavailable in subsequent versions.]
 		/// </para>
 		/// <para>The <c>CRYPT_PROVIDER_CERT</c> structure provides information about a provider certificate.</para>
 		/// </summary>
-		// https://docs.microsoft.com/en-us/windows/desktop/api/wintrust/ns-wintrust-_crypt_provider_cert typedef struct _CRYPT_PROVIDER_CERT
-		// { DWORD cbStruct; PCCERT_CONTEXT pCert; BOOL fCommercial; BOOL fTrustedRoot; BOOL fSelfSigned; BOOL fTestCert; DWORD
-		// dwRevokedReason; DWORD dwConfidence; DWORD dwError; CTL_CONTEXT *pTrustListContext; BOOL fTrustListSignerCert; PCCTL_CONTEXT
-		// pCtlContext; DWORD dwCtlError; BOOL fIsCyclic; PCERT_CHAIN_ELEMENT pChainElement; } CRYPT_PROVIDER_CERT, *PCRYPT_PROVIDER_CERT;
+		// https://docs.microsoft.com/en-us/windows/desktop/api/wintrust/ns-wintrust-_crypt_provider_cert typedef struct
+		// _CRYPT_PROVIDER_CERT { DWORD cbStruct; PCCERT_CONTEXT pCert; BOOL fCommercial; BOOL fTrustedRoot; BOOL fSelfSigned; BOOL
+		// fTestCert; DWORD dwRevokedReason; DWORD dwConfidence; DWORD dwError; CTL_CONTEXT *pTrustListContext; BOOL fTrustListSignerCert;
+		// PCCTL_CONTEXT pCtlContext; DWORD dwCtlError; BOOL fIsCyclic; PCERT_CHAIN_ELEMENT pChainElement; } CRYPT_PROVIDER_CERT, *PCRYPT_PROVIDER_CERT;
 		[PInvokeData("wintrust.h", MSDNShortId = "622e7a72-445a-4820-b236-1c90dad08351")]
 		[StructLayout(LayoutKind.Sequential)]
 		public struct CRYPT_PROVIDER_CERT
@@ -1196,7 +1437,7 @@ namespace Vanara.PInvoke
 			/// </item>
 			/// </list>
 			/// </summary>
-			public uint dwConfidence;
+			public CertConfidence dwConfidence;
 
 			/// <summary>A pointer to a <c>DWORD</c> variable that contains the error value for this certificate, if applicable.</summary>
 			public uint dwError;
@@ -1226,7 +1467,8 @@ namespace Vanara.PInvoke
 		/// [The CRYPT_PROVUI_DATA structure is available for use in the operating systems specified in the Requirements section. It may be
 		/// altered or unavailable in subsequent versions.]
 		/// <para>
-		/// The CRYPT_PROVUI_DATA structure provides user interface (UI) data for a provider.This structure is used by the CRYPT_PROVUI_FUNCS structure.
+		/// The CRYPT_PROVUI_DATA structure provides user interface (UI) data for a provider.This structure is used by the
+		/// CRYPT_PROVUI_FUNCS structure.
 		/// </para>
 		/// </summary>
 		[PInvokeData("wintrust.h", MSDNShortId = "86f819f0-c243-45ba-8b7b-97ed906e6e8a")]
@@ -1271,8 +1513,8 @@ namespace Vanara.PInvoke
 			public string pCopyActionTextNoTS;
 
 			/// <summary>
-			/// A pointer to a null-terminated string for the text used when a signature is not provided. If this parameter is NULL, then "Do
-			/// you want to install and run ""%1""?" is used.
+			/// A pointer to a null-terminated string for the text used when a signature is not provided. If this parameter is NULL, then
+			/// "Do you want to install and run ""%1""?" is used.
 			/// </summary>
 			[MarshalAs(UnmanagedType.LPWStr)]
 			public string pCopyActionTextNotSigned;
@@ -1435,15 +1677,15 @@ namespace Vanara.PInvoke
 
 		/// <summary>
 		/// <para>
-		/// [The <c>CRYPT_PROVIDER_SGNR</c> structure is available for use in the operating systems specified in the Requirements section. It
-		/// may be altered or unavailable in subsequent versions.]
+		/// [The <c>CRYPT_PROVIDER_SGNR</c> structure is available for use in the operating systems specified in the Requirements section.
+		/// It may be altered or unavailable in subsequent versions.]
 		/// </para>
 		/// <para>The <c>CRYPT_PROVIDER_SGNR</c> structure provides information about a signer or countersigner.</para>
 		/// </summary>
-		// https://docs.microsoft.com/en-us/windows/desktop/api/wintrust/ns-wintrust-_crypt_provider_sgnr typedef struct _CRYPT_PROVIDER_SGNR
-		// { DWORD cbStruct; FILETIME sftVerifyAsOf; DWORD csCertChain; struct _CRYPT_PROVIDER_CERT *pasCertChain; DWORD dwSignerType;
-		// CMSG_SIGNER_INFO *psSigner; DWORD dwError; DWORD csCounterSigners; struct _CRYPT_PROVIDER_SGNR *pasCounterSigners;
-		// PCCERT_CHAIN_CONTEXT pChainContext; } CRYPT_PROVIDER_SGNR, *PCRYPT_PROVIDER_SGNR;
+		// https://docs.microsoft.com/en-us/windows/desktop/api/wintrust/ns-wintrust-_crypt_provider_sgnr typedef struct
+		// _CRYPT_PROVIDER_SGNR { DWORD cbStruct; FILETIME sftVerifyAsOf; DWORD csCertChain; struct _CRYPT_PROVIDER_CERT *pasCertChain;
+		// DWORD dwSignerType; CMSG_SIGNER_INFO *psSigner; DWORD dwError; DWORD csCounterSigners; struct _CRYPT_PROVIDER_SGNR
+		// *pasCounterSigners; PCCERT_CHAIN_CONTEXT pChainContext; } CRYPT_PROVIDER_SGNR, *PCRYPT_PROVIDER_SGNR;
 		[PInvokeData("wintrust.h", MSDNShortId = "39cf9a03-768d-4ae0-a19d-17652181dbe4")]
 		[StructLayout(LayoutKind.Sequential)]
 		public struct CRYPT_PROVIDER_SGNR
@@ -1626,8 +1868,8 @@ namespace Vanara.PInvoke
 		/// </para>
 		/// </summary>
 		/// <remarks>The prototype for PFN_PROVUI_CALL is defined as:</remarks>
-		// https://docs.microsoft.com/en-us/windows/desktop/api/wintrust/ns-wintrust-_crypt_provui_funcs typedef struct _CRYPT_PROVUI_FUNCS {
-		// DWORD cbStruct; struct _CRYPT_PROVUI_DATA *psUIData; PFN_PROVUI_CALL pfnOnMoreInfoClick; PFN_PROVUI_CALL
+		// https://docs.microsoft.com/en-us/windows/desktop/api/wintrust/ns-wintrust-_crypt_provui_funcs typedef struct _CRYPT_PROVUI_FUNCS
+		// { DWORD cbStruct; struct _CRYPT_PROVUI_DATA *psUIData; PFN_PROVUI_CALL pfnOnMoreInfoClick; PFN_PROVUI_CALL
 		// pfnOnMoreInfoClickDefault; PFN_PROVUI_CALL pfnOnAdvancedClick; PFN_PROVUI_CALL pfnOnAdvancedClickDefault; } CRYPT_PROVUI_FUNCS, *PCRYPT_PROVUI_FUNCS;
 		[PInvokeData("wintrust.h", MSDNShortId = "7cdc32ea-b28a-400f-ad8a-984f86bb95fd")]
 		[StructLayout(LayoutKind.Sequential)]
@@ -1729,7 +1971,7 @@ namespace Vanara.PInvoke
 		[StructLayout(LayoutKind.Sequential)]
 		public struct HCATADMIN : IHandle
 		{
-			private IntPtr handle;
+			private readonly IntPtr handle;
 
 			/// <summary>Initializes a new instance of the <see cref="HCATADMIN"/> struct.</summary>
 			/// <param name="preexistingHandle">An <see cref="IntPtr"/> object that represents the pre-existing handle to use.</param>
@@ -1777,7 +2019,7 @@ namespace Vanara.PInvoke
 		[StructLayout(LayoutKind.Sequential)]
 		public struct HCRYPTMSG : IHandle
 		{
-			private IntPtr handle;
+			private readonly IntPtr handle;
 
 			/// <summary>Initializes a new instance of the <see cref="HCRYPTMSG"/> struct.</summary>
 			/// <param name="preexistingHandle">An <see cref="IntPtr"/> object that represents the pre-existing handle to use.</param>
@@ -1822,8 +2064,8 @@ namespace Vanara.PInvoke
 		}
 
 		/// <summary>
-		/// The <c>SPC_INDIRECT_DATA_CONTENT</c> structure is used in Authenticode signatures to store the digest and other attributes of the
-		/// signed file.
+		/// The <c>SPC_INDIRECT_DATA_CONTENT</c> structure is used in Authenticode signatures to store the digest and other attributes of
+		/// the signed file.
 		/// </summary>
 		// https://docs.microsoft.com/en-us/windows/desktop/api/wintrust/ns-wintrust-_spc_indirect_data_content typedef struct
 		// _SPC_INDIRECT_DATA_CONTENT { CRYPT_ATTRIBUTE_TYPE_VALUE Data; CRYPT_ALGORITHM_IDENTIFIER DigestAlgorithm; CRYPT_HASH_BLOB Digest;
@@ -1843,8 +2085,8 @@ namespace Vanara.PInvoke
 		}
 
 		/// <summary>This structure encapsulates a signature used in verifying executable files.</summary>
-		// https://docs.microsoft.com/en-us/windows/desktop/api/wintrust/ns-wintrust-_win_certificate typedef struct _WIN_CERTIFICATE { DWORD
-		// dwLength; WORD wRevision; WORD wCertificateType; BYTE bCertificate[ANYSIZE_ARRAY]; } WIN_CERTIFICATE, *LPWIN_CERTIFICATE;
+		// https://docs.microsoft.com/en-us/windows/desktop/api/wintrust/ns-wintrust-_win_certificate typedef struct _WIN_CERTIFICATE {
+		// DWORD dwLength; WORD wRevision; WORD wCertificateType; BYTE bCertificate[ANYSIZE_ARRAY]; } WIN_CERTIFICATE, *LPWIN_CERTIFICATE;
 		[PInvokeData("wintrust.h", MSDNShortId = "AC666871-265B-4D09-B7A6-DEC48D4645FD")]
 		[StructLayout(LayoutKind.Sequential)]
 		public struct WIN_CERTIFICATE
@@ -1904,8 +2146,8 @@ namespace Vanara.PInvoke
 		/// that support this structure.
 		/// </para>
 		/// </summary>
-		// https://docs.microsoft.com/en-us/windows/desktop/api/wintrust/ns-wintrust-wintrust_blob_info_ typedef struct WINTRUST_BLOB_INFO_ {
-		// DWORD cbStruct; GUID gSubject; LPCWSTR pcwszDisplayName; DWORD cbMemObject; BYTE *pbMemObject; DWORD cbMemSignedMsg; BYTE
+		// https://docs.microsoft.com/en-us/windows/desktop/api/wintrust/ns-wintrust-wintrust_blob_info_ typedef struct WINTRUST_BLOB_INFO_
+		// { DWORD cbStruct; GUID gSubject; LPCWSTR pcwszDisplayName; DWORD cbMemObject; BYTE *pbMemObject; DWORD cbMemSignedMsg; BYTE
 		// *pbMemSignedMsg; } WINTRUST_BLOB_INFO, *PWINTRUST_BLOB_INFO;
 		[PInvokeData("wintrust.h", MSDNShortId = "8b13d355-4d24-4d8e-aae3-db16467999be")]
 		[StructLayout(LayoutKind.Sequential)]
@@ -1990,8 +2232,8 @@ namespace Vanara.PInvoke
 		/// </para>
 		/// <para>The <c>WINTRUST_CERT_INFO</c> structure is used when calling WinVerifyTrust to verify a CERT_CONTEXT.</para>
 		/// </summary>
-		// https://docs.microsoft.com/en-us/windows/desktop/api/wintrust/ns-wintrust-wintrust_cert_info_ typedef struct WINTRUST_CERT_INFO_ {
-		// DWORD cbStruct; LPCWSTR pcwszDisplayName; CERT_CONTEXT *psCertContext; DWORD chStores; HCERTSTORE *pahStores; DWORD dwFlags;
+		// https://docs.microsoft.com/en-us/windows/desktop/api/wintrust/ns-wintrust-wintrust_cert_info_ typedef struct WINTRUST_CERT_INFO_
+		// { DWORD cbStruct; LPCWSTR pcwszDisplayName; CERT_CONTEXT *psCertContext; DWORD chStores; HCERTSTORE *pahStores; DWORD dwFlags;
 		// FILETIME *psftVerifyAsOf; } WINTRUST_CERT_INFO, *PWINTRUST_CERT_INFO;
 		[PInvokeData("wintrust.h", MSDNShortId = "6522d1f0-3d96-4499-9220-23288122e0e6")]
 		[StructLayout(LayoutKind.Sequential)]
@@ -2010,8 +2252,8 @@ namespace Vanara.PInvoke
 			public uint chStores;
 
 			/// <summary>
-			/// An array of open certificate stores to add to the list of stores that the policy provider looks in to find certificates while
-			/// building a trust chain.
+			/// An array of open certificate stores to add to the list of stores that the policy provider looks in to find certificates
+			/// while building a trust chain.
 			/// </summary>
 			public IntPtr pahStores;
 
@@ -2023,8 +2265,8 @@ namespace Vanara.PInvoke
 		}
 
 		/// <summary>The <c>WINTRUST_FILE_INFO</c> structure is used when calling WinVerifyTrust to verify an individual file.</summary>
-		// https://docs.microsoft.com/en-us/windows/desktop/api/wintrust/ns-wintrust-wintrust_file_info_ typedef struct WINTRUST_FILE_INFO_ {
-		// DWORD cbStruct; LPCWSTR pcwszFilePath; HANDLE hFile; GUID *pgKnownSubject; } WINTRUST_FILE_INFO, *PWINTRUST_FILE_INFO;
+		// https://docs.microsoft.com/en-us/windows/desktop/api/wintrust/ns-wintrust-wintrust_file_info_ typedef struct WINTRUST_FILE_INFO_
+		// { DWORD cbStruct; LPCWSTR pcwszFilePath; HANDLE hFile; GUID *pgKnownSubject; } WINTRUST_FILE_INFO, *PWINTRUST_FILE_INFO;
 		[PInvokeData("wintrust.h", MSDNShortId = "3c3bef86-a2ed-47d1-a726-90630433358a")]
 		[StructLayout(LayoutKind.Sequential)]
 		public struct WINTRUST_FILE_INFO
@@ -2133,7 +2375,7 @@ namespace Vanara.PInvoke
 		public class WINTRUST_DATA : IDisposable
 		{
 			/// <summary>The size, in bytes, of this structure.</summary>
-			private int _cbStruct;
+			private readonly int _cbStruct;
 
 			/// <summary>A pointer to a data buffer used to pass policy-specific data to a policy provider. This member can be NULL.</summary>
 			public IntPtr pPolicyCallbackData;
@@ -2281,28 +2523,5 @@ namespace Vanara.PInvoke
 					Marshal.FreeCoTaskMem(_pInfoStruct);
 			}
 		}
-
-		/*
-		OpenPersonalTrustDBDialog https://docs.microsoft.com/en-us/windows/desktop/api/wintrust/nf-wintrust-openpersonaltrustdbdialog
-		OpenPersonalTrustDBDialogEx https://docs.microsoft.com/en-us/windows/desktop/api/wintrust/nf-wintrust-openpersonaltrustdbdialogex
-		WTHelperCertCheckValidSignature https://docs.microsoft.com/en-us/windows/desktop/api/wintrust/nf-wintrust-wthelpercertcheckvalidsignature
-		WTHelperCertFindIssuerCertificate https://docs.microsoft.com/en-us/windows/desktop/SecCrypto/wthelpercertfindissuercertificate
-		WTHelperCertIsSelfSigned https://docs.microsoft.com/en-us/windows/desktop/api/wintrust/nf-wintrust-wthelpercertisselfsigned
-		WTHelperGetFileHash https://docs.microsoft.com/en-us/windows/desktop/SecCrypto/wthelpergetfilehash
-		WTHelperGetProvCertFromChain https://docs.microsoft.com/en-us/windows/desktop/api/wintrust/nf-wintrust-wthelpergetprovcertfromchain
-		WTHelperGetProvPrivateDataFromChain https://docs.microsoft.com/en-us/windows/desktop/api/wintrust/nf-wintrust-wthelpergetprovprivatedatafromchain
-		WTHelperGetProvSignerFromChain https://docs.microsoft.com/en-us/windows/desktop/api/wintrust/nf-wintrust-wthelpergetprovsignerfromchain
-		WTHelperProvDataFromStateData https://docs.microsoft.com/en-us/windows/desktop/api/wintrust/nf-wintrust-wthelperprovdatafromstatedata
-		WinVerifyTrust https://docs.microsoft.com/en-us/windows/desktop/api/wintrust/nf-wintrust-winverifytrust
-		WinVerifyTrustEx https://docs.microsoft.com/en-us/windows/desktop/api/wintrust/nf-wintrust-winverifytrustex
-		WintrustAddActionID https://docs.microsoft.com/en-us/windows/desktop/api/wintrust/nf-wintrust-wintrustaddactionid
-		WintrustAddDefaultForUsage https://docs.microsoft.com/en-us/windows/desktop/api/wintrust/nf-wintrust-wintrustadddefaultforusage
-		WintrustGetDefaultForUsage https://docs.microsoft.com/en-us/windows/desktop/api/wintrust/nf-wintrust-wintrustgetdefaultforusage
-		WintrustGetRegPolicyFlags https://docs.microsoft.com/en-us/windows/desktop/api/wintrust/nf-wintrust-wintrustgetregpolicyflags
-		WintrustLoadFunctionPointers https://docs.microsoft.com/en-us/windows/desktop/api/wintrust/nf-wintrust-wintrustloadfunctionpointers
-		WintrustRemoveActionID https://docs.microsoft.com/en-us/windows/desktop/api/wintrust/nf-wintrust-wintrustremoveactionid
-		WintrustSetDefaultIncludePEPageHashes https://docs.microsoft.com/en-us/windows/desktop/api/wintrust/nf-wintrust-wintrustsetdefaultincludepepagehashes
-		WintrustSetRegPolicyFlags https://docs.microsoft.com/en-us/windows/desktop/api/wintrust/nf-wintrust-wintrustsetregpolicyflags
-		*/
 	}
 }
\ No newline at end of file