using System;
using System.Runtime.InteropServices;
using System.Security;
using Vanara.Extensions;
using Vanara.InteropServices;
using FILETIME = System.Runtime.InteropServices.ComTypes.FILETIME;
namespace Vanara.PInvoke
{
/// Methods and data types found in Crypt32.dll.
public static partial class Crypt32
{
///
///
/// [The PCRYPT_DECRYPT_PRIVATE_KEY_FUNC function is available for use in the operating systems specified in the Requirements
/// section. It may be altered or unavailable in subsequent versions.]
///
///
/// The PCRYPT_DECRYPT_PRIVATE_KEY_FUNC function decrypts the private key and returns the decrypted key in the pbClearTextKey
/// parameter. PCRYPT_DECRYPT_PRIVATE_KEY_FUNC is a callback function specified in a CRYPT_PKCS8_IMPORT_PARAMS structure. It
/// is used when a CRYPT_ENCRYPTED_PRIVATE_KEY_INFO structure contains a private key that needs to be decrypted. The
/// CryptImportPKCS8 function uses this function. The function must be implemented by the developer to suit each application.
///
///
///
/// A CRYPT_ALGORITHM_IDENTIFIER structure that identifies the algorithm used to encrypt the PrivateKeyInfo ASN.1 type found in the
/// PKCS #8 standard.
///
/// A CRYPT_DATA_BLOB value that identifies the encrypted private key BLOB.
/// A buffer to receive the clear text.
///
/// The number of bytes of the pClearTextKey buffer. Note: if this is zero then this should be filled in with the size required to
/// decrypt the key into, and pClearTextKey should be ignored.
///
///
/// An LPVOID value that provides data used in decryption, such as key, initialization vector, and password.
///
///
/// If the function succeeds, the function returns nonzero ( TRUE).
/// If the function fails, it returns zero ( FALSE).
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nc-wincrypt-pcrypt_decrypt_private_key_func
// PCRYPT_DECRYPT_PRIVATE_KEY_FUNC PcryptDecryptPrivateKeyFunc; BOOL PcryptDecryptPrivateKeyFunc( CRYPT_ALGORITHM_IDENTIFIER
// Algorithm, CRYPT_DATA_BLOB EncryptedPrivateKey, BYTE *pbClearTextKey, DWORD *pcbClearTextKey, LPVOID pVoidDecryptFunc ) {...}
[PInvokeData("wincrypt.h", MSDNShortId = "f59fd46b-5430-4aa2-85ba-961b416dbaac")]
[return: MarshalAs(UnmanagedType.Bool)]
public delegate bool PCRYPT_DECRYPT_PRIVATE_KEY_FUNC(CRYPT_ALGORITHM_IDENTIFIER Algorithm, CRYPTOAPI_BLOB EncryptedPrivateKey, IntPtr pbClearTextKey, ref uint pcbClearTextKey, IntPtr pVoidDecryptFunc);
///
///
/// [The PCRYPT_ENCRYPT_PRIVATE_KEY_FUNC function is available for use in the operating systems specified in the Requirements
/// section. It may be altered or unavailable in subsequent versions.]
///
///
/// The PCRYPT_ENCRYPT_PRIVATE_KEY_FUNC function encrypts the private key and returns the encrypted contents in the
/// pbEncryptedKey parameter. It is a callback function identified in a CRYPT_PKCS8_EXPORT_PARAMS structure that creates a PKCS #8
/// CRYPT_ENCRYPTED_PRIVATE_KEY_INFO structure. The function must be implemented by the developer to suit each application.
///
///
///
///
///
///
///
/// An LPVOID variable that contains data used for encryption, such as key, initialization vector, and password.
///
///
/// If the function succeeds, the function returns nonzero ( TRUE).
/// If the function fails, it returns zero ( FALSE).
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nc-wincrypt-pcrypt_encrypt_private_key_func
// PCRYPT_ENCRYPT_PRIVATE_KEY_FUNC PcryptEncryptPrivateKeyFunc; BOOL PcryptEncryptPrivateKeyFunc( CRYPT_ALGORITHM_IDENTIFIER
// *pAlgorithm, CRYPT_DATA_BLOB *pClearTextPrivateKey, BYTE *pbEncryptedKey, DWORD *pcbEncryptedKey, LPVOID pVoidEncryptFunc ) {...}
[PInvokeData("wincrypt.h", MSDNShortId = "aa6b8bca-4f0d-491e-ab38-5c273a01ca05")]
[return: MarshalAs(UnmanagedType.Bool)]
public delegate bool PCRYPT_ENCRYPT_PRIVATE_KEY_FUNC(ref CRYPT_ALGORITHM_IDENTIFIER pAlgorithm, ref CRYPTOAPI_BLOB pClearTextPrivateKey, IntPtr pbEncryptedKey, ref uint pcbEncryptedKey, IntPtr pVoidEncryptFunc);
///
///
/// [The PCRYPT_RESOLVE_HCRYPTPROV_FUNC function is available for use in the operating systems specified in the Requirements
/// section. It may be altered or unavailable in subsequent versions.]
///
///
/// The PCRYPT_RESOLVE_HCRYPTPROV_FUNC function returns a handle to a cryptographic service provider (CSP) by using the
/// phCryptProv parameter to receive the key being imported. It is a callback function called from the context of the
/// CryptImportPKCS8 function. The function must be implemented by the developer to suit each application.
///
///
///
/// Pointer to a CRYPT_PRIVATE_KEY_INFO structure which describes the key being imported and whose PrivateKey field contains the
/// encrypted private key blob.
///
/// A pointer to a HCRRYPTPROV to be filled in.
///
/// The pVoidResolveFunc member passed in by the caller in the CRYPT_PKCS8_IMPORT_PARAMS structure.
///
///
/// If the function succeeds, the function returns nonzero ( TRUE).
/// If the function fails, it returns zero ( FALSE).
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nc-wincrypt-pcrypt_resolve_hcryptprov_func BOOL
// PCRYPT_RESOLVE_HCRYPTPROV_FUNC( CRYPT_PRIVATE_KEY_INFO *pPrivateKeyInfo, HCRYPTPROV *phCryptProv, LPVOID pVoidResolveFunc );
[PInvokeData("wincrypt.h", MSDNShortId = "d3b2b942-bde5-4399-9412-95fe227cd546")]
[return: MarshalAs(UnmanagedType.Bool)]
public delegate bool PCRYPT_RESOLVE_HCRYPTPROV_FUNC(in CRYPT_PRIVATE_KEY_INFO pPrivateKeyInfo, ref HCRYPTPROV phCryptProv, IntPtr pVoidResolveFunc);
/// The intended key usage.
[PInvokeData("wincrypt.h", MSDNShortId = "d09c3626-f864-4774-8511-3e912f62e520")]
[Flags]
public enum CertKeyUsage : ushort
{
///
CERT_DIGITAL_SIGNATURE_KEY_USAGE = 0x80,
///
CERT_NON_REPUDIATION_KEY_USAGE = 0x40,
///
CERT_KEY_ENCIPHERMENT_KEY_USAGE = 0x20,
///
CERT_DATA_ENCIPHERMENT_KEY_USAGE = 0x10,
///
CERT_KEY_AGREEMENT_KEY_USAGE = 0x08,
///
CERT_KEY_CERT_SIGN_KEY_USAGE = 0x04,
///
CERT_OFFLINE_CRL_SIGN_KEY_USAGE = 0x02,
///
CERT_CRL_SIGN_KEY_USAGE = 0x02,
///
CERT_ENCIPHER_ONLY_KEY_USAGE = 0x01,
///
CERT_DECIPHER_ONLY_KEY_USAGE = 0x8000,
}
/// Indicates the expected content type.
[PInvokeData("wincrypt.h", MSDNShortId = "d882f2b0-0f0a-41c7-afca-a232dc00797b")]
[Flags]
public enum CertQueryContentFlags : uint
{
///
/// The content can be any type. This does not include the CERT_QUERY_CONTENT_FLAG_PFX_AND_LOAD flag.
///
/// If this flag is specified, this function will attempt to obtain information about the object, trying different content types
/// until the proper content type is found or the content types are exhausted.This is obviously inefficient, so this flag should
/// only be used if the content type is not known.
///
///
CERT_QUERY_CONTENT_FLAG_ALL = (CERT_QUERY_CONTENT_FLAG_CERT | CERT_QUERY_CONTENT_FLAG_CTL | CERT_QUERY_CONTENT_FLAG_CRL | CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE | CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT | CERT_QUERY_CONTENT_FLAG_SERIALIZED_CTL | CERT_QUERY_CONTENT_FLAG_SERIALIZED_CRL | CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED | CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED | CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED | CERT_QUERY_CONTENT_FLAG_PKCS10 | CERT_QUERY_CONTENT_FLAG_PFX | CERT_QUERY_CONTENT_FLAG_CERT_PAIR),
///
CERT_QUERY_CONTENT_FLAG_ALL_ISSUER_CERT = (CERT_QUERY_CONTENT_FLAG_CERT | CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE | CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT | CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED | CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED),
/// The content is a single certificate.
CERT_QUERY_CONTENT_FLAG_CERT = (1 << CertQueryContentType.CERT_QUERY_CONTENT_CERT),
///
/// The content is an Abstract Syntax Notation One (ASN.1) encoded X509_CERT_PAIR (an encoded certificate pair that contains
/// either forward, reverse, or forward and reverse cross certificates).
///
CERT_QUERY_CONTENT_FLAG_CERT_PAIR = (1 << CertQueryContentType.CERT_QUERY_CONTENT_CERT_PAIR),
/// The content is a single CRL.
CERT_QUERY_CONTENT_FLAG_CRL = (1 << CertQueryContentType.CERT_QUERY_CONTENT_CRL),
/// The content is a single CTL.
CERT_QUERY_CONTENT_FLAG_CTL = (1 << CertQueryContentType.CERT_QUERY_CONTENT_CTL),
///
/// The content is a PFX (PKCS #12) packet, but it will not be loaded by this function. You can use the PFXImportCertStore
/// function to load this into a store.
///
CERT_QUERY_CONTENT_FLAG_PFX = (1 << CertQueryContentType.CERT_QUERY_CONTENT_PFX),
///
/// The content is a PFX (PKCS #12) packet and will be loaded by this function subject to the conditions specified in the
/// following note. If the PFX packet contains an embedded password that is not an empty string or NULL, and the password
/// was not protected to an Active Directory(AD) principal that includes the calling user, this function will not be able to
/// decrypt the PFX packet.The packet can be decrypted, however, if the password used when the PFX packet was created was
/// encrypted to an AD principal and the user, as part of that principal, has permission to decrypt the password. For more
/// information, see the pvPara parameter and the PKCS12_PROTECT_TO_DOMAIN_SIDS flag of the PFXExportCertStoreEx function.
/// You can protect PFX passwords to an AD principal beginning in Windows 8 and Windows Server 2012.
///
/// Windows Server 2003 and Windows XP: This value is not supported.
///
CERT_QUERY_CONTENT_FLAG_PFX_AND_LOAD = (1 << CertQueryContentType.CERT_QUERY_CONTENT_PFX_AND_LOAD),
/// The content is a PKCS #10 message.
CERT_QUERY_CONTENT_FLAG_PKCS10 = (1 << CertQueryContentType.CERT_QUERY_CONTENT_PKCS10),
/// The content is a PKCS #7 signed message.
CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED = (1 << CertQueryContentType.CERT_QUERY_CONTENT_PKCS7_SIGNED),
/// The content is an embedded PKCS #7 signed message.
CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED = (1 << CertQueryContentType.CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED),
/// The content is a PKCS #7 unsigned message.
CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED = (1 << CertQueryContentType.CERT_QUERY_CONTENT_PKCS7_UNSIGNED),
/// The content is a serialized single certificate.
CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT = (1 << CertQueryContentType.CERT_QUERY_CONTENT_SERIALIZED_CERT),
/// The content is a serialized single CRL.
CERT_QUERY_CONTENT_FLAG_SERIALIZED_CRL = (1 << CertQueryContentType.CERT_QUERY_CONTENT_SERIALIZED_CRL),
/// The content is serialized single CTL.
CERT_QUERY_CONTENT_FLAG_SERIALIZED_CTL = (1 << CertQueryContentType.CERT_QUERY_CONTENT_SERIALIZED_CTL),
/// The content is a serialized store.
CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE = (1 << CertQueryContentType.CERT_QUERY_CONTENT_SERIALIZED_STORE),
}
/// The actual type of the content.
[PInvokeData("wincrypt.h", MSDNShortId = "d882f2b0-0f0a-41c7-afca-a232dc00797b")]
public enum CertQueryContentType
{
/// The content is a single certificate.
CERT_QUERY_CONTENT_CERT = 1,
/// The content is a single CTL.
CERT_QUERY_CONTENT_CTL = 2,
/// The content is a single CRL.
CERT_QUERY_CONTENT_CRL = 3,
/// The content is a serialized store.
CERT_QUERY_CONTENT_SERIALIZED_STORE = 4,
/// The content is a serialized single certificate.
CERT_QUERY_CONTENT_SERIALIZED_CERT = 5,
/// The content is a serialized single CTL.
CERT_QUERY_CONTENT_SERIALIZED_CTL = 6,
/// The content is a serialized single CRL.
CERT_QUERY_CONTENT_SERIALIZED_CRL = 7,
/// The content is a PKCS #7 signed message.
CERT_QUERY_CONTENT_PKCS7_SIGNED = 8,
/// The content is a PKCS #7 unsigned message.
CERT_QUERY_CONTENT_PKCS7_UNSIGNED = 9,
/// The content is an embedded PKCS #7 signed message.
CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED = 10,
/// The content is a PKCS #10 message.
CERT_QUERY_CONTENT_PKCS10 = 11,
///
/// The content is a PFX (PKCS #12) packet. This function only verifies that the object is a PKCS #12 packet. The PKCS #12
/// packet is not loaded into a certificate store.
///
CERT_QUERY_CONTENT_PFX = 12,
/// The content is an ASN.1 encoded X509_CERT_pair.
CERT_QUERY_CONTENT_CERT_PAIR = 13,
///
/// The content is a PFX (PKCS #12) packet, and it has been loaded into a certificate store.
/// Windows Server 2003 and Windows XP: This value is not supported.
///
CERT_QUERY_CONTENT_PFX_AND_LOAD = 14,
}
/// Indicates the expected format of the returned type.
[PInvokeData("wincrypt.h", MSDNShortId = "d882f2b0-0f0a-41c7-afca-a232dc00797b")]
public enum CertQueryFormatFlags : uint
{
/// The content should be returned in binary format.
CERT_QUERY_FORMAT_FLAG_BINARY = (1 << CertQueryFormatType.CERT_QUERY_FORMAT_BINARY),
/// The content should be returned in Base64 encoded format.
CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED = (1 << CertQueryFormatType.CERT_QUERY_FORMAT_BASE64_ENCODED),
/// The content should be returned in ASCII hex-encoded format with a "{ASN}" prefix.
CERT_QUERY_FORMAT_FLAG_ASN_ASCII_HEX_ENCODED = (1 << CertQueryFormatType.CERT_QUERY_FORMAT_ASN_ASCII_HEX_ENCODED),
/// The content can be returned in any format.
CERT_QUERY_FORMAT_FLAG_ALL = (CERT_QUERY_FORMAT_FLAG_BINARY | CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED | CERT_QUERY_FORMAT_FLAG_ASN_ASCII_HEX_ENCODED),
}
/// The actual format type of the content.
[PInvokeData("wincrypt.h", MSDNShortId = "d882f2b0-0f0a-41c7-afca-a232dc00797b")]
public enum CertQueryFormatType
{
/// The content is in binary format.
CERT_QUERY_FORMAT_BINARY = 1,
/// The content is in Base64 encoded format.
CERT_QUERY_FORMAT_BASE64_ENCODED = 2,
/// The content is in ASCII hex-encoded format with an "{ASN}" prefix.
CERT_QUERY_FORMAT_ASN_ASCII_HEX_ENCODED = 3,
}
/// Indicates the type of the object to be queried.
[PInvokeData("wincrypt.h", MSDNShortId = "d882f2b0-0f0a-41c7-afca-a232dc00797b")]
public enum CertQueryObjectType
{
/// The cert query object file
CERT_QUERY_OBJECT_FILE = 0x00000001,
/// The cert query object BLOB
CERT_QUERY_OBJECT_BLOB = 0x00000002,
}
/// RDN attribute flags.
[Flags]
[PInvokeData("wincrypt.h", MSDNShortId = "e45b80a3-9269-4f21-8407-1c8303cb5f32")]
public enum CertRDNAttrsFlag
{
/// The pRDN was initialized with Unicode strings
CERT_UNICODE_IS_RDN_ATTRS_FLAG = 0x1,
/// Do a case insensitive match.
CERT_CASE_INSENSITIVE_IS_RDN_ATTRS_FLAG = 0x2
}
/// Indicates the type of the context structure.
[PInvokeData("wincrypt.h", MSDNShortId = "2d6fb244-5273-4530-bec4-e5451fe26f2e")]
public enum CertRevocationType
{
/// The revocation of certificates.
CERT_CONTEXT_REVOCATION_TYPE = 1
}
/// Indicates any special processing needs.
[PInvokeData("wincrypt.h", MSDNShortId = "2d6fb244-5273-4530-bec4-e5451fe26f2e")]
[Flags]
public enum CertVerifyFlags
{
///
/// Verification of the chain of certificates is done assuming each certificate except the first certificate is the issuer of
/// the certificate that precedes it. If dwRevType is not CERT_CONTEXT_REVOCATION_TYPE, no assumptions are made about the order
/// of the contexts.
///
CERT_VERIFY_REV_CHAIN_FLAG = 0x00000001,
/// Prevents the revocation handler from accessing any network-based resources for revocation checking.
CERT_VERIFY_CACHE_ONLY_BASED_REVOCATION = 0x00000002,
/// When set, dwUrlRetrievalTimeout is the cumulative time-out across all URL wire retrievals.
CERT_VERIFY_REV_ACCUMULATIVE_TIMEOUT_FLAG = 0x00000004,
///
/// When set, this function only uses online certificate status protocol (OCSP) for revocation checking. If the certificate does
/// not have any OCSP AIA URLs, the dwError member of the pRevStatus parameter is set to CRYPT_E_NOT_IN_REVOCATION_DATABASE.
///
CERT_VERIFY_REV_SERVER_OCSP_FLAG = 0x00000008,
///
/// When set, only the OCSP AIA URL is used if present in the subject. If the subject doesn't have an OCSP AIA URL, then, the
/// CDP URLs are used.
///
CERT_VERIFY_REV_NO_OCSP_FAILOVER_TO_CRL_FLAG = 0x00000010,
/// When set, only wire retrieval for OCSP responses.
CERT_VERIFY_REV_SERVER_OCSP_WIRE_ONLY_FLAG = 0x00000020,
}
/// Specifies the cause of the error.
[PInvokeData("wincrypt.h", MSDNShortId = "087ea37a-907a-4652-a5df-dd8e86755490")]
public enum CRL_REASON
{
/// No reason was specified for revocation.
CRL_REASON_UNSPECIFIED = 0,
///
/// It is known or suspected that the subject's private key or other aspects of the subject validated in the certificate are compromised.
///
CRL_REASON_KEY_COMPROMISE = 1,
///
/// It is known or suspected that the CA's private key or other aspects of the CA validated in the certificate are compromised.
///
CRL_REASON_CA_COMPROMISE = 2,
///
/// The subject's name or other information in the certificate has been modified but there is no cause to suspect that the
/// private key has been compromised.
///
CRL_REASON_AFFILIATION_CHANGED = 3,
/// The certificate has been superseded, but there is no cause to suspect that the private key has been compromised.
CRL_REASON_SUPERSEDED = 4,
///
/// The certificate is no longer needed for the purpose for which it was issued, but there is no cause to suspect that the
/// private key has been compromised.
///
CRL_REASON_CESSATION_OF_OPERATION = 5,
/// The certificate has been placed on hold.
CRL_REASON_CERTIFICATE_HOLD = 6,
///
CRL_REASON_REMOVE_FROM_CRL = 8,
///
CRL_REASON_PRIVILEGE_WITHDRAWN = 9,
///
CRL_REASON_AA_COMPROMISE = 10,
}
/// A set of flags that modify the behavior of this function.
[PInvokeData("wincrypt.h", MSDNShortId = "9e63517d-a56e-45a9-972c-de9a297e9e25")]
[Flags]
public enum CryptFindFlags
{
/// Restricts the search to the user container. The default is to search both the user and machine containers.
CRYPT_FIND_USER_KEYSET_FLAG = 0x00000001,
/// Restricts the search to the machine container. The default is to search both the user and machine containers.
CRYPT_FIND_MACHINE_KEYSET_FLAG = 0x00000002,
///
/// The application requests that the CSP not display any user interface (UI) for this context. If the CSP must display the UI
/// to operate, the call fails and the NTE_SILENT_CONTEXT error code is set as the last error.
///
CRYPT_FIND_SILENT_KEYSET_FLAG = 0x00000040,
///
/// If a handle is already acquired and cached, that same handle is returned. Otherwise, a new handle is acquired and cached by
/// using the certificate's CERT_KEY_CONTEXT_PROP_ID property.
///
/// When this flag is set, the pfCallerFreeProvOrNCryptKey parameter receives FALSE and the calling application must not release
/// the handle. The handle is freed when the certificate context is freed; however, you must retain the certificate context
/// referenced by the pCert parameter as long as the key is in use, otherwise operations that rely on the key will fail.
///
///
CRYPT_ACQUIRE_CACHE_FLAG = 0x00000001,
///
/// Uses the certificate's CERT_KEY_PROV_INFO_PROP_ID property to determine whether caching should be accomplished. For more
/// information about the CERT_KEY_PROV_INFO_PROP_ID property, see CertSetCertificateContextProperty.
///
/// This function will only use caching if during a previous call, the dwFlags member of the CRYPT_KEY_PROV_INFO structure
/// contained CERT_SET_KEY_CONTEXT_PROP.
///
///
CRYPT_ACQUIRE_USE_PROV_INFO_FLAG = 0x00000002,
///
/// The public key in the certificate is compared with the public key returned by the cryptographic service provider (CSP). If
/// the keys do not match, the acquisition operation fails and the last error code is set to NTE_BAD_PUBLIC_KEY. If a cached
/// handle is returned, no comparison is made.
///
CRYPT_ACQUIRE_COMPARE_KEY_FLAG = 0x00000004,
///
/// This function will not attempt to re-create the CERT_KEY_PROV_INFO_PROP_ID property in the certificate context if this
/// property cannot be retrieved.
///
CRYPT_ACQUIRE_NO_HEALING = 0x00000008,
///
/// The CSP should not display any user interface (UI) for this context. If the CSP must display UI to operate, the call fails
/// and the NTE_SILENT_CONTEXT error code is set as the last error.
///
CRYPT_ACQUIRE_SILENT_FLAG = 0x00000040,
///
/// Any UI that is needed by the CSP or KSP will be a child of the HWND that is supplied in the pvParameters parameter. For a
/// CSP key, using this flag will cause the CryptSetProvParam function with the flag PP_CLIENT_HWND using this HWND to be called
/// with NULL for HCRYPTPROV. For a KSP key, using this flag will cause the NCryptSetProperty function with the
/// NCRYPT_WINDOW_HANDLE_PROPERTY flag to be called using the HWND.
/// Do not use this flag with CRYPT_ACQUIRE_SILENT_FLAG.
///
CRYPT_ACQUIRE_WINDOW_HANDLE_FLAG = 0x00000080,
/// The crypt acquire ncrypt key flags mask
CRYPT_ACQUIRE_NCRYPT_KEY_FLAGS_MASK = 0x00070000,
///
/// This function will attempt to obtain the key by using CryptoAPI. If that fails, this function will attempt to obtain the key
/// by using the Cryptography API: Next Generation (CNG).
/// The CERT_KEY_PROV_INFO_PROP_ID property of the certificate is set to zero if CNG is used to obtain the key.
///
CRYPT_ACQUIRE_ALLOW_NCRYPT_KEY_FLAG = 0x00010000,
///
/// This function will attempt to obtain the key by using CNG. If that fails, this function will attempt to obtain the key by
/// using CryptoAPI.
/// The CERT_KEY_PROV_INFO_PROP_ID property of the certificate is set to zero if CNG is used to obtain the key.
///
CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG = 0x00020000,
///
/// This function will only attempt to obtain the key by using CNG and will not use CryptoAPI to obtain the key.
/// The CERT_KEY_PROV_INFO_PROP_ID property of the certificate is set to zero if CNG is used to obtain the key.
///
CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG = 0x00040000,
}
///
/// Indicates how the public key information is exported. The flag value is passed directly to the CryptFindOIDInfo function when
/// mapping the public key object identifier to the corresponding CNG public key algorithm Unicode string.
///
[PInvokeData("wincrypt.h", MSDNShortId = "38274222-90b3-4038-86d3-6b2813100ce2")]
[Flags]
public enum CryptOIDInfoFlags : uint
{
/// pvKey is the address of a null-terminated ANSI string that contains the OID string to find.
CRYPT_OID_INFO_OID_KEY = 1,
/// pvKey is the address of a null-terminated Unicode string that contains the name to find.
CRYPT_OID_INFO_NAME_KEY = 2,
/// pvKey is the address of an ALG_IDvariable.
CRYPT_OID_INFO_ALGID_KEY = 3,
///
/// pvKey is the address of an array of two ALG_IDs where the first element contains the hash algorithm identifier and the
/// second element contains the public key algorithm identifier.
///
CRYPT_OID_INFO_SIGN_KEY = 4,
///
/// pvKey is the address of a null-terminated Unicode string that contains the CNG algorithm identifier to find. This can be one
/// of the predefined CNG Algorithm Identifiers or another registered algorithm identifier.
///
CRYPT_OID_INFO_CNG_ALGID_KEY = 5,
///
/// pvKey is the address of an array of two null-terminated Unicode string pointers where the first string contains the hash CNG
/// algorithm identifier and the second string contains the public key CNG algorithm identifier. These can be from the
/// predefined CNG Algorithm Identifiers or another registered algorithm identifier.
///
CRYPT_OID_INFO_CNG_SIGN_KEY = 6,
///
/// Skips public keys in the CRYPT_PUBKEY_ALG_OID_GROUP_ID group explicitly flagged with the CRYPT_OID_PUBKEY_ENCRYPT_ONLY_FLAG flag.
///
CRYPT_OID_INFO_PUBKEY_SIGN_KEY_FLAG = 0x80000000,
///
/// Skips public keys in the CRYPT_PUBKEY_ALG_OID_GROUP_ID group explicitly flagged with the CRYPT_OID_PUBKEY_SIGN_ONLY_FLAG flag.
///
CRYPT_OID_INFO_PUBKEY_ENCRYPT_KEY_FLAG = 0x40000000
}
/// Flags that modify the function behavior.
[PInvokeData("wincrypt.h", MSDNShortId = "8a84af66-b174-4a3e-b1d7-6f218a52d877")]
[Flags]
public enum CryptVerifyCertSignFlags
{
///
/// If you set this flag and CryptVerifyCertificateSignatureEx detects an MD2 or MD4 algorithm, the function returns FALSE and
/// sets GetLastError to NTE_BAD_ALGID. The signature is still verified, but this combination of errors enables the caller, now
/// knowing that an MD2 or MD4 algorithm was used, to decide whether to trust or reject the signature.
/// Windows 8 and Windows Server 2012: Support for this flag begins.
///
CRYPT_VERIFY_CERT_SIGN_DISABLE_MD2_MD4_FLAG = 0x00000001,
///
/// Sets strong signature properties, after successful verification, on the subject pointed to by the pvSubject parameter.
/// The following property is set on the certificate context:
/// CERT_SIGN_HASH_CNG_ALG_PROP_ID
/// The following properties are set on the CRL context:
/// CERT_SIGN_HASH_CNG_ALG_PROP_ID
/// CERT_ISSUER_PUB_KEY_BIT_LENGTH_PROP_ID
/// Note This flag is only applicable if CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL is specified in the dwSubjectType parameter.
/// Windows 8 and Windows Server 2012: Support for this flag begins.
///
CRYPT_VERIFY_CERT_SIGN_SET_STRONG_PROPERTIES_FLAG = 0x00000002,
///
/// Returns a pointer to a CRYPT_VERIFY_CERT_SIGN_STRONG_PROPERTIES_INFO structure in the pvExtra parameter. The structure
/// contains the length, in bits, of the public key and the names of the signing and hashing algorithms used.
///
/// You must call CryptMemFree to free the structure. If memory cannot be allocated for the
/// CRYPT_VERIFY_CERT_SIGN_STRONG_PROPERTIES_INFO structure, this function returns successfully but sets the pvExtra parameter
/// to NULL.
///
///
/// Note This flag is only applicable if CRYPT_VERIFY_CERT_SIGN_SUBJECT_OCSP_BASIC_SIGNED_RESPONSE is specified in the
/// dwSubjectType parameter.
///
/// Windows 8 and Windows Server 2012: Support for this flag begins.
///
CRYPT_VERIFY_CERT_SIGN_RETURN_STRONG_PROPERTIES_FLAG = 0x00000004,
}
/// The issuer type.
[PInvokeData("wincrypt.h", MSDNShortId = "8a84af66-b174-4a3e-b1d7-6f218a52d877")]
public enum CryptVerifyCertSignIssuer
{
/// pvIssuer is a pointer to a CERT_PUBLIC_KEY_INFOstructure.
CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY = 1,
/// pvIssuer is a pointer to a CCERT_CONTEXTstructure.
CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT = 2,
/// pvIssuer is a pointer to a CCERT_CHAIN_CONTEXTstructure.
CRYPT_VERIFY_CERT_SIGN_ISSUER_CHAIN = 3,
/// pvIssuer must be NULL.
CRYPT_VERIFY_CERT_SIGN_ISSUER_NULL = 4,
}
/// The subject type.
[PInvokeData("wincrypt.h", MSDNShortId = "8a84af66-b174-4a3e-b1d7-6f218a52d877")]
public enum CryptVerifyCertSignSubject
{
/// pvSubject is a pointer to a CRYPT_DATA_BLOBstructure.
CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB = 1,
/// pvSubject is a pointer to a CCERT_CONTEXTstructure.
CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT = 2,
/// pvSubject is a pointer to a CCRL_CONTEXTstructure.
CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL = 3,
///
/// pvSubject is a pointer to an OCSP_BASIC_SIGNED_RESPONSE_INFO structure.
/// Windows Server 2003 and Windows XP: This subject type is not supported.
///
CRYPT_VERIFY_CERT_SIGN_SUBJECT_OCSP_BASIC_SIGNED_RESPONSE = 4,
}
///
///
/// The CertCompareCertificate function determines whether two certificates are identical by comparing the issuer name and
/// serial number of the certificates.
///
///
/// Caution The CertCompareCertificate function must not be used for security assertions because it does not compare BLOBs.
///
///
///
///
/// Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by
/// combining them with a bitwise- OR operation as shown in the following example:
///
/// X509_ASN_ENCODING | PKCS_7_ASN_ENCODING Currently defined encoding types are:
///
/// -
/// X509_ASN_ENCODING
///
/// -
/// PKCS_7_ASN_ENCODING
///
///
///
/// A pointer to the CERT_INFO for the first certificate in the comparison.
/// A pointer to the CERT_INFO for the second certificate in the comparison.
///
/// If the certificates are identical and the function succeeds, the function returns nonzero ( TRUE).
/// If the function fails, it returns zero ( FALSE).
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certcomparecertificate BOOL CertCompareCertificate( DWORD
// dwCertEncodingType, PCERT_INFO pCertId1, PCERT_INFO pCertId2 );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "b485fa81-b927-4f0c-bde1-075f36c76d9a")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertCompareCertificate(CertEncodingType dwCertEncodingType, in CERT_INFO pCertId1, in CERT_INFO pCertId2);
///
/// The CertCompareCertificateName function compares two certificate CERT_NAME_BLOB structures to determine whether they are
/// identical. The CERT_NAME_BLOB structures are used for the subject and the issuer of certificates.
///
///
///
/// Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by
/// combining them with a bitwise- OR operation as shown in the following example:
///
/// X509_ASN_ENCODING | PKCS_7_ASN_ENCODING Currently defined encoding types are:
///
/// -
/// X509_ASN_ENCODING
///
/// -
/// PKCS_7_ASN_ENCODING
///
///
///
/// A pointer to a CERT_NAME_BLOB for the first name in the comparison. For more information, see CRYPT_INTEGER_BLOB.
/// A pointer to a CERT_NAME_BLOB for the second name in the comparison.
///
/// If the names are identical and the function succeeds, the function returns nonzero ( TRUE).
/// If the function fails, it returns zero ( FALSE).
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certcomparecertificatename BOOL
// CertCompareCertificateName( DWORD dwCertEncodingType, PCERT_NAME_BLOB pCertName1, PCERT_NAME_BLOB pCertName2 );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "6249429d-0cb2-4209-9580-87185d44b967")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertCompareCertificateName(CertEncodingType dwCertEncodingType, in CRYPTOAPI_BLOB pCertName1, in CRYPTOAPI_BLOB pCertName2);
///
/// The CertCompareIntegerBlob function compares two integer BLOBs to determine whether they represent equal numeric values.
///
/// A pointer to a CRYPT_INTEGER_BLOB structure that contains the first integer in the comparison.
/// A pointer to a CRYPT_INTEGER_BLOB structure that contains the second integer in the comparison.
///
/// If the representations of the integer BLOBs are identical and the function succeeds, the function returns nonzero ( TRUE).
/// If the function fails, it returns zero ( FALSE). For extended error information, call GetLastError.
///
///
///
/// Before doing the comparison, most significant bytes with a value of 0x00 are removed from a positive number. Positive here means
/// that the most significant bit in the next nonzero byte is not set.
///
///
/// Most significant bytes with a value of 0xFF are removed from a negative number. Negative here means that the most significant
/// bit in the next non-0xFF byte is set. This produces the unique representation of that integer, as shown in the following table.
///
///
///
/// Original bytes
/// Reduced form
///
/// -
/// 0xFFFFFF88
/// 0xFF88
///
/// -
/// 0xFF23
/// 0xFF23
///
/// -
/// 0x007F
/// 0x7F
///
/// -
/// 0x00000080
/// 0x80
///
///
///
/// Multiple-byte integers are treated as little-endian. The least significant byte is pbData[0]. The most significant byte is
/// pbData[cbData - 1], that is, 0xFFFFFF88 is stored in four bytes as:
///
/// {0x88, 0xFF, 0xFF, 0xFF}
/// Examples
/// For an example that uses this function, see Example C Program: Using CertOIDToAlgId and CertCompareIntegerBlob.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certcompareintegerblob BOOL CertCompareIntegerBlob(
// PCRYPT_INTEGER_BLOB pInt1, PCRYPT_INTEGER_BLOB pInt2 );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "467ce464-2f22-4583-a745-711ba3b05f4f")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertCompareIntegerBlob(in CRYPTOAPI_BLOB pInt1, in CRYPTOAPI_BLOB pInt2);
/// The CertComparePublicKeyInfo function compares two encoded public keys to determine whether they are identical.
///
///
/// Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by
/// combining them with a bitwise- OR operation as shown in the following example:
///
/// X509_ASN_ENCODING | PKCS_7_ASN_ENCODING Currently defined encoding types are:
///
/// -
/// X509_ASN_ENCODING
///
/// -
/// PKCS_7_ASN_ENCODING
///
///
///
/// A pointer to the CERT_PUBLIC_KEY_INFO for the first public key in the comparison.
/// A pointer to the CERT_PUBLIC_KEY_INFO for the second public key in the comparison.
///
/// If the public keys are identical and the function succeeds, the function returns nonzero ( TRUE).
/// If the function fails, it returns zero ( FALSE).
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certcomparepublickeyinfo BOOL CertComparePublicKeyInfo(
// DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pPublicKey1, PCERT_PUBLIC_KEY_INFO pPublicKey2 );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "079e4d5e-c8cb-4c3e-8094-13b9a140d564")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertComparePublicKeyInfo(CertEncodingType dwCertEncodingType, in CERT_PUBLIC_KEY_INFO pPublicKey1, in CERT_PUBLIC_KEY_INFO pPublicKey2);
///
/// The CertFindAttribute function finds the first attribute in the CRYPT_ATTRIBUTE array, as identified by its object
/// identifier (OID). This function can be used in the processing of a decoded certificate request. A CERT_REQUEST_INFO structure is
/// derived from a decoded certificate request. The rgAttribute array is retrieved from that structure and passed to this
/// function in the rgAttr parameter. This function determines whether a particular attribute is in the array, and if so, returns a
/// pointer to it.
///
/// A pointer to the object identifier (OID) to use in the search.
/// Number of attributes in the rgAttr array.
/// Array of CRYPT_ATTRIBUTE structures.
/// Returns a pointer to the attribute, if one is found. Otherwise, NULL is returned.
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certfindattribute PCRYPT_ATTRIBUTE CertFindAttribute(
// LPCSTR pszObjId, DWORD cAttr, CRYPT_ATTRIBUTE [] rgAttr );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "99d690fb-ea85-4cb1-9fb0-bdb02e4ac50a")]
public static extern IntPtr CertFindAttribute(SafeOID pszObjId, uint cAttr, [MarshalAs(UnmanagedType.LPArray)] CRYPT_ATTRIBUTE[] rgAttr);
///
/// The CertFindAttribute function finds the first attribute in the CRYPT_ATTRIBUTE array, as identified by its object
/// identifier (OID). This function can be used in the processing of a decoded certificate request. A CERT_REQUEST_INFO structure is
/// derived from a decoded certificate request. The rgAttribute array is retrieved from that structure and passed to this
/// function in the rgAttr parameter. This function determines whether a particular attribute is in the array, and if so, returns a
/// reference to it.
///
/// The object identifier (OID) to use in the search.
/// Array of CRYPT_ATTRIBUTE structures.
/// Returns a reference to the attribute, if one is found. Otherwise, is returned.
public static CRYPT_ATTRIBUTE? CertFindAttribute(string pszObjId, CRYPT_ATTRIBUTE[] rgAttr) => CertFindAttribute(pszObjId, (uint)(rgAttr?.Length ?? 0), rgAttr).ToNullableStructure();
///
/// The CertFindExtension function finds the first extension in the CERT_EXTENSION array, as identified by its object
/// identifier (OID). This function can be used in the processing of a decoded certificate. A CERT_INFO structure is derived from a
/// decoded certificate. The CERT_INFO structure's rgExtension member is passed to CertFindExtension in the
/// rgExtensions parameter. This function determines whether a particular extension is in the array, and if so, returns a pointer to it
///
/// A pointer to the object identifier (OID) to use in the search.
/// Number of extensions in the rgExtensions array.
/// Array of CERT_EXTENSION structures.
/// Returns a pointer to the extension, if one is found. Otherwise, NULL is returned.
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certfindextension PCERT_EXTENSION CertFindExtension(
// LPCSTR pszObjId, DWORD cExtensions, CERT_EXTENSION [] rgExtensions );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "489c58b6-a704-4f54-bc64-34eacafc347c")]
public static extern IntPtr CertFindExtension(SafeOID pszObjId, uint cExtensions, [MarshalAs(UnmanagedType.LPArray)] CERT_EXTENSION[] rgExtensions);
///
/// The CertFindExtension function finds the first extension in the CERT_EXTENSION array, as identified by its object
/// identifier (OID). This function can be used in the processing of a decoded certificate. A CERT_INFO structure is derived from a
/// decoded certificate. The CERT_INFO structure's rgExtension member is passed to CertFindExtension in the
/// rgExtensions parameter. This function determines whether a particular extension is in the array, and if so, returns a reference
/// to it
///
/// A pointer to the object identifier (OID) to use in the search.
/// Array of CERT_EXTENSION structures.
/// Returns a reference to the extension, if one is found. Otherwise, is returned.
public static CERT_EXTENSION? CertFindExtension(string pszObjId, CERT_EXTENSION[] rgExtensions) => CertFindExtension(pszObjId, (uint)(rgExtensions?.Length ?? 0), rgExtensions).ToNullableStructure();
///
/// The CertFindRDNAttr function finds the first RDN attribute identified by its object identifier (OID) in a list of the
/// Relative Distinguished Names (RDN).
///
/// A pointer to the object identifier (OID) to use In the search.
/// A pointer to a CERT_NAME_INFO structure containing the list of the Relative Distinguished Names to be searched.
/// Returns a pointer to the attribute, if one is found. Otherwise, NULL is returned.
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certfindrdnattr PCERT_RDN_ATTR CertFindRDNAttr( LPCSTR
// pszObjId, PCERT_NAME_INFO pName );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "31f82a02-e90a-48de-857a-9fbb03048b5c")]
public static extern IntPtr CertFindRDNAttr(SafeOID pszObjId, in CERT_NAME_INFO pName);
///
/// The CertGetIntendedKeyUsage function acquires the intended key usage bytes from a certificate. The intended key usage can
/// be in either the szOID_KEY_USAGE ("2.5.29.15") or szOID_KEY_ATTRIBUTES ("2.5.29.2") extension.
///
///
///
/// Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by
/// combining them with a bitwise- OR operation as shown in the following example:
///
/// X509_ASN_ENCODING | PKCS_7_ASN_ENCODING Currently defined encoding types are:
///
/// -
/// X509_ASN_ENCODING
///
/// -
/// PKCS_7_ASN_ENCODING
///
///
///
/// A pointer to CERT_INFO structure of the specified certificate.
///
///
/// A pointer to a buffer to receive the intended key usage. The following list shows currently defined values. These can be
/// combined by using bitwise- OR operations.
///
///
/// -
/// CERT_DATA_ENCIPHERMENT_KEY_USAGE
///
/// -
/// CERT_DIGITAL_SIGNATURE_KEY_USAGE
///
/// -
/// CERT_KEY_AGREEMENT_KEY_USAGE
///
/// -
/// CERT_KEY_CERT_SIGN_KEY_USAGE
///
/// -
/// CERT_KEY_ENCIPHERMENT_KEY_USAGE
///
/// -
/// CERT_NON_REPUDIATION_KEY_USAGE
///
/// -
/// CERT_OFFLINE_CRL_SIGN_KEY_USAGE
///
///
///
///
/// The size, in bytes, of the buffer pointed to by pbKeyUsage. Currently, the intended key usage occupies 1 or 2 bytes of data.
///
///
///
/// If the certificate does not have any intended key usage bytes, FALSE is returned and pbKeyUsage is zeroed. Otherwise,
/// TRUE is returned and up to cbKeyUsage number of bytes are copied into pbKeyUsage. Any remaining bytes not copied are zeroed.
///
/// GetLastError returns zero if none of the required extensions is found.
///
/// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information
/// about these errors, see ASN.1 Encoding/Decoding Return Values.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certgetintendedkeyusage BOOL CertGetIntendedKeyUsage(
// DWORD dwCertEncodingType, PCERT_INFO pCertInfo, BYTE *pbKeyUsage, DWORD cbKeyUsage );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "d09c3626-f864-4774-8511-3e912f62e520")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertGetIntendedKeyUsage(CertEncodingType dwCertEncodingType, in CERT_INFO pCertInfo, out CertKeyUsage pbKeyUsage, uint cbKeyUsage = 2);
/// The CertGetPublicKeyLength function acquires the bit length of public/private keys from a public key BLOB.
///
///
/// Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by
/// combining them with a bitwise- OR operation as shown in the following example:
///
/// X509_ASN_ENCODING | PKCS_7_ASN_ENCODING Currently defined encoding types are:
///
/// -
/// X509_ASN_ENCODING
///
/// -
/// PKCS_7_ASN_ENCODING
///
///
///
/// A pointer to the public key BLOB containing the keys for which the length is being retrieved.
///
/// Returns the length of the public/private keys in bits. If unable to determine the key's length, returns zero.
/// Call GetLastError to see the reason for any failures.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certgetpublickeylength DWORD CertGetPublicKeyLength(
// DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pPublicKey );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "e67923f4-cd1f-4952-88f1-92ee26423f87")]
public static extern uint CertGetPublicKeyLength(CertEncodingType dwCertEncodingType, in CERT_PUBLIC_KEY_INFO pPublicKey);
///
/// The CertIsRDNAttrsInCertificateName function compares the attributes in the certificate name with the specified CERT_RDN
/// to determine whether all attributes are included there. The comparison iterates through the CERT_RDN and looks for an
/// attribute match in any of the CERT_RDN s of the certificate name.
///
///
///
/// Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by
/// combining them with a bitwise- OR operation as shown in the following example:
///
/// X509_ASN_ENCODING | PKCS_7_ASN_ENCODING
/// Currently defined encoding types are:
///
/// -
/// X509_ASN_ENCODING
///
/// -
/// PKCS_7_ASN_ENCODING
///
///
///
///
///
/// CERT_UNICODE_IS_RDN_ATTRS_FLAG must be set if the pRDN was initialized with Unicode strings as in CryptEncodeObject with
/// lpszStructType set to X509_UNICODE_NAME.
///
///
/// CERT_CASE_INSENSITIVE_IS_RDN_ATTRS_FLAG is set to do a case insensitive match. Otherwise, an exact, case sensitive match is done.
///
///
/// A pointer to a CRYPT_INTEGER_BLOB that contains the encoded subject or issuer name.
///
///
/// Array of CERT_RDN structures that contain the attributes to be found in the name. The CERT_RDN_ATTR member of the
/// CERT_RDN structure behaves according to the following rules.
///
///
/// -
/// If pszObjId is NULL, the attribute object identifier (OID) is ignored.
///
/// -
/// If dwValueType is CERT_RDN_ANY_TYPE, the value type is ignored.
///
/// -
/// If the pbData member of Value is NULL, any value can be a match.
///
///
///
///
///
/// If the function succeeds and all of the RDN values in the specified CERT_RDN are in the certificate name, the return value is
/// nonzero ( TRUE).
///
///
/// If the function fails, or if there are RDN values in the specified CERT_RDN that are not in the certificate name, the return
/// value is zero ( FALSE). For extended error information, call GetLastError.
///
/// The following table lists some possible error codes.
///
///
/// Return code
/// Description
///
/// -
/// CRYPT_E_NO_MATCH
/// Not all the attributes were found and matched.
///
/// -
/// ERROR_FILE_NOT_FOUND
/// Invalid certificate encoding type. Currently only X509_ASN_ENCODING is supported.
///
///
///
/// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information
/// about these errors, see ASN.1 Encoding/Decoding Return Values.
///
///
/// Currently, only an exact, case-sensitive match is supported.
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certisrdnattrsincertificatename BOOL
// CertIsRDNAttrsInCertificateName( DWORD dwCertEncodingType, DWORD dwFlags, PCERT_NAME_BLOB pCertName, PCERT_RDN pRDN );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "e45b80a3-9269-4f21-8407-1c8303cb5f32")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertIsRDNAttrsInCertificateName(CertEncodingType dwCertEncodingType, CertRDNAttrsFlag dwFlags, in CRYPTOAPI_BLOB pCertName, [In, MarshalAs(UnmanagedType.LPArray)] CERT_RDN[] pRDN);
///
/// Determines whether the specified hash algorithm and the public key in the signing certificate can be used to perform strong signing.
///
///
/// Pointer to a CERT_STRONG_SIGN_PARA structure that contains information about supported signing and hashing algorithms.
///
///
/// Pointer to a Unicode string that contains the name of the hashing algorithm. The following algorithms are supported:
///
/// -
/// L"MD5" (BCRYPT_MD5_ALGORITHM)
///
/// -
/// L"SHA1" (BCRYPT_SHA1_ALGORITHM)
///
/// -
/// L"SHA256" (BCRYPT_SHA256_ALGORITHM)
///
/// -
/// L"SHA256" (BCRYPT_SHA256_ALGORITHM)
///
/// -
/// L"SHA512" (BCRYPT_SHA512_ALGORITHM)
///
///
///
///
///
/// Pointer to a CERT_CONTEXT structure that contains the signing certificate. The public key algorithm in the signing certificate
/// is checked for strength. The public key (asymmetric) algorithm is used for signing. The following signature algorithms are supported:
///
///
/// -
/// L"RSA" (BCRYPT_RSA_ALGORITHM)
///
/// -
/// L"DSA" (BCRYPT_DSA_ALGORITHM)
///
/// -
/// L"ECDSA" (SSL_ECDSA_ALGORITHM)
///
///
/// This parameter can be
/// NULL
/// if you want to check only whether the hashing algorithm is strong.
///
///
/// If the function succeeds, the function returns TRUE.
///
/// If the function fails, it returns FALSE. For extended error information, call GetLastError. This function has the
/// following error codes.
///
///
///
/// Return code
/// Description
///
/// -
/// E_INVALIDARG
/// One or more of the input arguments is not correct.
///
/// -
/// NTE_BAD_ALGID
/// A specified algorithm is not supported.
///
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certisstronghashtosign BOOL CertIsStrongHashToSign(
// PCCERT_STRONG_SIGN_PARA pStrongSignPara, LPCWSTR pwszCNGHashAlgid, PCCERT_CONTEXT pSigningCert );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "B498C1F0-1EFF-49AF-9CD4-A447F79256F1")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertIsStrongHashToSign(in CERT_STRONG_SIGN_PARA pStrongSignPara, [MarshalAs(UnmanagedType.LPWStr)] string pwszCNGHashAlgid, [Optional] PCCERT_CONTEXT pSigningCert);
///
/// The CertVerifyCRLRevocation function check a certificate revocation list (CRL) to determine whether a subject's
/// certificate has or has not been revoked. The new Certificate Chain Verification Functions are recommended instead of the use of
/// this function.
///
///
///
/// Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by
/// combining them with a bitwise- OR operation as shown in the following example:
///
/// X509_ASN_ENCODING | PKCS_7_ASN_ENCODING
/// Currently defined encoding types are:
///
/// -
/// X509_ASN_ENCODING
///
/// -
/// PKCS_7_ASN_ENCODING
///
///
///
/// A pointer to the CERT_INFO structure of the certificate to be checked against the CRL.
/// Number of CRL_INFO pointers in the rgpCrlInfo array.
/// Array of pointers to CRL_INFO structures.
///
/// Returns TRUE if the certificate is not on the CRL and therefore is valid.
/// It returns FALSE if the certificate is on the list and therefore has been revoked and is not valid.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certverifycrlrevocation BOOL CertVerifyCRLRevocation(
// DWORD dwCertEncodingType, PCERT_INFO pCertId, DWORD cCrlInfo, PCRL_INFO [] rgpCrlInfo );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "a46ac5b5-bc44-4857-a7fb-4f35d438e3f7")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertVerifyCRLRevocation(CertEncodingType dwCertEncodingType, in CERT_INFO pCertId, uint cCrlInfo, [MarshalAs(UnmanagedType.LPArray)] IntPtr[] rgpCrlInfo);
/// The CertVerifyCRLTimeValidity function verifies the time validity of a CRL.
///
/// A pointer to FILETIME structure containing the time to be used in the verification. If set to NULL, the current time is used.
///
/// A pointer to a CRL_INFO structure containing the CRL for which the time is to be verified.
///
/// Returns a minus one (–1) if the comparison time is before the ThisUpdate member of the CRL_INFO pointed to by pCrlInfo.
/// Returns a plus one (+1) if the comparison time is after the NextUpdate time. Returns zero for valid time for the CRL.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certverifycrltimevalidity LONG CertVerifyCRLTimeValidity(
// LPFILETIME pTimeToVerify, PCRL_INFO pCrlInfo );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "ff321fe8-df45-4a1d-b626-055fb0696438")]
public static extern int CertVerifyCRLTimeValidity(in FILETIME pTimeToVerify, in CRL_INFO pCrlInfo);
///
/// The CertVerifyRevocation function checks the revocation status of the certificates contained in the rgpvContext array. If
/// a certificate in the list is found to be revoked, no further checking is done. This array can be a chain of certificates
/// propagating upward from an end entity to the root authority, but this nature of the list of certificates is not required or assumed.
///
///
/// Specifies the encoding type used. Currently, only X509_ASN_ENCODING and PKCS_7_ASN_ENCODING are being used; however, additional
/// encoding types may be added in the future. For either current encoding type, use X509_ASN_ENCODING | PKCS_7_ASN_ENCODING.
///
///
/// Indicates the type of the context structure passed in rgpvContext. Currently only CERT_CONTEXT_REVOCATION_TYPE, the revocation
/// of certificates, is defined.
///
/// Count of elements in the rgpvContext array.
///
///
/// When the dwRevType is CERT_CONTEXT_REVOCATION_TYPE, rgpvContext is an array of pointers to CERT_CONTEXT structures. These
/// contexts must contain sufficient information to allow the installable or registered revocation DLLs to find the revocation
/// server. This information would normally be conveyed in an extension such as the CRLDistributionsPoints extension defined by the
/// Internet Engineering Task Force (IETF) in PKIX Part 1.
///
/// For efficiency, the more contexts that are passed in at one time, the better.
///
///
/// Indicates any special processing needs. This parameter can be one of the following flags.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_VERIFY_REV_CHAIN_FLAG
///
/// Verification of the chain of certificates is done assuming each certificate except the first certificate is the issuer of the
/// certificate that precedes it. If dwRevType is not CERT_CONTEXT_REVOCATION_TYPE, no assumptions are made about the order of the contexts.
///
///
/// -
/// CERT_VERIFY_CACHE_ONLY_BASED_REVOCATION
/// Prevents the revocation handler from accessing any network-based resources for revocation checking.
///
/// -
/// CERT_VERIFY_REV_ACCUMULATIVE_TIMEOUT_FLAG
/// When set, dwUrlRetrievalTimeout is the cumulative time-out across all URL wire retrievals.
///
/// -
/// CERT_VERIFY_REV_SERVER_OCSP_FLAG
///
/// When set, this function only uses online certificate status protocol (OCSP) for revocation checking. If the certificate does not
/// have any OCSP AIA URLs, the dwError member of the pRevStatus parameter is set to CRYPT_E_NOT_IN_REVOCATION_DATABASE.
///
///
///
///
/// Optionally set to assist in finding the issuer. For details, see the CERT_REVOCATION_PARA structure.
///
///
/// Only the cbSize member of the CERT_REVOCATION_STATUS pointed to by pRevStatus needs to be set before
/// CertVerifyRevocation is called.
///
///
/// If the function returns FALSE, this structure's members will contain error status information. For more information, see
/// CERT_REVOCATION_STATUS. For a description of how pRevStatus is updated when a revocation verification problem is encountered,
/// see Remarks.
///
///
///
///
/// If the function successfully checks all of the contexts and none were revoked, the function returns TRUE. If the function
/// fails, it returns FALSE and updates the CERT_REVOCATION_STATUS structure pointed to by pRevStatus as described in CERT_REVOCATION_STATUS.
///
///
/// When the revocation handler for any of the contexts returns FALSE due to an error, the dwError member in the
/// structure pointed to by pRevStatus will be set by the handler to specify which error was encountered. GetLastError returns an
/// error code equal to the error specified in the dwError member of the CERT_REVOCATION_STATUS structure.
/// GetLastError can be one of the following values.
///
///
///
/// Value
/// Description
///
/// -
/// CRYPT_E_NO_REVOCATION_CHECK
/// An installed or registered revocation function was not able to do a revocation check on the context.
///
/// -
/// CRYPT_E_NO_REVOCATION_DLL
/// No installed or registered DLL was found that was able to verify revocation.
///
/// -
/// CRYPT_E_NOT_IN_REVOCATION_DATABASE
/// The context to be checked was not found in the revocation server's database.
///
/// -
/// CRYPT_E_REVOCATION_OFFLINE
/// It was not possible to connect to the revocation server.
///
/// -
/// CRYPT_E_REVOKED
/// The context was revoked. dwReason in pRevStatus contains the reason for revocation.
///
/// -
/// ERROR_SUCCESS
/// The context was good.
///
/// -
/// E_INVALIDARG
///
/// cbSize in pRevStatus is less than sizeof(CERT_REVOCATION_STATUS). Note that dwError in pRevStatus is not updated for this error.
///
///
///
///
///
/// The following example shows how pRevStatus is updated when a revocation verification problem is encountered:
/// Consider the case where cContext is four:
///
/// If CertVerifyRevocation can verify that rgpvContext[0] and rgpvContext[1] are not revoked, but cannot check
/// rgpvContext[2], the pRevStatus member dwIndex is set to two, indicating that the context at index two has the problem,
/// the dwError member of pRevStatus is set to CRYPT_E_NO_REVOCATION_CHECK, and FALSE is returned.
///
///
/// If rgpvContext[2] is found to be revoked, the dwIndex member of pRevStatus is set to two, and the dwError member
/// of pRevStatus is set to CRYPT_E_REVOKED, dwReason is updated, and FALSE is returned.
///
///
/// In either case, both rgpvContext[0] and rgpvContext[1] are verified not to be revoked, rgpvContext[2] is the last array index
/// checked, and rgpvContext[3] has not been checked at all.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certverifyrevocation BOOL CertVerifyRevocation( DWORD
// dwEncodingType, DWORD dwRevType, DWORD cContext, PVOID [] rgpvContext, DWORD dwFlags, PCERT_REVOCATION_PARA pRevPara,
// PCERT_REVOCATION_STATUS pRevStatus );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "2d6fb244-5273-4530-bec4-e5451fe26f2e")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertVerifyRevocation(CertEncodingType dwEncodingType, CertRevocationType dwRevType, uint cContext, [In, MarshalAs(UnmanagedType.LPArray)] IntPtr[] rgpvContext,
CertVerifyFlags dwFlags, in CERT_REVOCATION_PARA pRevPara, ref CERT_REVOCATION_STATUS pRevStatus);
/// The CertVerifyTimeValidity function verifies the time validity of a certificate.
///
/// A pointer to a FILETIME structure containing the comparison time. If NULL, the current time is used.
///
/// A pointer to the CERT_INFO structure of the certificate for which the time is being verified.
///
/// Returns a minus one if the comparison time is before the NotBefore member of the CERT_INFO structure. Returns a plus one
/// if the comparison time is after the NotAfter member. Returns zero for valid time for the certificate.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certverifytimevalidity LONG CertVerifyTimeValidity(
// LPFILETIME pTimeToVerify, PCERT_INFO pCertInfo );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "9ccf9230-e998-4f82-9db0-6cbaa1c36850")]
public static extern int CertVerifyTimeValidity(in FILETIME pTimeToVerify, in CERT_INFO pCertInfo);
///
/// The CertVerifyValidityNesting function verifies that a subject certificate's time validity nests correctly within its
/// issuer's time validity.
///
/// A pointer to the CERT_INFO structure of the subject certificate.
/// A pointer to the CERT_INFO structure of the issuer certificate.
///
/// Returns TRUE if the NotBefore time of the subject's certificate is after the NotBefore time of the issuer's
/// certificate and the NotAfter time of the subject's certificate is not after the NotAfter time of the issuer's
/// certificate. Otherwise, returns FALSE.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certverifyvaliditynesting BOOL CertVerifyValidityNesting(
// PCERT_INFO pSubjectInfo, PCERT_INFO pIssuerInfo );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "dc73a21d-5b55-45c4-80d2-220508d9f762")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CertVerifyValidityNesting(in CERT_INFO pSubjectInfo, in CERT_INFO pIssuerInfo);
///
///
/// [The CryptExportPKCS8 function is no longer available for use as of Windows Server 2008 and Windows Vista. Instead, use
/// the PFXExportCertStoreEx function.]
///
///
/// The CryptExportPKCS8 function exports the private key in PKCS #8 format. The function is superseded by
/// CryptExportPKCS8Ex, which also may be altered or unavailable in subsequent versions.
///
///
///
/// An HCRYPTPROV variable that contains the cryptographic service provider (CSP). This is a handle to the CSP obtained by calling CryptAcquireContext.
///
///
///
/// A DWORD variable that contains the key specification. The following dwKeySpec values are defined for the default provider.
///
///
///
/// Value
/// Meaning
///
/// -
/// AT_KEYEXCHANGE
/// Keys used to encrypt/decrypt session keys.
///
/// -
/// AT_SIGNATURE
/// Keys used to create and verify digital signatures.
///
///
///
/// An LPSTR variable that contains the private key object identifier (OID).
/// This parameter should be zero if pbPrivateKeyBlob is NULL and 0x8000 otherwise.
/// This parameter must be set to NULL.
///
/// A pointer to an array of BYTE structures to receive the private key to be exported.
///
/// The private key will contain the information in a PKCS #8 PrivateKeyInfo Abstract Syntax Notation One (ASN.1) type found in the
/// PKCS #8 standard.
///
///
/// For memory allocation purposes, you can get the size of the private key to be exported by setting this parameter to NULL.
/// For more information, see Retrieving Data of Unknown Length.
///
///
///
/// A pointer to a DWORD that may contain, on input, the size, in bytes, of the memory allocation needed to contain the
/// pbPrivateKeyBlob. If pbPrivateKeyBlob is NULL, this parameter will return the size of the memory allocation needed for a
/// second call to the function. For more information, see Retrieving Data of Unknown Length.
///
///
/// If the function succeeds, the function returns nonzero.
/// If the function fails, it returns zero. For extended error information, call GetLastError.
/// The following error codes are specific to this function.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_UNSUPPORTED_TYPE
/// An export function that can be installed or registered could not be found.
///
/// -
/// ERROR_MORE_DATA
///
/// If the buffer specified by the pbPrivateKeyBlob parameter is not large enough to hold the returned data, the function sets the
/// ERROR_MORE_DATA code and stores the required buffer size, in bytes, in the variable pointed to by the pcbPrivateKeyBlob parameter.
///
///
///
///
/// If the function fails, GetLastError may return an ASN.1 encoding/decoding error. For information about these errors, see ASN.1
/// Encoding/Decoding Return Values.
///
///
/// This function is only supported for asymmetric keys.
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptexportpkcs8 BOOL CryptExportPKCS8( HCRYPTPROV
// hCryptProv, DWORD dwKeySpec, LPSTR pszPrivateKeyObjId, DWORD dwFlags, void *pvAuxInfo, BYTE *pbPrivateKeyBlob, DWORD
// *pcbPrivateKeyBlob );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "defd0b23-d9c2-4b28-a6a6-1be7487ae656")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptExportPKCS8(HCRYPTPROV hCryptProv, CertKeySpec dwKeySpec, SafeOID pszPrivateKeyObjId, uint dwFlags, [In, Optional] IntPtr pvAuxInfo, [Out, Optional] IntPtr pbPrivateKeyBlob, ref uint pcbPrivateKeyBlob);
///
///
/// [The CryptExportPKCS8Ex function is no longer available for use as of Windows Server 2008 and Windows Vista. Instead, use
/// the PFXExportCertStoreEx function.]
///
///
/// The CryptExportPKCS8Ex function exports the private key in PKCS #8 format.This function has no associated import library.
/// You must use the LoadLibrary and GetProcAddress functions to dynamically link to Crypt32.dll.
///
///
///
/// A pointer to a CRYPT_PKCS8_EXPORT_PARAMS structure that contains information about the key to export.
///
/// This parameter should be zero if pbPrivateKeyBlob is NULL and 0x8000 otherwise.
/// This parameter must be NULL.
///
/// A pointer to an array of BYTE structures to receive the private key to be exported.
///
/// The private key will contain the information in a PKCS #8 PrivateKeyInfo Abstract Syntax Notation One (ASN.1) type found in the
/// PKCS #8 standard.
///
///
/// For memory allocation purposes, you can get the size of the private key to be exported by setting this parameter to NULL.
/// For more information, see Retrieving Data of Unknown Length.
///
///
///
/// A pointer to a DWORD that may contain, on input, the size, in bytes, of the memory allocation needed to contain the
/// pbPrivateKeyBlob. If pbPrivateKeyBlob is NULL, this parameter will return the size of the memory allocation needed for a
/// second call to the function. For more information, see Retrieving Data of Unknown Length.
///
///
/// If the function succeeds, the function returns nonzero ( TRUE).
/// If the function fails, it returns zero ( FALSE). For extended error information, call GetLastError.
/// The following error codes are specific to this function.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_UNSUPPORTED_TYPE
/// An export function that can be installed or registered could not be found.
///
/// -
/// ERROR_MORE_DATA
///
/// If the buffer specified by the pbPrivateKeyBlob parameter is not large enough to hold the returned data, the function sets the
/// ERROR_MORE_DATA code and stores the required buffer size, in bytes, in the variable pointed to by the pcbPrivateKeyBlob parameter.
///
///
///
///
/// If the function fails, GetLastError returns an ASN.1 encoding/decoding error. For information about these errors, see ASN.1
/// Encoding/Decoding Return Values.
///
///
/// This function is only supported for asymmetric keys.
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptexportpkcs8ex BOOL CryptExportPKCS8Ex(
// CRYPT_PKCS8_EXPORT_PARAMS *psExportParams, DWORD dwFlags, void *pvAuxInfo, BYTE *pbPrivateKeyBlob, DWORD *pcbPrivateKeyBlob );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "82fee86a-8704-4f22-8f11-f89509c5a0aa")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptExportPKCS8Ex(in CRYPT_PKCS8_EXPORT_PARAMS psExportParams, uint dwFlags, [In, Optional] IntPtr pvAuxInfo, [Optional, Out] IntPtr pbPrivateKeyBlob, ref uint pcbPrivateKeyBlob);
///
/// The CryptExportPublicKeyInfo function exports the public key information associated with the corresponding private key of
/// the provider. For an updated version of this function, see CryptExportPublicKeyInfoEx.
///
///
/// Handle of the cryptographic service provider (CSP) to use when exporting the public key information. This handle must be an
/// HCRYPTPROV handle that has been created by using the CryptAcquireContext function or an NCRYPT_KEY_HANDLE handle that has
/// been created by using the NCryptOpenKey function. New applications should always pass in the NCRYPT_KEY_HANDLE handle of
/// a CNG CSP.
///
///
/// Identifies the private key to use from the container of the provider. It can be AT_KEYEXCHANGE or AT_SIGNATURE. This parameter
/// is ignored if an NCRYPT_KEY_HANDLE is used in the hCryptProvOrNCryptKey parameter.
///
///
///
/// Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by
/// combining them with a bitwise- OR operation as shown in the following example:
///
/// X509_ASN_ENCODING | PKCS_7_ASN_ENCODING
/// Currently defined encoding types are:
///
/// -
/// X509_ASN_ENCODING
///
/// -
/// PKCS_7_ASN_ENCODING
///
///
///
///
/// A pointer to a CERT_PUBLIC_KEY_INFO structure to receive the public key information to be exported.
///
/// To set the size of this information for memory allocation purposes, this parameter can be NULL. For more information, see
/// Retrieving Data of Unknown Length.
///
///
///
///
/// A pointer to a DWORD that contains the size, in bytes, of the buffer pointed to by the pInfo parameter. When the function
/// returns, the DWORD contains the number of bytes needed for the return buffer.
///
///
/// Note When processing the data returned in the buffer, applications need to use the actual size of the data returned. The
/// actual size can be slightly smaller than the size of the buffer specified on input. (On input, buffer sizes are usually
/// specified large enough to ensure that the largest possible output data will fit in the buffer.) On output, the variable pointed
/// to by this parameter is updated to reflect the actual size of the data copied to the buffer.
///
///
///
/// If the function succeeds, the function returns nonzero ( TRUE).
/// If the function fails, it returns zero ( FALSE). For extended error information, call GetLastError.
/// Note Errors from the called functions CryptGetUserKey and CryptExportKey might be propagated to this function.
/// This function has the following error codes.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_MORE_DATA
///
/// If the buffer specified by the pInfo parameter is not large enough to hold the returned data, the function sets the
/// ERROR_MORE_DATA code, and stores the required buffer size, in bytes, into the variable pointed to by pcbInfo.
///
///
/// -
/// ERROR_FILE_NOT_FOUND
/// Invalid certificate encoding type. Currently only X509_ASN_ENCODING is supported.
///
///
///
/// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information
/// about these errors, see ASN.1 Encoding/Decoding Return Values.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptexportpublickeyinfo BOOL CryptExportPublicKeyInfo(
// HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey, DWORD dwKeySpec, DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pInfo,
// DWORD *pcbInfo );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "ad43a991-aaf5-4272-abab-0a981112e5e4")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptExportPublicKeyInfo(HCRYPTPROV hCryptProvOrNCryptKey, CertKeySpec dwKeySpec, CertEncodingType dwCertEncodingType, IntPtr pInfo, ref uint pcbInfo);
///
/// The CryptExportPublicKeyInfo function exports the public key information associated with the corresponding private key of
/// the provider. For an updated version of this function, see CryptExportPublicKeyInfoEx.
///
///
/// Handle of the cryptographic service provider (CSP) to use when exporting the public key information. This handle must be an
/// HCRYPTPROV handle that has been created by using the CryptAcquireContext function or an NCRYPT_KEY_HANDLE handle that has
/// been created by using the NCryptOpenKey function. New applications should always pass in the NCRYPT_KEY_HANDLE handle of
/// a CNG CSP.
///
///
/// Identifies the private key to use from the container of the provider. It can be AT_KEYEXCHANGE or AT_SIGNATURE. This parameter
/// is ignored if an NCRYPT_KEY_HANDLE is used in the hCryptProvOrNCryptKey parameter.
///
///
///
/// Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by
/// combining them with a bitwise- OR operation as shown in the following example:
///
/// X509_ASN_ENCODING | PKCS_7_ASN_ENCODING
/// Currently defined encoding types are:
///
/// -
/// X509_ASN_ENCODING
///
/// -
/// PKCS_7_ASN_ENCODING
///
///
///
///
/// A pointer to a CERT_PUBLIC_KEY_INFO structure to receive the public key information to be exported.
///
/// To set the size of this information for memory allocation purposes, this parameter can be NULL. For more information, see
/// Retrieving Data of Unknown Length.
///
///
///
///
/// A pointer to a DWORD that contains the size, in bytes, of the buffer pointed to by the pInfo parameter. When the function
/// returns, the DWORD contains the number of bytes needed for the return buffer.
///
///
/// Note When processing the data returned in the buffer, applications need to use the actual size of the data returned. The
/// actual size can be slightly smaller than the size of the buffer specified on input. (On input, buffer sizes are usually
/// specified large enough to ensure that the largest possible output data will fit in the buffer.) On output, the variable pointed
/// to by this parameter is updated to reflect the actual size of the data copied to the buffer.
///
///
///
/// If the function succeeds, the function returns nonzero ( TRUE).
/// If the function fails, it returns zero ( FALSE). For extended error information, call GetLastError.
/// Note Errors from the called functions CryptGetUserKey and CryptExportKey might be propagated to this function.
/// This function has the following error codes.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_MORE_DATA
///
/// If the buffer specified by the pInfo parameter is not large enough to hold the returned data, the function sets the
/// ERROR_MORE_DATA code, and stores the required buffer size, in bytes, into the variable pointed to by pcbInfo.
///
///
/// -
/// ERROR_FILE_NOT_FOUND
/// Invalid certificate encoding type. Currently only X509_ASN_ENCODING is supported.
///
///
///
/// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information
/// about these errors, see ASN.1 Encoding/Decoding Return Values.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptexportpublickeyinfo BOOL CryptExportPublicKeyInfo(
// HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey, DWORD dwKeySpec, DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pInfo,
// DWORD *pcbInfo );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "ad43a991-aaf5-4272-abab-0a981112e5e4")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptExportPublicKeyInfo(NCrypt.NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey, CertKeySpec dwKeySpec, CertEncodingType dwCertEncodingType, IntPtr pInfo, ref uint pcbInfo);
///
/// The CryptExportPublicKeyInfoEx function exports the public key information associated with the provider's corresponding
/// private key. This function allows the application to specify the public key algorithm, overriding the default provided by the
/// cryptographic service provider (CSP).
///
///
/// A handle of the CSP to use when exporting the public key information. This handle must be an HCRYPTPROV handle that has been
/// created by using the CryptAcquireContext function or an NCRYPT_KEY_HANDLE handle that has been created by using the
/// NCryptOpenKey function. New applications should always pass in the NCRYPT_KEY_HANDLE handle of a CNG CSP.
///
///
/// Identifies the private key to use from the provider's container. It can be AT_KEYEXCHANGE or AT_SIGNATURE. This parameter is
/// ignored if an NCRYPT_KEY_HANDLE is used in the hCryptProvOrNCryptKey parameter.
///
///
///
/// Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by
/// combining them with a bitwise- OR operation as shown in the following example:
///
/// X509_ASN_ENCODING | PKCS_7_ASN_ENCODING
/// Currently defined encoding types are:
///
/// -
/// X509_ASN_ENCODING
///
/// -
/// PKCS_7_ASN_ENCODING
///
///
///
///
/// Specifies the public key algorithm.
///
/// Note pszPublicKeyObjId and dwCertEncodingType are used together to determine the installable
/// CRYPT_OID_EXPORT_PUBLIC_KEY_INFO_FUNC to call. If an installable function was not found for the pszPublicKeyObjId
/// parameter, an attempt is made to export the key as an RSA Public Key (szOID_RSA_RSA).
///
///
///
///
/// A DWORD flag value that indicates how the public key information is exported. The flag value is passed directly to the
/// CryptFindOIDInfo function when mapping the public key object identifier to the corresponding CNG public key algorithm Unicode
/// string. The following flag values can be set.
///
///
///
/// Value
/// Meaning
///
/// -
/// CRYPT_OID_INFO_PUBKEY_SIGN_KEY_FLAG
///
/// Skips public keys in the CRYPT_PUBKEY_ALG_OID_GROUP_ID group explicitly flagged with the CRYPT_OID_PUBKEY_ENCRYPT_ONLY_FLAG flag.
///
///
/// -
/// CRYPT_OID_INFO_PUBKEY_ENCRYPT_KEY_FLAG
///
/// Skips public keys in the CRYPT_PUBKEY_ALG_OID_GROUP_ID group explicitly flagged with the CRYPT_OID_PUBKEY_SIGN_ONLY_FLAG flag.
///
///
///
///
/// This parameter is reserved for future use and must be set to NULL.
///
/// A pointer to a CERT_PUBLIC_KEY_INFO structure to receive the public key information to be exported.
///
/// This parameter can be NULL to set the size of this information for memory allocation purposes. For more information, see
/// Retrieving Data of Unknown Length.
///
///
///
///
/// A pointer to a DWORD that contains the size, in bytes, of the buffer pointed to by the pInfo parameter. When the function
/// returns, the DWORD contains the number of bytes stored in the buffer.
///
///
/// Note When processing the data returned in the buffer, applications need to use the actual size of the data returned. The
/// actual size can be slightly smaller than the size of the buffer specified on input. (On input, buffer sizes are usually
/// specified large enough to ensure that the largest possible output data will fit in the buffer.) On output, the variable pointed
/// to by this parameter is updated to reflect the actual size of the data copied to the buffer.
///
///
///
/// If the function succeeds, the return value is nonzero ( TRUE).
/// If the function fails, the return value is zero ( FALSE). For extended error information, call GetLastError.
/// Note Errors from the called functions CryptGetUserKey and CryptExportKey can be propagated to this function.
/// This function has the following error codes.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_FILE_NOT_FOUND
///
/// An export function that can be installed or registered could not be found for the specified dwCertEncodingType and
/// pszPublicKeyObjId parameters.
///
///
/// -
/// ERROR_MORE_DATA
///
/// If the buffer specified by the pInfo parameter is not large enough to hold the returned data, the function sets the
/// ERROR_MORE_DATA code and stores the required buffer size, in bytes, in the variable pointed to by the pcbInfo parameter.
///
///
///
///
/// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information
/// about these errors, see ASN.1 Encoding/Decoding Return Values.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptexportpublickeyinfoex BOOL
// CryptExportPublicKeyInfoEx( HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey, DWORD dwKeySpec, DWORD dwCertEncodingType,
// LPSTR pszPublicKeyObjId, DWORD dwFlags, void *pvAuxInfo, PCERT_PUBLIC_KEY_INFO pInfo, DWORD *pcbInfo );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "38274222-90b3-4038-86d3-6b2813100ce2")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptExportPublicKeyInfoEx(HCRYPTPROV hCryptProvOrNCryptKey, CertKeySpec dwKeySpec, CertEncodingType dwCertEncodingType, SafeOID pszPublicKeyObjId,
CryptOIDInfoFlags dwFlags, [In, Optional] IntPtr pvAuxInfo, [Out, Optional] IntPtr pInfo, ref uint pcbInfo);
///
/// The CryptExportPublicKeyInfoEx function exports the public key information associated with the provider's corresponding
/// private key. This function allows the application to specify the public key algorithm, overriding the default provided by the
/// cryptographic service provider (CSP).
///
///
/// A handle of the CSP to use when exporting the public key information. This handle must be an HCRYPTPROV handle that has been
/// created by using the CryptAcquireContext function or an NCRYPT_KEY_HANDLE handle that has been created by using the
/// NCryptOpenKey function. New applications should always pass in the NCRYPT_KEY_HANDLE handle of a CNG CSP.
///
///
/// Identifies the private key to use from the provider's container. It can be AT_KEYEXCHANGE or AT_SIGNATURE. This parameter is
/// ignored if an NCRYPT_KEY_HANDLE is used in the hCryptProvOrNCryptKey parameter.
///
///
///
/// Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by
/// combining them with a bitwise- OR operation as shown in the following example:
///
/// X509_ASN_ENCODING | PKCS_7_ASN_ENCODING
/// Currently defined encoding types are:
///
/// -
/// X509_ASN_ENCODING
///
/// -
/// PKCS_7_ASN_ENCODING
///
///
///
///
/// Specifies the public key algorithm.
///
/// Note pszPublicKeyObjId and dwCertEncodingType are used together to determine the installable
/// CRYPT_OID_EXPORT_PUBLIC_KEY_INFO_FUNC to call. If an installable function was not found for the pszPublicKeyObjId
/// parameter, an attempt is made to export the key as an RSA Public Key (szOID_RSA_RSA).
///
///
///
///
/// A DWORD flag value that indicates how the public key information is exported. The flag value is passed directly to the
/// CryptFindOIDInfo function when mapping the public key object identifier to the corresponding CNG public key algorithm Unicode
/// string. The following flag values can be set.
///
///
///
/// Value
/// Meaning
///
/// -
/// CRYPT_OID_INFO_PUBKEY_SIGN_KEY_FLAG
///
/// Skips public keys in the CRYPT_PUBKEY_ALG_OID_GROUP_ID group explicitly flagged with the CRYPT_OID_PUBKEY_ENCRYPT_ONLY_FLAG flag.
///
///
/// -
/// CRYPT_OID_INFO_PUBKEY_ENCRYPT_KEY_FLAG
///
/// Skips public keys in the CRYPT_PUBKEY_ALG_OID_GROUP_ID group explicitly flagged with the CRYPT_OID_PUBKEY_SIGN_ONLY_FLAG flag.
///
///
///
///
/// This parameter is reserved for future use and must be set to NULL.
///
/// A pointer to a CERT_PUBLIC_KEY_INFO structure to receive the public key information to be exported.
///
/// This parameter can be NULL to set the size of this information for memory allocation purposes. For more information, see
/// Retrieving Data of Unknown Length.
///
///
///
///
/// A pointer to a DWORD that contains the size, in bytes, of the buffer pointed to by the pInfo parameter. When the function
/// returns, the DWORD contains the number of bytes stored in the buffer.
///
///
/// Note When processing the data returned in the buffer, applications need to use the actual size of the data returned. The
/// actual size can be slightly smaller than the size of the buffer specified on input. (On input, buffer sizes are usually
/// specified large enough to ensure that the largest possible output data will fit in the buffer.) On output, the variable pointed
/// to by this parameter is updated to reflect the actual size of the data copied to the buffer.
///
///
///
/// If the function succeeds, the return value is nonzero ( TRUE).
/// If the function fails, the return value is zero ( FALSE). For extended error information, call GetLastError.
/// Note Errors from the called functions CryptGetUserKey and CryptExportKey can be propagated to this function.
/// This function has the following error codes.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_FILE_NOT_FOUND
///
/// An export function that can be installed or registered could not be found for the specified dwCertEncodingType and
/// pszPublicKeyObjId parameters.
///
///
/// -
/// ERROR_MORE_DATA
///
/// If the buffer specified by the pInfo parameter is not large enough to hold the returned data, the function sets the
/// ERROR_MORE_DATA code and stores the required buffer size, in bytes, in the variable pointed to by the pcbInfo parameter.
///
///
///
///
/// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information
/// about these errors, see ASN.1 Encoding/Decoding Return Values.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptexportpublickeyinfoex BOOL
// CryptExportPublicKeyInfoEx( HCRYPTPROV_OR_NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey, DWORD dwKeySpec, DWORD dwCertEncodingType,
// LPSTR pszPublicKeyObjId, DWORD dwFlags, void *pvAuxInfo, PCERT_PUBLIC_KEY_INFO pInfo, DWORD *pcbInfo );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "38274222-90b3-4038-86d3-6b2813100ce2")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptExportPublicKeyInfoEx(NCrypt.NCRYPT_KEY_HANDLE hCryptProvOrNCryptKey, CertKeySpec dwKeySpec, CertEncodingType dwCertEncodingType, SafeOID pszPublicKeyObjId,
CryptOIDInfoFlags dwFlags, [In, Optional] IntPtr pvAuxInfo, [Out, Optional] IntPtr pInfo, ref uint pcbInfo);
///
/// The CryptExportPublicKeyInfoFromBCryptKeyHandle function exports the public key information associated with a provider's
/// corresponding private key.
///
/// The handle of the key from which to export the public key information.
///
/// Specifies the encoding type to be matched.
/// This value can be a bitwise combination of the currently defined encoding types:
///
/// -
/// X509_ASN_ENCODING
///
/// -
/// PKCS_7_ASN_ENCODING
///
///
///
///
/// A pointer to the object identifier (OID) that identifies the installable function to use to export the key. If the high-order
/// word of the OID is nonzero, pszPublicKeyObjId is a pointer to either an OID string such as "2.5.29.1" or an ASCII string such as
/// "file." If the high-order word of the OID is zero, the low-order word specifies the integer identifier to be used as the object identifier.
///
///
/// A DWORD value that indicates how the public key information is exported.
///
///
/// Value
/// Meaning
///
/// -
/// CRYPT_OID_INFO_PUBKEY_SIGN_KEY_FLAG 0x80000000
///
/// Skips public keys in the CRYPT_PUBKEY_ALG_OID_GROUP_ID group that are explicitly flagged with the
/// CRYPT_OID_PUBKEY_ENCRYPT_ONLY_FLAG flag.
///
///
/// -
/// CRYPT_OID_INFO_PUBKEY_ENCRYPT_KEY_FLAG 0x40000000
///
/// Skips public keys in the CRYPT_PUBKEY_ALG_OID_GROUP_ID group that are explicitly flagged with the
/// CRYPT_OID_PUBKEY_SIGN_ONLY_FLAG flag.
///
///
///
///
/// This parameter is reserved for future use and must be set to NULL.
///
/// A pointer to a CERT_PUBLIC_KEY_INFO structure to receive the public key information to be exported.
///
/// This parameter can be NULL to set the size of this information for memory allocation purposes. For more information, see
/// Retrieving Data of Unknown Length.
///
///
///
/// A pointer to a DWORD that contains the size, in bytes, of the buffer pointed to by the pInfo parameter. When the function
/// returns, the DWORD contains the number of bytes stored in the buffer.
///
/// The function returns TRUE if it succeeds; otherwise, it returns FALSE.
///
/// If the CryptExportPublicKeyInfoFromBCryptKeyHandle function is unable to find an installable OID function for the OID
/// specified by the pszPublicKeyObjId parameter, it attempts to export the key as a RSA Public Key ( szOID_RSA_RSA). If the
/// key is exported as a RSA Public Key, the values of the dwFlags and pvAuxInfo parameters are not used.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptexportpublickeyinfofrombcryptkeyhandle BOOL
// CryptExportPublicKeyInfoFromBCryptKeyHandle( BCRYPT_KEY_HANDLE hBCryptKey, DWORD dwCertEncodingType, LPSTR pszPublicKeyObjId,
// DWORD dwFlags, void *pvAuxInfo, PCERT_PUBLIC_KEY_INFO pInfo, DWORD *pcbInfo );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "f96bff4a-d354-4231-907a-383aff5cfacc")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptExportPublicKeyInfoFromBCryptKeyHandle(BCrypt.BCRYPT_KEY_HANDLE hBCryptKey, CertEncodingType dwCertEncodingType, SafeOID pszPublicKeyObjId,
CryptOIDInfoFlags dwFlags, [In, Optional] IntPtr pvAuxInfo, [Out, Optional] IntPtr pInfo, ref uint pcbInfo);
///
/// The CryptFindCertificateKeyProvInfo function enumerates the cryptographic providers and their containers to find the
/// private key that corresponds to the certificate's public key.
///
/// A pointer to the CERT_CONTEXT structure of the certificate to use when exporting public key information.
///
/// A set of flags that modify the behavior of this function. This can be zero or one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// CRYPT_FIND_USER_KEYSET_FLAG
/// Restricts the search to the user container. The default is to search both the user and machine containers.
///
/// -
/// CRYPT_FIND_MACHINE_KEYSET_FLAG
/// Restricts the search to the machine container. The default is to search both the user and machine containers.
///
/// -
/// CRYPT_FIND_SILENT_KEYSET_FLAG
///
/// The application requests that the CSP not display any user interface (UI) for this context. If the CSP must display the UI to
/// operate, the call fails and the NTE_SILENT_CONTEXT error code is set as the last error.
///
///
///
///
/// The following flags determine which technology is used to obtain the key. If none of these flags is present, this function will
/// only attempt to obtain the key by using CryptoAPI.
///
/// Windows Server 2003 and Windows XP: These flags are not supported.
///
///
/// Value
/// Meaning
///
/// -
/// CRYPT_ACQUIRE_ALLOW_NCRYPT_KEY_FLAG
///
/// This function will attempt to obtain the key by using CryptoAPI. If that fails, this function will attempt to obtain the key by
/// using the Cryptography API: Next Generation (CNG). The CERT_KEY_PROV_INFO_PROP_ID property of the certificate is set to zero if
/// CNG is used to obtain the key.
///
///
/// -
/// CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG
///
/// This function will only attempt to obtain the key by using CNG and will not use CryptoAPI to obtain the key. The
/// CERT_KEY_PROV_INFO_PROP_ID property of the certificate is set to zero if CNG is used to obtain the key.
///
///
/// -
/// CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG
///
/// This function will attempt to obtain the key by using CNG. If that fails, this function will attempt to obtain the key by using
/// CryptoAPI. The CERT_KEY_PROV_INFO_PROP_ID property of the certificate is set to zero if CNG is used to obtain the key.
///
///
///
///
/// Reserved for future use and must be NULL.
///
///
/// TRUE if the function finds a private key that corresponds to the certificate's public key within a searched container;
/// FALSE if the function fails to find a container or a private key within a container.
///
/// GetLastError returns the following error:
///
///
/// Return code
/// Description
///
/// -
/// NTE_NO_KEY
/// No container found.
///
///
///
///
/// This function enumerates the cryptographic providers and their containers to find the private key that corresponds to the
/// certificate's public key. For a match, the function updates the certificate's CERT_KEY_PROV_INFO_PROP_ID property. If the
/// CERT_KEY_PROV_INFO_PROP_ID is already set, it is checked to determine whether it matches the provider's public key. For a
/// match, the function skips the previously mentioned enumeration.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptfindcertificatekeyprovinfo BOOL
// CryptFindCertificateKeyProvInfo( PCCERT_CONTEXT pCert, DWORD dwFlags, void *pvReserved );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "9e63517d-a56e-45a9-972c-de9a297e9e25")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptFindCertificateKeyProvInfo(PCCERT_CONTEXT pCert, CryptFindFlags dwFlags, IntPtr pvReserved = default);
///
/// The CryptFindLocalizedName function finds the localized name for the specified name, such as the localize name of the
/// "Root" system store. This function can be used before displaying any UI that included a name that might have a localized form.
///
///
///
/// A pointer to a specified name. An internal table is searched to compare a predefined localized name to the specified name. The
/// search matches the localized name by using a case insensitive string comparison.
///
///
/// Note Localized names for the predefined system stores ("Root", "My") and predefined physical stores (".Default",
/// ".LocalMachine") are preinstalled as resource strings in Crypt32.dll.
///
///
///
/// If the specified name is found, a pointer to the localized name is returned. The returned pointer must not be freed.
/// If the specified name is not found, NULL is returned.
///
///
/// CryptSetOIDFunctionValue can be called as follows to register additional localized strings.
/// dwEncodingType = CRYPT_LOCALIZED_NAME_ENCODING_TYPE
/// pszFuncName = CRYPT_OID_FIND_LOCALIZED_NAME_FUNC
/// pszOID = CRYPT_LOCALIZED_NAME_OID
/// pwszValueName = Name to be localized, for example, L"ApplicationStore"
/// dwValueType = REG_SZ
/// pbValueData = pointer to the Unicode localized string
/// cbValueData = (wcslen(Unicode localized string) + 1) * sizeof(WCHAR)
/// CryptSetOIDFunctionValue can be called as follows to unregister the localized strings.
/// pbValueData = NULL
/// cbValueData = 0.
/// The registered names are searched before the preinstalled names.
///
///
/// CRYPT_LOCALIZED_NAME_ ENCODING_TYPE
/// 0
///
/// -
/// CRYPT_LOCALIZED_NAME_ OID
/// "LocalizedNames"
///
/// -
/// CRYPT_OID_FIND_LOCALIZED_ NAME_FUNC
/// "CryptDLLFindLocalizedName"
///
///
/// Examples
/// For an example that uses this function, see Example C Program: Setting and Getting Certificate Store Properties.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptfindlocalizedname LPCWSTR CryptFindLocalizedName(
// LPCWSTR pwszCryptName );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "8f0006a9-0930-4b71-87ce-e72371095e4c")]
[return: MarshalAs(UnmanagedType.LPWStr)]
public static extern StrPtrUni CryptFindLocalizedName([MarshalAs(UnmanagedType.LPWStr)] string pwszCryptName);
///
/// Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs.
/// Microsoft may remove this API in future releases.
/// The CryptHashCertificate function hashes the entire encoded content of a certificate including its signature.
///
///
/// This parameter is not used and should be set to NULL.
///
/// Windows Server 2003 and Windows XP: A handle of the cryptographic service provider (CSP) to use to compute the hash.
///
/// This parameter's data type is HCRYPTPROV.
///
/// Unless there is a strong reason for passing in a specific CSP in hCryptProv, zero is passed in. Passing in zero causes the
/// default RSA or Digital Signature Standard (DSS) provider to be acquired before doing hash, signature verification, or recipient
/// encryption operations.
///
///
///
/// An ALG_ID structure that specifies the hash algorithm to use. If Algid is zero, the default hash algorithm, SHA1, is used.
///
/// Value to be passed to the hash API. For details, see CryptCreateHash.
/// Address of the encoded content to be hashed.
/// The size, in bytes, of the encoded content.
///
/// A pointer to a buffer to receive the computed hash.
///
/// To set the size of this information for memory allocation purposes, this parameter can be NULL. For more information, see
/// Retrieving Data of Unknown Length.
///
///
///
///
/// A pointer to a DWORD that contains the size, in bytes, of the buffer pointed to by the pbComputedHash parameter. When the
/// function returns, the DWORD contains the number of bytes stored in the buffer.
///
///
/// Note When processing the data returned in the buffer, applications need to use the actual size of the data returned. The
/// actual size can be slightly smaller than the size of the buffer specified on input. On input, buffer sizes are usually specified
/// large enough to ensure that the largest possible output data will fit in the buffer. On output, the variable pointed to by this
/// parameter is updated to reflect the actual size of the data copied to the buffer.
///
///
///
/// If the function succeeds, the function returns nonzero ( TRUE).
/// If the function fails, it returns zero ( FALSE). For extended error information, call GetLastError.
///
/// Note Errors from the called functions CryptCreateHash, CryptGetHashParam and CryptHashData might be propagated to this function.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-crypthashcertificate BOOL CryptHashCertificate(
// HCRYPTPROV_LEGACY hCryptProv, ALG_ID Algid, DWORD dwFlags, const BYTE *pbEncoded, DWORD cbEncoded, BYTE *pbComputedHash, DWORD
// *pcbComputedHash );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "a5beba30-f32b-4d57-8a54-7d9096459c50")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptHashCertificate([Optional] HCRYPTPROV hCryptProv, ALG_ID Algid, [Optional] uint dwFlags, [In] IntPtr pbEncoded, uint cbEncoded, [Out] IntPtr pbComputedHash, ref uint pcbComputedHash);
/// The CryptHashCertificate2 function hashes a block of data by using a CNG hash provider.
///
/// The address of a null-terminated Unicode string that contains the CNG hash algorithm identifier of the hash algorithm to use to
/// hash the certificate. This can be one of the CNG Algorithm Identifiers that represents a hash algorithm or any other registered
/// hash algorithm identifier.
///
/// A set of flags that modify the behavior of this function. No flags are defined for this function.
/// Reserved for future use and must be NULL.
/// The address of an array of bytes to be hashed. The cbEncoded parameter contains the size of this array.
/// The number of elements in the pbEncoded array.
///
/// The address of a buffer that receives the computed hash. The variable pointed to by the pcbComputedHash parameter contains the
/// size of this buffer.
///
///
/// The address of a DWORD variable that, on entry, contains the size, in bytes, of the pbComputedHash buffer. After this
/// function returns, this variable contains the number of bytes copied to the pbComputedHash buffer.
///
///
/// If the function succeeds, the function returns nonzero ( TRUE).
///
/// If the function fails, it returns zero ( FALSE). For extended error information, call GetLastError. Some of the possible
/// error codes are identified in the following topics.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-crypthashcertificate2 BOOL CryptHashCertificate2( LPCWSTR
// pwszCNGHashAlgid, DWORD dwFlags, void *pvReserved, const BYTE *pbEncoded, DWORD cbEncoded, BYTE *pbComputedHash, DWORD
// *pcbComputedHash );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "9f315374-0002-499a-81ea-efcb3c19e68f")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptHashCertificate2([MarshalAs(UnmanagedType.LPWStr)] string pwszCNGHashAlgid, [Optional] uint dwFlags, [Optional] IntPtr pvReserved, [In] IntPtr pbEncoded, uint cbEncoded, [Out] IntPtr pbComputedHash, ref uint pcbComputedHash);
///
/// Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs.
/// Microsoft may remove this API in future releases.
///
/// The CryptHashPublicKeyInfo function encodes the public key information in a CERT_PUBLIC_KEY_INFO structure and computes the hash
/// of the encoded bytes.The hash created is used with key identifier functions.
///
///
///
/// This parameter is not used and should be set to NULL.
///
/// Windows Server 2003 and Windows XP: A handle of the cryptographic service provider (CSP) to use to compute the hash.This
/// parameter's data type is HCRYPTPROV.
///
///
/// Unless there is a strong reason for passing in a specific cryptographic provider in hCryptProv, zero is passed in. Passing in
/// zero causes the default RSA or Digital Signature Standard (DSS) provider to be acquired before doing hash, signature
/// verification, or recipient encryption operations.
///
///
///
/// An ALG_ID structure that specifies the CryptoAPI hash algorithm to use. If Algid is zero, the default hash algorithm, SHA1, is used.
///
/// Values to be passed on to CryptCreateHash.
///
///
/// Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by
/// combining them with a bitwise- OR operation as shown in the following example:
///
/// X509_ASN_ENCODING | PKCS_7_ASN_ENCODING
/// Currently defined encoding types are:
///
/// -
/// X509_ASN_ENCODING
///
/// -
/// PKCS_7_ASN_ENCODING
///
///
///
///
/// A pointer to a CERT_PUBLIC_KEY_INFO structure that contains the public key information to be encoded and hashed.
///
///
/// A pointer to a buffer to receive the computed hash.
///
/// To set the size of this information for memory allocation purposes, this parameter can be NULL. For more information, see
/// Retrieving Data of Unknown Length.
///
///
///
///
/// A pointer to a DWORD that contains the size, in bytes, of the buffer pointed to by the pbComputedHash parameter. When the
/// function returns, the DWORD contains the number of bytes stored in the buffer.
///
///
/// Note When processing the data returned in the buffer, applications need to use the actual size of the data returned. The
/// actual size can be slightly smaller than the size of the buffer specified on input. On input, buffer sizes are usually specified
/// large enough to ensure that the largest possible output data will fit in the buffer. On output, the variable pointed to by this
/// parameter is updated to reflect the actual size of the data copied to the buffer.
///
///
///
/// If the function succeeds, the function returns nonzero ( TRUE).
/// If the function fails, it returns zero ( FALSE). For extended error information, call GetLastError.
///
/// Note Errors from the called functions CryptCreateHash, CryptGetHashParam, and CryptHashData can be propagated to this
/// function. This function has the following error codes.
///
///
///
/// Return code
/// Description
///
/// -
/// ERROR_MORE_DATA
///
/// If the buffer specified by the pbComputedHash parameter is not large enough to hold the returned data, the function sets the
/// ERROR_MORE_DATA code, and stores the required buffer size, in bytes, in the variable pointed to by pcbComputedHash.
///
///
/// -
/// ERROR_FILE_NOT_FOUND
/// Invalid certificate encoding type. Currently only X509_ASN_ENCODING is supported.
///
///
///
/// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information
/// about these errors, see ASN.1 Encoding/Decoding Return Values.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-crypthashpublickeyinfo BOOL CryptHashPublicKeyInfo(
// HCRYPTPROV_LEGACY hCryptProv, ALG_ID Algid, DWORD dwFlags, DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pInfo, BYTE
// *pbComputedHash, DWORD *pcbComputedHash );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "b0c419b7-ebb3-42c6-9f6a-59b55a2db1b2")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptHashPublicKeyInfo([Optional] HCRYPTPROV hCryptProv, ALG_ID Algid, [Optional] uint dwFlags, CertEncodingType dwCertEncodingType,
in CERT_PUBLIC_KEY_INFO pInfo, [Out] IntPtr pbComputedHash, ref uint pcbComputedHash);
///
/// Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs.
/// Microsoft may remove this API in future releases.
///
/// The CryptHashToBeSigned function computes the hash of the encoded content from a signed and encoded certificate. The hash is
/// performed on only the "to be signed" encoded content and its signature.
///
///
///
/// This parameter is not used and should be set to NULL.
///
/// Windows Server 2003 and Windows XP: A handle of the cryptographic service provider (CSP) to use to compute the hash.This
/// parameter's data type is HCRYPTPROV.
///
///
/// Unless there is a strong reason for passing in a specific cryptographic provider in hCryptProv, zero is passed in. Passing in
/// zero causes the default RSA or Digital Signature Standard (DSS) provider to be acquired before doing hash, signature
/// verification, or recipient encryption operations.
///
///
///
///
/// Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by
/// combining them with a bitwise- OR operation as shown in the following example:
///
/// X509_ASN_ENCODING | PKCS_7_ASN_ENCODING
/// Currently defined encoding types are:
///
/// -
/// X509_ASN_ENCODING
///
/// -
/// PKCS_7_ASN_ENCODING
///
///
///
/// Address of a buffer that contains the content to be hashed. This is the encoded form of a CERT_SIGNED_CONTENT_INFO.
/// The size, in bytes, of the buffer.
///
/// A pointer to a buffer to receive the computed hash.
///
/// This parameter can be NULL to set the size of this information for memory allocation purposes. For more information, see
/// Retrieving Data of Unknown Length.
///
///
///
///
/// A pointer to a DWORD that contains the size, in bytes, of the buffer pointed to by the pbComputedHash parameter. When the
/// function returns, the DWORD contains the number of bytes stored in the buffer.
///
///
/// Note When processing the data returned in the buffer, applications need to use the actual size of the data returned. The
/// actual size can be slightly smaller than the size of the buffer specified on input. On input, buffer sizes are usually specified
/// large enough to ensure that the largest possible output data will fit in the buffer. On output, the variable pointed to by this
/// parameter is updated to reflect the actual size of the data copied to the buffer.
///
///
///
/// If the function succeeds, the function returns nonzero ( TRUE).
/// If the function fails, it returns zero ( FALSE). For extended error information, call GetLastError.
///
/// Note Errors from the called functions CryptCreateHash, CryptGetHashParam, and CryptHashData might be propagated to this
/// function. This function has the following error codes.
///
///
///
/// Return code
/// Description
///
/// -
/// ERROR_MORE_DATA
///
/// If the buffer specified by the pbComputedHash parameter is not large enough to hold the returned data, the function sets the
/// ERROR_MORE_DATA code, and stores the required buffer size, in bytes, into the variable pointed to by pcbComputedHash.
///
///
/// -
/// ERROR_FILE_NOT_FOUND
/// Invalid certificate encoding type. Currently only X509_ASN_ENCODING is supported.
///
/// -
/// NTE_BAD_ALGID
/// The object identifier (OID) of the signature algorithm does not map to a known or supported hash algorithm.
///
///
///
/// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information
/// about these errors, see ASN.1 Encoding/Decoding Return Values.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-crypthashtobesigned BOOL CryptHashToBeSigned(
// HCRYPTPROV_LEGACY hCryptProv, DWORD dwCertEncodingType, const BYTE *pbEncoded, DWORD cbEncoded, BYTE *pbComputedHash, DWORD
// *pcbComputedHash );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "84477054-dd76-4dde-b465-9edeaf192714")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptHashToBeSigned([Optional] HCRYPTPROV hCryptProv, CertEncodingType dwCertEncodingType, [In] IntPtr pbEncoded, uint cbEncoded, [Out] IntPtr pbComputedHash, ref uint pcbComputedHash);
///
///
/// [The CryptImportPKCS8 function is no longer available for use as of Windows Server 2008 and Windows Vista. Instead, use
/// the PFXImportCertStore function.]
///
///
/// Important This API is deprecated. New and existing software should start using Cryptography Next Generation APIs.
/// Microsoft may remove this API in future releases.
///
///
/// The CryptImportPKCS8 function imports the private key in PKCS #8 format to a cryptographic service provider (CSP).
/// CryptImportPKCS8 will return a handle to the provider and the import KeySpec used.
///
///
///
/// A CRYPT_PKCS8_IMPORT_PARAMS structure that contains the private key BLOB and corresponding parameters.
///
///
/// A DWORD value. This parameter can be one of the following values, a combination of them, or a null value.
///
///
/// Value
/// Meaning
///
/// -
/// CRYPT_EXPORTABLE
///
/// The key being imported is eventually to be reexported. If this flag is not used, then calls to CryptExportKey with the key
/// handle fail.
///
///
/// -
/// CRYPT_USER_PROTECTED
///
/// If this flag is set, the CSP notifies the user through a dialog box or some other method when certain actions are attempted
/// using this key. The precise behavior is specified by the CSP or the CSP type used. If the provider context was acquired with
/// CRYPT_SILENT set, using this flag causes a failure, and the last error is set to NTE_SILENT_CONTEXT.
///
///
///
///
///
///
/// A pointer to the HCRYPTPROV to receive the handle of the provider into which the key is imported by calling the
/// CryptImportPKCS8 function.
///
/// When you have finished using the handle, free the handle by calling CryptReleaseContext.
/// This parameter can be NULL, in which case the handle of the provider is not returned.
///
/// This parameter must be NULL.
///
/// If the function succeeds, the function returns nonzero ( TRUE).
/// If the function fails, it returns zero ( FALSE). For extended error information, call GetLastError.
/// The following error code is specific to this function.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_UNSUPPORTED_TYPE
/// The algorithm object identifier (OID) of the private key is not supported.
///
///
///
/// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information
/// about these errors, see ASN.1 Encoding/Decoding Return Values.
///
///
///
///
/// CryptImportPKCS8 calls the PCRYPT_RESOLVE_HCRYPTPROV_FUNC function by using the CRYPT_PKCS8_IMPORT_PARAMS structure
/// contained in the sPrivateKeyAndParams parameter to retrieve a handle of the provider to which to import the key. If
/// PCRYPT_RESOLVE_HCRYPTPROV_FUNC is NULL, then the default provider is used.
///
/// This function is only supported for asymmetric keys.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptimportpkcs8 BOOL CryptImportPKCS8(
// CRYPT_PKCS8_IMPORT_PARAMS sPrivateKeyAndParams, DWORD dwFlags, HCRYPTPROV *phCryptProv, void *pvAuxInfo );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "fa3deff9-b4c1-4b63-a59f-738f87e1a409")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptImportPKCS8(CRYPT_PKCS8_IMPORT_PARAMS sPrivateKeyAndParams, uint dwFlags, out IntPtr phCryptProv, IntPtr pvAuxInfo = default);
///
///
/// The handle of the cryptographic service provider (CSP) to use when importing the public key. This handle must have already been
/// created using CryptAcquireContext.
///
///
/// Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by
/// combining them with a bitwise- OR operation as shown in the following example:
///
/// X509_ASN_ENCODING | PKCS_7_ASN_ENCODING
/// Currently defined encoding types are:
///
/// -
/// X509_ASN_ENCODING
///
/// -
/// PKCS_7_ASN_ENCODING
///
///
/// The address of a CERT_PUBLIC_KEY_INFO structure that contains the public key to import into the provider.
///
/// The address of an HCRYPTKEY variable that receives the handle of the imported public key. When you have finished using
/// the public key, release the handle by calling the CryptDestroyKey function.
///
///
///
/// The handle of the cryptographic service provider (CSP) to use when importing the public key. This handle must have already been
/// created using CryptAcquireContext.
///
///
///
/// Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by
/// combining them with a bitwise- OR operation as shown in the following example:
///
/// X509_ASN_ENCODING | PKCS_7_ASN_ENCODING
/// Currently defined encoding types are:
///
/// -
/// X509_ASN_ENCODING
///
/// -
/// PKCS_7_ASN_ENCODING
///
///
///
/// The address of a CERT_PUBLIC_KEY_INFO structure that contains the public key to import into the provider.
///
/// The address of an HCRYPTKEY variable that receives the handle of the imported public key. When you have finished using
/// the public key, release the handle by calling the CryptDestroyKey function.
///
///
/// If the function succeeds, the return value is nonzero ( TRUE).
/// If the function fails, the return value is zero ( FALSE). For extended error information, call GetLastError.
///
/// Note Errors from the called functions CryptGetUserKey and CryptExportKey might be propagated to this function. This
/// function has the following error code.
///
///
///
/// Return code
/// Description
///
/// -
/// ERROR_FILE_NOT_FOUND
///
/// An import function that can be installed or registered could not be found for the specified dwCertEncodingType and
/// pInfo->Algorithm.pszObjId parameters.
///
///
///
///
/// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information
/// about these errors, see ASN.1 Encoding/Decoding Return Values.
///
///
///
/// This function is normally used to retrieve the public key from a certificate. This is done by passing the CERT_PUBLIC_KEY_INFO
/// structure from a filled-in certificate structure as shown in the following pseudocode.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptimportpublickeyinfo BOOL CryptImportPublicKeyInfo(
// HCRYPTPROV hCryptProv, DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pInfo, HCRYPTKEY *phKey );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "f5f8ebb6-c838-404b-9b61-3ec36fdaef01")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptImportPublicKeyInfo(HCRYPTPROV hCryptProv, CertEncodingType dwCertEncodingType, in CERT_PUBLIC_KEY_INFO pInfo, out SafeHCRYPTKEY phKey);
///
/// The handle of the CSP to receive the imported public key. This handle must have already been created using CryptAcquireContext.
///
/// Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by
/// combining them with a bitwise- OR operation as shown in the following example:
///
/// X509_ASN_ENCODING | PKCS_7_ASN_ENCODING
/// Currently defined encoding types are:
///
/// -
/// X509_ASN_ENCODING
///
/// -
/// PKCS_7_ASN_ENCODING
///
///
/// the address of a CERT_PUBLIC_KEY_INFO structure that contains the public key to import into the provider.
///
/// Note The pzObjId member of the Algorithm member pointed to by the pInfo and dwCertEncodingType parameters
/// determine an installable CRYPT_OID_IMPORT_PUBLIC_KEY_INFO_FUNC callback function. If an installable function is not
/// found, an attempt is made to import the key as an RSA Public Key (szOID_RSA_RSA).
///
/// An ALG_ID structure that contains a CSP-specific algorithm to override the CALG_RSA_KEYX default algorithm.
/// Reserved for future use and must be zero.
/// Reserved for future use and must be NULL.
///
/// The address of an HCRYPTKEY variable that receives the handle of the imported public key. When you have finished using
/// the public key, release the handle by calling the CryptDestroyKey function.
///
///
///
/// The handle of the CSP to receive the imported public key. This handle must have already been created using CryptAcquireContext.
///
///
///
/// Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by
/// combining them with a bitwise- OR operation as shown in the following example:
///
/// X509_ASN_ENCODING | PKCS_7_ASN_ENCODING
/// Currently defined encoding types are:
///
/// -
/// X509_ASN_ENCODING
///
/// -
/// PKCS_7_ASN_ENCODING
///
///
///
///
/// the address of a CERT_PUBLIC_KEY_INFO structure that contains the public key to import into the provider.
///
/// Note The pzObjId member of the Algorithm member pointed to by the pInfo and dwCertEncodingType parameters
/// determine an installable CRYPT_OID_IMPORT_PUBLIC_KEY_INFO_FUNC callback function. If an installable function is not
/// found, an attempt is made to import the key as an RSA Public Key (szOID_RSA_RSA).
///
///
/// An ALG_ID structure that contains a CSP-specific algorithm to override the CALG_RSA_KEYX default algorithm.
/// Reserved for future use and must be zero.
/// Reserved for future use and must be NULL.
///
/// The address of an HCRYPTKEY variable that receives the handle of the imported public key. When you have finished using
/// the public key, release the handle by calling the CryptDestroyKey function.
///
///
/// If the function succeeds, the function returns nonzero ( TRUE).
/// If the function fails, it returns zero ( FALSE). For extended error information, call GetLastError.
///
/// Note Errors from the called functions CryptGetUserKey and CryptExportKey might be propagated to this function. This
/// function has the following error code.
///
///
///
/// Value
/// Description
///
/// -
/// ERROR_FILE_NOT_FOUND
///
/// An import function that can be installed or registered could not be found for the specified dwCertEncodingType and pInfo parameters.
///
///
///
///
/// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information
/// about these errors, see ASN.1 Encoding/Decoding Return Values.
///
///
///
/// This function is normally used to retrieve the public key from a certificate. This is done by passing the CERT_PUBLIC_KEY_INFO
/// structure from a filled-in certificate structure as shown in the following pseudocode.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptimportpublickeyinfoex BOOL
// CryptImportPublicKeyInfoEx( HCRYPTPROV hCryptProv, DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pInfo, ALG_ID aiKeyAlg, DWORD
// dwFlags, void *pvAuxInfo, HCRYPTKEY *phKey );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "d3a59f83-c761-46bb-ac4f-f42f689ea5f1")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptImportPublicKeyInfoEx(HCRYPTPROV hCryptProv, uint dwCertEncodingType, in CERT_PUBLIC_KEY_INFO pInfo, ALG_ID aiKeyAlg,
[Optional] uint dwFlags, [Optional] IntPtr pvAuxInfo, out SafeHCRYPTKEY phKey);
///
/// The CryptImportPublicKeyInfoEx2 function imports a public key into the CNG asymmetric provider that corresponds to the
/// public key object identifier (OID) and returns a CNG handle to the key.
///
///
///
/// The certificate encoding type that was used to encrypt the subject. The message encoding type identifier, contained in the high
/// WORD of this value, is ignored by this function.
///
/// This parameter can be the following currently defined certificate encoding type.
///
///
/// Value
/// Meaning
///
/// -
/// X509_ASN_ENCODING 1 (0x1)
/// Specifies X.509 certificate encoding.
///
///
///
///
/// The address of a CERT_PUBLIC_KEY_INFO structure that contains the public key information to import into the provider.
///
///
///
/// A set of flags that modify the behavior of this function. This can be zero or a combination of one or more of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// CRYPT_OID_INFO_PUBKEY_SIGN_KEY_FLAG
///
/// Skips public keys in the CRYPT_PUBKEY_ALG_OID_GROUP_ID group that are explicitly flagged with the
/// CRYPT_OID_PUBKEY_ENCRYPT_ONLY_FLAG flag.
///
///
/// -
/// CRYPT_OID_INFO_PUBKEY_ENCRYPT_KEY_FLAG
///
/// Skips public keys in the CRYPT_PUBKEY_ALG_OID_GROUP_ID group that are explicitly flagged with the
/// CRYPT_OID_PUBKEY_SIGN_ONLY_FLAG flag.
///
///
///
///
/// These flags are passed in the dwKeyType parameter of the CryptFindOIDInfo function when mapping the public key object identifier
/// to the corresponding CNG public key algorithm identifier.
///
///
/// This parameter is reserved for future use and must be set to NULL.
///
/// The address of a BCRYPT_KEY_HANDLE variable that receives the handle of the imported key.
/// When this handle is no longer needed, you must release it by calling the BCryptDestroyKey function.
///
///
/// If the function succeeds, the function returns nonzero ( TRUE).
///
/// If the function fails, it returns zero ( FALSE). For extended error information, call GetLastError. Possible error codes
/// include, but are not limited to, the following.
///
///
///
/// Return code
/// Description
///
/// -
/// ERROR_FILE_NOT_FOUND
///
/// An import function that can be installed or registered could not be found for the specified dwCertEncodingType and pInfo parameters.
///
///
/// -
/// E_INVALIDARG
/// One or more parameters are not valid.
///
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptimportpublickeyinfoex2 BOOL
// CryptImportPublicKeyInfoEx2( DWORD dwCertEncodingType, PCERT_PUBLIC_KEY_INFO pInfo, DWORD dwFlags, void *pvAuxInfo,
// BCRYPT_KEY_HANDLE *phKey );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "c73f2499-75e9-4146-ae4c-0e949206ea37")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptImportPublicKeyInfoEx2(CertEncodingType dwCertEncodingType, in CERT_PUBLIC_KEY_INFO pInfo, CryptOIDInfoFlags dwFlags, [Optional] IntPtr pvAuxInfo, out BCrypt.SafeBCRYPT_KEY_HANDLE phKey);
///
/// The CryptMemAlloc function allocates memory for a buffer. It is used by all Crypt32.lib functions that return allocated buffers.
///
/// Number of bytes to be allocated.
///
/// Returns a pointer to the buffer allocated. If the function fails, NULL is returned. When you have finished using the
/// buffer, free the memory by calling the CryptMemFree function.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptmemalloc LPVOID CryptMemAlloc( ULONG cbSize );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "ac7588b1-ff8c-4f8d-a8ab-f0e8a18e5614")]
public static extern IntPtr CryptMemAlloc(uint cbSize);
/// The CryptMemFree function frees memory allocated by CryptMemAlloc or CryptMemRealloc.
/// A pointer to the buffer to be freed.
/// This function does not return a value.
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptmemfree void CryptMemFree( LPVOID pv );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "fb5c10ba-da8e-4a34-9302-67586a0a9624")]
public static extern void CryptMemFree(IntPtr pv);
///
/// The CryptMemRealloc function frees the memory currently allocated for a buffer and allocates memory for a new buffer.
///
/// A pointer to a currently allocated buffer.
/// Number of bytes to be allocated.
///
/// Returns a pointer to the buffer allocated. If the function fails, NULL is returned. When you have finished using the
/// buffer, free the memory by calling the CryptMemFree function.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptmemrealloc LPVOID CryptMemRealloc( LPVOID pv, ULONG
// cbSize );
[DllImport(Lib.Crypt32, SetLastError = false, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "74bdd2dd-9f05-4d36-8323-79d547820068")]
public static extern IntPtr CryptMemRealloc(IntPtr pv, uint cbSize);
///
/// Indicates the type of the object to be queried. This must be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_QUERY_OBJECT_BLOB
/// The object is stored in a structure in memory.
///
/// -
/// CERT_QUERY_OBJECT_FILE
/// The object is stored in a file.
///
///
/// A pointer to the object to be queried. The type of data pointer depends on the contents of the dwObjectType parameter.
///
///
/// dwObjectType value
/// Meaning
///
/// -
/// CERT_QUERY_OBJECT_BLOB
/// This parameter is a pointer to a CERT_BLOB, or similar, structure that contains the object to query.
///
/// -
/// CERT_QUERY_OBJECT_FILE
/// This parameter is a pointer to a null-terminated Unicode string that contains the path and name of the file to query.
///
///
/// Indicates the expected content type. This can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_QUERY_CONTENT_FLAG_ALL
///
/// The content can be any type. This does not include the CERT_QUERY_CONTENT_FLAG_PFX_AND_LOAD flag. If this flag is specified,
/// this function will attempt to obtain information about the object, trying different content types until the proper content type
/// is found or the content types are exhausted. This is obviously inefficient, so this flag should only be used if the content type
/// is not known.
///
///
/// -
/// CERT_QUERY_CONTENT_FLAG_CERT
/// The content is a single certificate.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_CERT_PAIR
///
/// The content is an Abstract Syntax Notation One (ASN.1) encoded X509_CERT_PAIR (an encoded certificate pair that contains either
/// forward, reverse, or forward and reverse cross certificates).
///
///
/// -
/// CERT_QUERY_CONTENT_FLAG_CRL
/// The content is a single CRL.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_CTL
/// The content is a single CTL.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_PFX
///
/// The content is a PFX (PKCS #12) packet, but it will not be loaded by this function. You can use the PFXImportCertStore function
/// to load this into a store.
///
///
/// -
/// CERT_QUERY_CONTENT_FLAG_PFX_AND_LOAD
///
/// The content is a PFX (PKCS #12) packet and will be loaded by this function subject to the conditions specified in the following
/// note. Windows Server 2003 and Windows XP: This value is not supported.
///
///
/// -
/// CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED
/// The content is a PKCS #7 signed message.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED
/// The content is an embedded PKCS #7 signed message.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED
/// The content is a PKCS #7 unsigned message.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_PKCS10
/// The content is a PKCS #10 message.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT
/// The content is a serialized single certificate.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_SERIALIZED_CRL
/// The content is a serialized single CRL.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_SERIALIZED_CTL
/// The content is serialized single CTL.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE
/// The content is a serialized store.
///
///
/// Indicates the expected format of the returned type. This can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_QUERY_FORMAT_FLAG_ALL
/// The content can be returned in any format.
///
/// -
/// CERT_QUERY_FORMAT_FLAG_ASN_ASCII_HEX_ENCODED
/// The content should be returned in ASCII hex-encoded format with a "{ASN}" prefix.
///
/// -
/// CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED
/// The content should be returned in Base64 encoded format.
///
/// -
/// CERT_QUERY_FORMAT_FLAG_BINARY
/// The content should be returned in binary format.
///
///
/// This parameter is reserved for future use and must be set to zero.
///
/// A pointer to a DWORD value that receives the type of encoding used in the message. If this information is not needed, set
/// this parameter to NULL.
///
/// This parameter can receives a combination of one or more of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// PKCS_7_ASN_ENCODING 65536 (0x10000)
/// Specifies PKCS 7 message encoding.
///
/// -
/// X509_ASN_ENCODING 1 (0x1)
/// Specifies X.509 certificate encoding.
///
///
///
/// A pointer to a DWORD value that receives the actual type of the content. If this information is not needed, set this
/// parameter to NULL. The returned content type can be one of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// CERT_QUERY_CONTENT_CERT
/// The content is a single certificate.
///
/// -
/// CERT_QUERY_CONTENT_CERT_PAIR
/// The content is an ASN.1 encoded X509_CERT_pair.
///
/// -
/// CERT_QUERY_CONTENT_CRL
/// The content is a single CRL.
///
/// -
/// CERT_QUERY_CONTENT_CTL
/// The content is a single CTL.
///
/// -
/// CERT_QUERY_CONTENT_PFX
///
/// The content is a PFX (PKCS #12) packet. This function only verifies that the object is a PKCS #12 packet. The PKCS #12 packet is
/// not loaded into a certificate store.
///
///
/// -
/// CERT_QUERY_CONTENT_PFX_AND_LOAD
///
/// The content is a PFX (PKCS #12) packet, and it has been loaded into a certificate store. Windows Server 2003 and Windows XP:
/// This value is not supported.
///
///
/// -
/// CERT_QUERY_CONTENT_PKCS7_SIGNED
/// The content is a PKCS #7 signed message.
///
/// -
/// CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED
/// The content is an embedded PKCS #7 signed message.
///
/// -
/// CERT_QUERY_CONTENT_PKCS7_UNSIGNED
/// The content is a PKCS #7 unsigned message.
///
/// -
/// CERT_QUERY_CONTENT_PKCS10
/// The content is a PKCS #10 message.
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_CERT
/// The content is a serialized single certificate.
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_CRL
/// The content is a serialized single CRL.
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_CTL
/// The content is a serialized single CTL.
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_STORE
/// The content is a serialized store.
///
///
///
/// A pointer to a DWORD value that receives the actual format type of the content. If this information is not needed, set
/// this parameter to NULL. The returned format type can be one of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// CERT_QUERY_FORMAT_ASN_ASCII_HEX_ENCODED
/// The content is in ASCII hex-encoded format with an "{ASN}" prefix.
///
/// -
/// CERT_QUERY_FORMAT_BASE64_ENCODED
/// The content is in Base64 encoded format.
///
/// -
/// CERT_QUERY_FORMAT_BINARY
/// The content is in binary format.
///
///
///
/// A pointer to an HCERTSTORE value that receives a handle to a certificate store that includes all of the certificates,
/// CRLs, and CTLs in the object.
///
///
/// This parameter only receives a certificate store handle when the dwContentType parameter receives one of the following values.
/// This parameter receives NULL for all other content types.
///
/// CERT_QUERY_CONTENT_CERT
/// CERT_QUERY_CONTENT_CRL
/// CERT_QUERY_CONTENT_CTL
/// CERT_QUERY_CONTENT_PFX_AND_LOAD
/// CERT_QUERY_CONTENT_PKCS7_SIGNED
/// CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED
/// CERT_QUERY_CONTENT_SERIALIZED_CERT
/// CERT_QUERY_CONTENT_SERIALIZED_CRL
/// CERT_QUERY_CONTENT_SERIALIZED_CTL
/// CERT_QUERY_CONTENT_SERIALIZED_STORE
/// When you have finished using the handle, free it by passing the handle to the CertCloseStore function.
/// If this information is not needed, set this parameter to NULL.
/// A pointer to an HCRYPTMSG value that receives the handle of an opened message.
///
/// This parameter only receives a message handle when the dwContentType parameter receives one of the following values. This
/// parameter receives NULL for all other content types.
///
/// CERT_QUERY_CONTENT_PKCS7_SIGNED
/// CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED
/// CERT_QUERY_CONTENT_PKCS7_UNSIGNED
/// When you have finished using the handle, free it by passing the handle to the CryptMsgClose function.
/// If this information is not needed, set this parameter to NULL.
/// A pointer to a pointer that receives additional information about the object.
///
/// The format of this data depends on the value received by the dwContentType parameter. The following table lists the format of
/// the data for the specified dwContentType value.
///
///
///
/// dwContentType value
/// Meaning
///
/// -
/// CERT_QUERY_CONTENT_CERT
///
/// This parameter receives a pointer to a CERT_CONTEXT structure. When you have finished using the structure, free it by passing
/// this pointer to the CertFreeCertificateContext function.
///
///
/// -
/// CERT_QUERY_CONTENT_CRL
///
/// This parameter receives a pointer to a CRL_CONTEXT structure. When you have finished using the structure, free it by passing
/// this pointer to the CertFreeCRLContext function.
///
///
/// -
/// CERT_QUERY_CONTENT_CTL
///
/// This parameter receives a pointer to a CTL_CONTEXT structure. When you have finished using the structure, free it by passing
/// this pointer to the CertFreeCTLContext function.
///
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_CERT
///
/// This parameter receives a pointer to a CERT_CONTEXT structure. When you have finished using the structure, free it by passing
/// this pointer to the CertFreeCertificateContext function.
///
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_CRL
///
/// This parameter receives a pointer to a CRL_CONTEXT structure. When you have finished using the structure, free it by passing
/// this pointer to the CertFreeCRLContext function.
///
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_CTL
///
/// This parameter receives a pointer to a CTL_CONTEXT structure. When you have finished using the structure, free it by passing
/// this pointer to the CertFreeCTLContext function.
///
///
///
/// If this information is not needed, set this parameter to NULL.
///
///
/// Indicates the type of the object to be queried. This must be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_QUERY_OBJECT_BLOB
/// The object is stored in a structure in memory.
///
/// -
/// CERT_QUERY_OBJECT_FILE
/// The object is stored in a file.
///
///
///
///
/// A pointer to the object to be queried. The type of data pointer depends on the contents of the dwObjectType parameter.
///
///
/// dwObjectType value
/// Meaning
///
/// -
/// CERT_QUERY_OBJECT_BLOB
/// This parameter is a pointer to a CERT_BLOB, or similar, structure that contains the object to query.
///
/// -
/// CERT_QUERY_OBJECT_FILE
/// This parameter is a pointer to a null-terminated Unicode string that contains the path and name of the file to query.
///
///
///
///
/// Indicates the expected content type. This can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_QUERY_CONTENT_FLAG_ALL
///
/// The content can be any type. This does not include the CERT_QUERY_CONTENT_FLAG_PFX_AND_LOAD flag. If this flag is specified,
/// this function will attempt to obtain information about the object, trying different content types until the proper content type
/// is found or the content types are exhausted. This is obviously inefficient, so this flag should only be used if the content type
/// is not known.
///
///
/// -
/// CERT_QUERY_CONTENT_FLAG_CERT
/// The content is a single certificate.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_CERT_PAIR
///
/// The content is an Abstract Syntax Notation One (ASN.1) encoded X509_CERT_PAIR (an encoded certificate pair that contains either
/// forward, reverse, or forward and reverse cross certificates).
///
///
/// -
/// CERT_QUERY_CONTENT_FLAG_CRL
/// The content is a single CRL.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_CTL
/// The content is a single CTL.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_PFX
///
/// The content is a PFX (PKCS #12) packet, but it will not be loaded by this function. You can use the PFXImportCertStore function
/// to load this into a store.
///
///
/// -
/// CERT_QUERY_CONTENT_FLAG_PFX_AND_LOAD
///
/// The content is a PFX (PKCS #12) packet and will be loaded by this function subject to the conditions specified in the following
/// note. Windows Server 2003 and Windows XP: This value is not supported.
///
///
/// -
/// CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED
/// The content is a PKCS #7 signed message.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED
/// The content is an embedded PKCS #7 signed message.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED
/// The content is a PKCS #7 unsigned message.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_PKCS10
/// The content is a PKCS #10 message.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT
/// The content is a serialized single certificate.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_SERIALIZED_CRL
/// The content is a serialized single CRL.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_SERIALIZED_CTL
/// The content is serialized single CTL.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE
/// The content is a serialized store.
///
///
///
///
/// Indicates the expected format of the returned type. This can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_QUERY_FORMAT_FLAG_ALL
/// The content can be returned in any format.
///
/// -
/// CERT_QUERY_FORMAT_FLAG_ASN_ASCII_HEX_ENCODED
/// The content should be returned in ASCII hex-encoded format with a "{ASN}" prefix.
///
/// -
/// CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED
/// The content should be returned in Base64 encoded format.
///
/// -
/// CERT_QUERY_FORMAT_FLAG_BINARY
/// The content should be returned in binary format.
///
///
///
/// This parameter is reserved for future use and must be set to zero.
///
///
/// A pointer to a DWORD value that receives the type of encoding used in the message. If this information is not needed, set
/// this parameter to NULL.
///
/// This parameter can receives a combination of one or more of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// PKCS_7_ASN_ENCODING 65536 (0x10000)
/// Specifies PKCS 7 message encoding.
///
/// -
/// X509_ASN_ENCODING 1 (0x1)
/// Specifies X.509 certificate encoding.
///
///
///
///
///
/// A pointer to a DWORD value that receives the actual type of the content. If this information is not needed, set this
/// parameter to NULL. The returned content type can be one of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// CERT_QUERY_CONTENT_CERT
/// The content is a single certificate.
///
/// -
/// CERT_QUERY_CONTENT_CERT_PAIR
/// The content is an ASN.1 encoded X509_CERT_pair.
///
/// -
/// CERT_QUERY_CONTENT_CRL
/// The content is a single CRL.
///
/// -
/// CERT_QUERY_CONTENT_CTL
/// The content is a single CTL.
///
/// -
/// CERT_QUERY_CONTENT_PFX
///
/// The content is a PFX (PKCS #12) packet. This function only verifies that the object is a PKCS #12 packet. The PKCS #12 packet is
/// not loaded into a certificate store.
///
///
/// -
/// CERT_QUERY_CONTENT_PFX_AND_LOAD
///
/// The content is a PFX (PKCS #12) packet, and it has been loaded into a certificate store. Windows Server 2003 and Windows XP:
/// This value is not supported.
///
///
/// -
/// CERT_QUERY_CONTENT_PKCS7_SIGNED
/// The content is a PKCS #7 signed message.
///
/// -
/// CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED
/// The content is an embedded PKCS #7 signed message.
///
/// -
/// CERT_QUERY_CONTENT_PKCS7_UNSIGNED
/// The content is a PKCS #7 unsigned message.
///
/// -
/// CERT_QUERY_CONTENT_PKCS10
/// The content is a PKCS #10 message.
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_CERT
/// The content is a serialized single certificate.
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_CRL
/// The content is a serialized single CRL.
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_CTL
/// The content is a serialized single CTL.
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_STORE
/// The content is a serialized store.
///
///
///
///
///
/// A pointer to a DWORD value that receives the actual format type of the content. If this information is not needed, set
/// this parameter to NULL. The returned format type can be one of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// CERT_QUERY_FORMAT_ASN_ASCII_HEX_ENCODED
/// The content is in ASCII hex-encoded format with an "{ASN}" prefix.
///
/// -
/// CERT_QUERY_FORMAT_BASE64_ENCODED
/// The content is in Base64 encoded format.
///
/// -
/// CERT_QUERY_FORMAT_BINARY
/// The content is in binary format.
///
///
///
///
///
/// A pointer to an HCERTSTORE value that receives a handle to a certificate store that includes all of the certificates,
/// CRLs, and CTLs in the object.
///
///
/// This parameter only receives a certificate store handle when the dwContentType parameter receives one of the following values.
/// This parameter receives NULL for all other content types.
///
/// CERT_QUERY_CONTENT_CERT
/// CERT_QUERY_CONTENT_CRL
/// CERT_QUERY_CONTENT_CTL
/// CERT_QUERY_CONTENT_PFX_AND_LOAD
/// CERT_QUERY_CONTENT_PKCS7_SIGNED
/// CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED
/// CERT_QUERY_CONTENT_SERIALIZED_CERT
/// CERT_QUERY_CONTENT_SERIALIZED_CRL
/// CERT_QUERY_CONTENT_SERIALIZED_CTL
/// CERT_QUERY_CONTENT_SERIALIZED_STORE
/// When you have finished using the handle, free it by passing the handle to the CertCloseStore function.
/// If this information is not needed, set this parameter to NULL.
///
///
/// A pointer to an HCRYPTMSG value that receives the handle of an opened message.
///
/// This parameter only receives a message handle when the dwContentType parameter receives one of the following values. This
/// parameter receives NULL for all other content types.
///
/// CERT_QUERY_CONTENT_PKCS7_SIGNED
/// CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED
/// CERT_QUERY_CONTENT_PKCS7_UNSIGNED
/// When you have finished using the handle, free it by passing the handle to the CryptMsgClose function.
/// If this information is not needed, set this parameter to NULL.
///
///
/// A pointer to a pointer that receives additional information about the object.
///
/// The format of this data depends on the value received by the dwContentType parameter. The following table lists the format of
/// the data for the specified dwContentType value.
///
///
///
/// dwContentType value
/// Meaning
///
/// -
/// CERT_QUERY_CONTENT_CERT
///
/// This parameter receives a pointer to a CERT_CONTEXT structure. When you have finished using the structure, free it by passing
/// this pointer to the CertFreeCertificateContext function.
///
///
/// -
/// CERT_QUERY_CONTENT_CRL
///
/// This parameter receives a pointer to a CRL_CONTEXT structure. When you have finished using the structure, free it by passing
/// this pointer to the CertFreeCRLContext function.
///
///
/// -
/// CERT_QUERY_CONTENT_CTL
///
/// This parameter receives a pointer to a CTL_CONTEXT structure. When you have finished using the structure, free it by passing
/// this pointer to the CertFreeCTLContext function.
///
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_CERT
///
/// This parameter receives a pointer to a CERT_CONTEXT structure. When you have finished using the structure, free it by passing
/// this pointer to the CertFreeCertificateContext function.
///
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_CRL
///
/// This parameter receives a pointer to a CRL_CONTEXT structure. When you have finished using the structure, free it by passing
/// this pointer to the CertFreeCRLContext function.
///
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_CTL
///
/// This parameter receives a pointer to a CTL_CONTEXT structure. When you have finished using the structure, free it by passing
/// this pointer to the CertFreeCTLContext function.
///
///
///
/// If this information is not needed, set this parameter to NULL.
///
///
/// If the function succeeds, the function returns nonzero.
/// If the function fails, it returns zero. For extended error information, call GetLastError.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptqueryobject BOOL CryptQueryObject( DWORD
// dwObjectType, const void *pvObject, DWORD dwExpectedContentTypeFlags, DWORD dwExpectedFormatTypeFlags, DWORD dwFlags, DWORD
// *pdwMsgAndCertEncodingType, DWORD *pdwContentType, DWORD *pdwFormatType, HCERTSTORE *phCertStore, HCRYPTMSG *phMsg, const void
// **ppvContext );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "d882f2b0-0f0a-41c7-afca-a232dc00797b")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptQueryObject(CertQueryObjectType dwObjectType, [In] IntPtr pvObject, CertQueryContentFlags dwExpectedContentTypeFlags, CertQueryFormatFlags dwExpectedFormatTypeFlags,
[Optional] uint dwFlags, out CertEncodingType pdwMsgAndCertEncodingType, out CertQueryContentType pdwContentType, out CertQueryFormatType pdwFormatType, out SafeHCERTSTORE phCertStore,
out SafeHCRYPTMSG phMsg, out SafePCCERT_CONTEXT ppvContext);
///
/// Indicates the type of the object to be queried. This must be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_QUERY_OBJECT_BLOB
/// The object is stored in a structure in memory.
///
/// -
/// CERT_QUERY_OBJECT_FILE
/// The object is stored in a file.
///
///
/// A pointer to the object to be queried. The type of data pointer depends on the contents of the dwObjectType parameter.
///
///
/// dwObjectType value
/// Meaning
///
/// -
/// CERT_QUERY_OBJECT_BLOB
/// This parameter is a pointer to a CERT_BLOB, or similar, structure that contains the object to query.
///
/// -
/// CERT_QUERY_OBJECT_FILE
/// This parameter is a pointer to a null-terminated Unicode string that contains the path and name of the file to query.
///
///
/// Indicates the expected content type. This can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_QUERY_CONTENT_FLAG_ALL
///
/// The content can be any type. This does not include the CERT_QUERY_CONTENT_FLAG_PFX_AND_LOAD flag. If this flag is specified,
/// this function will attempt to obtain information about the object, trying different content types until the proper content type
/// is found or the content types are exhausted. This is obviously inefficient, so this flag should only be used if the content type
/// is not known.
///
///
/// -
/// CERT_QUERY_CONTENT_FLAG_CERT
/// The content is a single certificate.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_CERT_PAIR
///
/// The content is an Abstract Syntax Notation One (ASN.1) encoded X509_CERT_PAIR (an encoded certificate pair that contains either
/// forward, reverse, or forward and reverse cross certificates).
///
///
/// -
/// CERT_QUERY_CONTENT_FLAG_CRL
/// The content is a single CRL.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_CTL
/// The content is a single CTL.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_PFX
///
/// The content is a PFX (PKCS #12) packet, but it will not be loaded by this function. You can use the PFXImportCertStore function
/// to load this into a store.
///
///
/// -
/// CERT_QUERY_CONTENT_FLAG_PFX_AND_LOAD
///
/// The content is a PFX (PKCS #12) packet and will be loaded by this function subject to the conditions specified in the following
/// note. Windows Server 2003 and Windows XP: This value is not supported.
///
///
/// -
/// CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED
/// The content is a PKCS #7 signed message.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED
/// The content is an embedded PKCS #7 signed message.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED
/// The content is a PKCS #7 unsigned message.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_PKCS10
/// The content is a PKCS #10 message.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT
/// The content is a serialized single certificate.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_SERIALIZED_CRL
/// The content is a serialized single CRL.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_SERIALIZED_CTL
/// The content is serialized single CTL.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE
/// The content is a serialized store.
///
///
/// Indicates the expected format of the returned type. This can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_QUERY_FORMAT_FLAG_ALL
/// The content can be returned in any format.
///
/// -
/// CERT_QUERY_FORMAT_FLAG_ASN_ASCII_HEX_ENCODED
/// The content should be returned in ASCII hex-encoded format with a "{ASN}" prefix.
///
/// -
/// CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED
/// The content should be returned in Base64 encoded format.
///
/// -
/// CERT_QUERY_FORMAT_FLAG_BINARY
/// The content should be returned in binary format.
///
///
/// This parameter is reserved for future use and must be set to zero.
///
/// A pointer to a DWORD value that receives the type of encoding used in the message. If this information is not needed, set
/// this parameter to NULL.
///
/// This parameter can receives a combination of one or more of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// PKCS_7_ASN_ENCODING 65536 (0x10000)
/// Specifies PKCS 7 message encoding.
///
/// -
/// X509_ASN_ENCODING 1 (0x1)
/// Specifies X.509 certificate encoding.
///
///
///
/// A pointer to a DWORD value that receives the actual type of the content. If this information is not needed, set this
/// parameter to NULL. The returned content type can be one of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// CERT_QUERY_CONTENT_CERT
/// The content is a single certificate.
///
/// -
/// CERT_QUERY_CONTENT_CERT_PAIR
/// The content is an ASN.1 encoded X509_CERT_pair.
///
/// -
/// CERT_QUERY_CONTENT_CRL
/// The content is a single CRL.
///
/// -
/// CERT_QUERY_CONTENT_CTL
/// The content is a single CTL.
///
/// -
/// CERT_QUERY_CONTENT_PFX
///
/// The content is a PFX (PKCS #12) packet. This function only verifies that the object is a PKCS #12 packet. The PKCS #12 packet is
/// not loaded into a certificate store.
///
///
/// -
/// CERT_QUERY_CONTENT_PFX_AND_LOAD
///
/// The content is a PFX (PKCS #12) packet, and it has been loaded into a certificate store. Windows Server 2003 and Windows XP:
/// This value is not supported.
///
///
/// -
/// CERT_QUERY_CONTENT_PKCS7_SIGNED
/// The content is a PKCS #7 signed message.
///
/// -
/// CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED
/// The content is an embedded PKCS #7 signed message.
///
/// -
/// CERT_QUERY_CONTENT_PKCS7_UNSIGNED
/// The content is a PKCS #7 unsigned message.
///
/// -
/// CERT_QUERY_CONTENT_PKCS10
/// The content is a PKCS #10 message.
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_CERT
/// The content is a serialized single certificate.
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_CRL
/// The content is a serialized single CRL.
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_CTL
/// The content is a serialized single CTL.
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_STORE
/// The content is a serialized store.
///
///
///
/// A pointer to a DWORD value that receives the actual format type of the content. If this information is not needed, set
/// this parameter to NULL. The returned format type can be one of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// CERT_QUERY_FORMAT_ASN_ASCII_HEX_ENCODED
/// The content is in ASCII hex-encoded format with an "{ASN}" prefix.
///
/// -
/// CERT_QUERY_FORMAT_BASE64_ENCODED
/// The content is in Base64 encoded format.
///
/// -
/// CERT_QUERY_FORMAT_BINARY
/// The content is in binary format.
///
///
///
/// A pointer to an HCERTSTORE value that receives a handle to a certificate store that includes all of the certificates,
/// CRLs, and CTLs in the object.
///
///
/// This parameter only receives a certificate store handle when the dwContentType parameter receives one of the following values.
/// This parameter receives NULL for all other content types.
///
/// CERT_QUERY_CONTENT_CERT
/// CERT_QUERY_CONTENT_CRL
/// CERT_QUERY_CONTENT_CTL
/// CERT_QUERY_CONTENT_PFX_AND_LOAD
/// CERT_QUERY_CONTENT_PKCS7_SIGNED
/// CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED
/// CERT_QUERY_CONTENT_SERIALIZED_CERT
/// CERT_QUERY_CONTENT_SERIALIZED_CRL
/// CERT_QUERY_CONTENT_SERIALIZED_CTL
/// CERT_QUERY_CONTENT_SERIALIZED_STORE
/// When you have finished using the handle, free it by passing the handle to the CertCloseStore function.
/// If this information is not needed, set this parameter to NULL.
/// A pointer to an HCRYPTMSG value that receives the handle of an opened message.
///
/// This parameter only receives a message handle when the dwContentType parameter receives one of the following values. This
/// parameter receives NULL for all other content types.
///
/// CERT_QUERY_CONTENT_PKCS7_SIGNED
/// CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED
/// CERT_QUERY_CONTENT_PKCS7_UNSIGNED
/// When you have finished using the handle, free it by passing the handle to the CryptMsgClose function.
/// If this information is not needed, set this parameter to NULL.
/// A pointer to a pointer that receives additional information about the object.
///
/// The format of this data depends on the value received by the dwContentType parameter. The following table lists the format of
/// the data for the specified dwContentType value.
///
///
///
/// dwContentType value
/// Meaning
///
/// -
/// CERT_QUERY_CONTENT_CERT
///
/// This parameter receives a pointer to a CERT_CONTEXT structure. When you have finished using the structure, free it by passing
/// this pointer to the CertFreeCertificateContext function.
///
///
/// -
/// CERT_QUERY_CONTENT_CRL
///
/// This parameter receives a pointer to a CRL_CONTEXT structure. When you have finished using the structure, free it by passing
/// this pointer to the CertFreeCRLContext function.
///
///
/// -
/// CERT_QUERY_CONTENT_CTL
///
/// This parameter receives a pointer to a CTL_CONTEXT structure. When you have finished using the structure, free it by passing
/// this pointer to the CertFreeCTLContext function.
///
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_CERT
///
/// This parameter receives a pointer to a CERT_CONTEXT structure. When you have finished using the structure, free it by passing
/// this pointer to the CertFreeCertificateContext function.
///
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_CRL
///
/// This parameter receives a pointer to a CRL_CONTEXT structure. When you have finished using the structure, free it by passing
/// this pointer to the CertFreeCRLContext function.
///
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_CTL
///
/// This parameter receives a pointer to a CTL_CONTEXT structure. When you have finished using the structure, free it by passing
/// this pointer to the CertFreeCTLContext function.
///
///
///
/// If this information is not needed, set this parameter to NULL.
///
///
/// Indicates the type of the object to be queried. This must be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_QUERY_OBJECT_BLOB
/// The object is stored in a structure in memory.
///
/// -
/// CERT_QUERY_OBJECT_FILE
/// The object is stored in a file.
///
///
///
///
/// A pointer to the object to be queried. The type of data pointer depends on the contents of the dwObjectType parameter.
///
///
/// dwObjectType value
/// Meaning
///
/// -
/// CERT_QUERY_OBJECT_BLOB
/// This parameter is a pointer to a CERT_BLOB, or similar, structure that contains the object to query.
///
/// -
/// CERT_QUERY_OBJECT_FILE
/// This parameter is a pointer to a null-terminated Unicode string that contains the path and name of the file to query.
///
///
///
///
/// Indicates the expected content type. This can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_QUERY_CONTENT_FLAG_ALL
///
/// The content can be any type. This does not include the CERT_QUERY_CONTENT_FLAG_PFX_AND_LOAD flag. If this flag is specified,
/// this function will attempt to obtain information about the object, trying different content types until the proper content type
/// is found or the content types are exhausted. This is obviously inefficient, so this flag should only be used if the content type
/// is not known.
///
///
/// -
/// CERT_QUERY_CONTENT_FLAG_CERT
/// The content is a single certificate.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_CERT_PAIR
///
/// The content is an Abstract Syntax Notation One (ASN.1) encoded X509_CERT_PAIR (an encoded certificate pair that contains either
/// forward, reverse, or forward and reverse cross certificates).
///
///
/// -
/// CERT_QUERY_CONTENT_FLAG_CRL
/// The content is a single CRL.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_CTL
/// The content is a single CTL.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_PFX
///
/// The content is a PFX (PKCS #12) packet, but it will not be loaded by this function. You can use the PFXImportCertStore function
/// to load this into a store.
///
///
/// -
/// CERT_QUERY_CONTENT_FLAG_PFX_AND_LOAD
///
/// The content is a PFX (PKCS #12) packet and will be loaded by this function subject to the conditions specified in the following
/// note. Windows Server 2003 and Windows XP: This value is not supported.
///
///
/// -
/// CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED
/// The content is a PKCS #7 signed message.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED
/// The content is an embedded PKCS #7 signed message.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED
/// The content is a PKCS #7 unsigned message.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_PKCS10
/// The content is a PKCS #10 message.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT
/// The content is a serialized single certificate.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_SERIALIZED_CRL
/// The content is a serialized single CRL.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_SERIALIZED_CTL
/// The content is serialized single CTL.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE
/// The content is a serialized store.
///
///
///
///
/// Indicates the expected format of the returned type. This can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_QUERY_FORMAT_FLAG_ALL
/// The content can be returned in any format.
///
/// -
/// CERT_QUERY_FORMAT_FLAG_ASN_ASCII_HEX_ENCODED
/// The content should be returned in ASCII hex-encoded format with a "{ASN}" prefix.
///
/// -
/// CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED
/// The content should be returned in Base64 encoded format.
///
/// -
/// CERT_QUERY_FORMAT_FLAG_BINARY
/// The content should be returned in binary format.
///
///
///
/// This parameter is reserved for future use and must be set to zero.
///
///
/// A pointer to a DWORD value that receives the type of encoding used in the message. If this information is not needed, set
/// this parameter to NULL.
///
/// This parameter can receives a combination of one or more of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// PKCS_7_ASN_ENCODING 65536 (0x10000)
/// Specifies PKCS 7 message encoding.
///
/// -
/// X509_ASN_ENCODING 1 (0x1)
/// Specifies X.509 certificate encoding.
///
///
///
///
///
/// A pointer to a DWORD value that receives the actual type of the content. If this information is not needed, set this
/// parameter to NULL. The returned content type can be one of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// CERT_QUERY_CONTENT_CERT
/// The content is a single certificate.
///
/// -
/// CERT_QUERY_CONTENT_CERT_PAIR
/// The content is an ASN.1 encoded X509_CERT_pair.
///
/// -
/// CERT_QUERY_CONTENT_CRL
/// The content is a single CRL.
///
/// -
/// CERT_QUERY_CONTENT_CTL
/// The content is a single CTL.
///
/// -
/// CERT_QUERY_CONTENT_PFX
///
/// The content is a PFX (PKCS #12) packet. This function only verifies that the object is a PKCS #12 packet. The PKCS #12 packet is
/// not loaded into a certificate store.
///
///
/// -
/// CERT_QUERY_CONTENT_PFX_AND_LOAD
///
/// The content is a PFX (PKCS #12) packet, and it has been loaded into a certificate store. Windows Server 2003 and Windows XP:
/// This value is not supported.
///
///
/// -
/// CERT_QUERY_CONTENT_PKCS7_SIGNED
/// The content is a PKCS #7 signed message.
///
/// -
/// CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED
/// The content is an embedded PKCS #7 signed message.
///
/// -
/// CERT_QUERY_CONTENT_PKCS7_UNSIGNED
/// The content is a PKCS #7 unsigned message.
///
/// -
/// CERT_QUERY_CONTENT_PKCS10
/// The content is a PKCS #10 message.
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_CERT
/// The content is a serialized single certificate.
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_CRL
/// The content is a serialized single CRL.
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_CTL
/// The content is a serialized single CTL.
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_STORE
/// The content is a serialized store.
///
///
///
///
///
/// A pointer to a DWORD value that receives the actual format type of the content. If this information is not needed, set
/// this parameter to NULL. The returned format type can be one of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// CERT_QUERY_FORMAT_ASN_ASCII_HEX_ENCODED
/// The content is in ASCII hex-encoded format with an "{ASN}" prefix.
///
/// -
/// CERT_QUERY_FORMAT_BASE64_ENCODED
/// The content is in Base64 encoded format.
///
/// -
/// CERT_QUERY_FORMAT_BINARY
/// The content is in binary format.
///
///
///
///
///
/// A pointer to an HCERTSTORE value that receives a handle to a certificate store that includes all of the certificates,
/// CRLs, and CTLs in the object.
///
///
/// This parameter only receives a certificate store handle when the dwContentType parameter receives one of the following values.
/// This parameter receives NULL for all other content types.
///
/// CERT_QUERY_CONTENT_CERT
/// CERT_QUERY_CONTENT_CRL
/// CERT_QUERY_CONTENT_CTL
/// CERT_QUERY_CONTENT_PFX_AND_LOAD
/// CERT_QUERY_CONTENT_PKCS7_SIGNED
/// CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED
/// CERT_QUERY_CONTENT_SERIALIZED_CERT
/// CERT_QUERY_CONTENT_SERIALIZED_CRL
/// CERT_QUERY_CONTENT_SERIALIZED_CTL
/// CERT_QUERY_CONTENT_SERIALIZED_STORE
/// When you have finished using the handle, free it by passing the handle to the CertCloseStore function.
/// If this information is not needed, set this parameter to NULL.
///
///
/// A pointer to an HCRYPTMSG value that receives the handle of an opened message.
///
/// This parameter only receives a message handle when the dwContentType parameter receives one of the following values. This
/// parameter receives NULL for all other content types.
///
/// CERT_QUERY_CONTENT_PKCS7_SIGNED
/// CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED
/// CERT_QUERY_CONTENT_PKCS7_UNSIGNED
/// When you have finished using the handle, free it by passing the handle to the CryptMsgClose function.
/// If this information is not needed, set this parameter to NULL.
///
///
/// A pointer to a pointer that receives additional information about the object.
///
/// The format of this data depends on the value received by the dwContentType parameter. The following table lists the format of
/// the data for the specified dwContentType value.
///
///
///
/// dwContentType value
/// Meaning
///
/// -
/// CERT_QUERY_CONTENT_CERT
///
/// This parameter receives a pointer to a CERT_CONTEXT structure. When you have finished using the structure, free it by passing
/// this pointer to the CertFreeCertificateContext function.
///
///
/// -
/// CERT_QUERY_CONTENT_CRL
///
/// This parameter receives a pointer to a CRL_CONTEXT structure. When you have finished using the structure, free it by passing
/// this pointer to the CertFreeCRLContext function.
///
///
/// -
/// CERT_QUERY_CONTENT_CTL
///
/// This parameter receives a pointer to a CTL_CONTEXT structure. When you have finished using the structure, free it by passing
/// this pointer to the CertFreeCTLContext function.
///
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_CERT
///
/// This parameter receives a pointer to a CERT_CONTEXT structure. When you have finished using the structure, free it by passing
/// this pointer to the CertFreeCertificateContext function.
///
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_CRL
///
/// This parameter receives a pointer to a CRL_CONTEXT structure. When you have finished using the structure, free it by passing
/// this pointer to the CertFreeCRLContext function.
///
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_CTL
///
/// This parameter receives a pointer to a CTL_CONTEXT structure. When you have finished using the structure, free it by passing
/// this pointer to the CertFreeCTLContext function.
///
///
///
/// If this information is not needed, set this parameter to NULL.
///
///
/// If the function succeeds, the function returns nonzero.
/// If the function fails, it returns zero. For extended error information, call GetLastError.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptqueryobject BOOL CryptQueryObject( DWORD
// dwObjectType, const void *pvObject, DWORD dwExpectedContentTypeFlags, DWORD dwExpectedFormatTypeFlags, DWORD dwFlags, DWORD
// *pdwMsgAndCertEncodingType, DWORD *pdwContentType, DWORD *pdwFormatType, HCERTSTORE *phCertStore, HCRYPTMSG *phMsg, const void
// **ppvContext );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "d882f2b0-0f0a-41c7-afca-a232dc00797b")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptQueryObject(CertQueryObjectType dwObjectType, [In] IntPtr pvObject, CertQueryContentFlags dwExpectedContentTypeFlags, CertQueryFormatFlags dwExpectedFormatTypeFlags,
[Optional] uint dwFlags, out CertEncodingType pdwMsgAndCertEncodingType, out CertQueryContentType pdwContentType, out CertQueryFormatType pdwFormatType, out SafeHCERTSTORE phCertStore,
out SafeHCRYPTMSG phMsg, out SafePCCRL_CONTEXT ppvContext);
///
/// Indicates the type of the object to be queried. This must be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_QUERY_OBJECT_BLOB
/// The object is stored in a structure in memory.
///
/// -
/// CERT_QUERY_OBJECT_FILE
/// The object is stored in a file.
///
///
/// A pointer to the object to be queried. The type of data pointer depends on the contents of the dwObjectType parameter.
///
///
/// dwObjectType value
/// Meaning
///
/// -
/// CERT_QUERY_OBJECT_BLOB
/// This parameter is a pointer to a CERT_BLOB, or similar, structure that contains the object to query.
///
/// -
/// CERT_QUERY_OBJECT_FILE
/// This parameter is a pointer to a null-terminated Unicode string that contains the path and name of the file to query.
///
///
/// Indicates the expected content type. This can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_QUERY_CONTENT_FLAG_ALL
///
/// The content can be any type. This does not include the CERT_QUERY_CONTENT_FLAG_PFX_AND_LOAD flag. If this flag is specified,
/// this function will attempt to obtain information about the object, trying different content types until the proper content type
/// is found or the content types are exhausted. This is obviously inefficient, so this flag should only be used if the content type
/// is not known.
///
///
/// -
/// CERT_QUERY_CONTENT_FLAG_CERT
/// The content is a single certificate.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_CERT_PAIR
///
/// The content is an Abstract Syntax Notation One (ASN.1) encoded X509_CERT_PAIR (an encoded certificate pair that contains either
/// forward, reverse, or forward and reverse cross certificates).
///
///
/// -
/// CERT_QUERY_CONTENT_FLAG_CRL
/// The content is a single CRL.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_CTL
/// The content is a single CTL.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_PFX
///
/// The content is a PFX (PKCS #12) packet, but it will not be loaded by this function. You can use the PFXImportCertStore function
/// to load this into a store.
///
///
/// -
/// CERT_QUERY_CONTENT_FLAG_PFX_AND_LOAD
///
/// The content is a PFX (PKCS #12) packet and will be loaded by this function subject to the conditions specified in the following
/// note. Windows Server 2003 and Windows XP: This value is not supported.
///
///
/// -
/// CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED
/// The content is a PKCS #7 signed message.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED
/// The content is an embedded PKCS #7 signed message.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED
/// The content is a PKCS #7 unsigned message.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_PKCS10
/// The content is a PKCS #10 message.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT
/// The content is a serialized single certificate.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_SERIALIZED_CRL
/// The content is a serialized single CRL.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_SERIALIZED_CTL
/// The content is serialized single CTL.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE
/// The content is a serialized store.
///
///
/// Indicates the expected format of the returned type. This can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_QUERY_FORMAT_FLAG_ALL
/// The content can be returned in any format.
///
/// -
/// CERT_QUERY_FORMAT_FLAG_ASN_ASCII_HEX_ENCODED
/// The content should be returned in ASCII hex-encoded format with a "{ASN}" prefix.
///
/// -
/// CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED
/// The content should be returned in Base64 encoded format.
///
/// -
/// CERT_QUERY_FORMAT_FLAG_BINARY
/// The content should be returned in binary format.
///
///
/// This parameter is reserved for future use and must be set to zero.
///
/// A pointer to a DWORD value that receives the type of encoding used in the message. If this information is not needed, set
/// this parameter to NULL.
///
/// This parameter can receives a combination of one or more of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// PKCS_7_ASN_ENCODING 65536 (0x10000)
/// Specifies PKCS 7 message encoding.
///
/// -
/// X509_ASN_ENCODING 1 (0x1)
/// Specifies X.509 certificate encoding.
///
///
///
/// A pointer to a DWORD value that receives the actual type of the content. If this information is not needed, set this
/// parameter to NULL. The returned content type can be one of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// CERT_QUERY_CONTENT_CERT
/// The content is a single certificate.
///
/// -
/// CERT_QUERY_CONTENT_CERT_PAIR
/// The content is an ASN.1 encoded X509_CERT_pair.
///
/// -
/// CERT_QUERY_CONTENT_CRL
/// The content is a single CRL.
///
/// -
/// CERT_QUERY_CONTENT_CTL
/// The content is a single CTL.
///
/// -
/// CERT_QUERY_CONTENT_PFX
///
/// The content is a PFX (PKCS #12) packet. This function only verifies that the object is a PKCS #12 packet. The PKCS #12 packet is
/// not loaded into a certificate store.
///
///
/// -
/// CERT_QUERY_CONTENT_PFX_AND_LOAD
///
/// The content is a PFX (PKCS #12) packet, and it has been loaded into a certificate store. Windows Server 2003 and Windows XP:
/// This value is not supported.
///
///
/// -
/// CERT_QUERY_CONTENT_PKCS7_SIGNED
/// The content is a PKCS #7 signed message.
///
/// -
/// CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED
/// The content is an embedded PKCS #7 signed message.
///
/// -
/// CERT_QUERY_CONTENT_PKCS7_UNSIGNED
/// The content is a PKCS #7 unsigned message.
///
/// -
/// CERT_QUERY_CONTENT_PKCS10
/// The content is a PKCS #10 message.
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_CERT
/// The content is a serialized single certificate.
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_CRL
/// The content is a serialized single CRL.
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_CTL
/// The content is a serialized single CTL.
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_STORE
/// The content is a serialized store.
///
///
///
/// A pointer to a DWORD value that receives the actual format type of the content. If this information is not needed, set
/// this parameter to NULL. The returned format type can be one of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// CERT_QUERY_FORMAT_ASN_ASCII_HEX_ENCODED
/// The content is in ASCII hex-encoded format with an "{ASN}" prefix.
///
/// -
/// CERT_QUERY_FORMAT_BASE64_ENCODED
/// The content is in Base64 encoded format.
///
/// -
/// CERT_QUERY_FORMAT_BINARY
/// The content is in binary format.
///
///
///
/// A pointer to an HCERTSTORE value that receives a handle to a certificate store that includes all of the certificates,
/// CRLs, and CTLs in the object.
///
///
/// This parameter only receives a certificate store handle when the dwContentType parameter receives one of the following values.
/// This parameter receives NULL for all other content types.
///
/// CERT_QUERY_CONTENT_CERT
/// CERT_QUERY_CONTENT_CRL
/// CERT_QUERY_CONTENT_CTL
/// CERT_QUERY_CONTENT_PFX_AND_LOAD
/// CERT_QUERY_CONTENT_PKCS7_SIGNED
/// CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED
/// CERT_QUERY_CONTENT_SERIALIZED_CERT
/// CERT_QUERY_CONTENT_SERIALIZED_CRL
/// CERT_QUERY_CONTENT_SERIALIZED_CTL
/// CERT_QUERY_CONTENT_SERIALIZED_STORE
/// When you have finished using the handle, free it by passing the handle to the CertCloseStore function.
/// If this information is not needed, set this parameter to NULL.
/// A pointer to an HCRYPTMSG value that receives the handle of an opened message.
///
/// This parameter only receives a message handle when the dwContentType parameter receives one of the following values. This
/// parameter receives NULL for all other content types.
///
/// CERT_QUERY_CONTENT_PKCS7_SIGNED
/// CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED
/// CERT_QUERY_CONTENT_PKCS7_UNSIGNED
/// When you have finished using the handle, free it by passing the handle to the CryptMsgClose function.
/// If this information is not needed, set this parameter to NULL.
/// A pointer to a pointer that receives additional information about the object.
///
/// The format of this data depends on the value received by the dwContentType parameter. The following table lists the format of
/// the data for the specified dwContentType value.
///
///
///
/// dwContentType value
/// Meaning
///
/// -
/// CERT_QUERY_CONTENT_CERT
///
/// This parameter receives a pointer to a CERT_CONTEXT structure. When you have finished using the structure, free it by passing
/// this pointer to the CertFreeCertificateContext function.
///
///
/// -
/// CERT_QUERY_CONTENT_CRL
///
/// This parameter receives a pointer to a CRL_CONTEXT structure. When you have finished using the structure, free it by passing
/// this pointer to the CertFreeCRLContext function.
///
///
/// -
/// CERT_QUERY_CONTENT_CTL
///
/// This parameter receives a pointer to a CTL_CONTEXT structure. When you have finished using the structure, free it by passing
/// this pointer to the CertFreeCTLContext function.
///
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_CERT
///
/// This parameter receives a pointer to a CERT_CONTEXT structure. When you have finished using the structure, free it by passing
/// this pointer to the CertFreeCertificateContext function.
///
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_CRL
///
/// This parameter receives a pointer to a CRL_CONTEXT structure. When you have finished using the structure, free it by passing
/// this pointer to the CertFreeCRLContext function.
///
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_CTL
///
/// This parameter receives a pointer to a CTL_CONTEXT structure. When you have finished using the structure, free it by passing
/// this pointer to the CertFreeCTLContext function.
///
///
///
/// If this information is not needed, set this parameter to NULL.
///
///
/// Indicates the type of the object to be queried. This must be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_QUERY_OBJECT_BLOB
/// The object is stored in a structure in memory.
///
/// -
/// CERT_QUERY_OBJECT_FILE
/// The object is stored in a file.
///
///
///
///
/// A pointer to the object to be queried. The type of data pointer depends on the contents of the dwObjectType parameter.
///
///
/// dwObjectType value
/// Meaning
///
/// -
/// CERT_QUERY_OBJECT_BLOB
/// This parameter is a pointer to a CERT_BLOB, or similar, structure that contains the object to query.
///
/// -
/// CERT_QUERY_OBJECT_FILE
/// This parameter is a pointer to a null-terminated Unicode string that contains the path and name of the file to query.
///
///
///
///
/// Indicates the expected content type. This can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_QUERY_CONTENT_FLAG_ALL
///
/// The content can be any type. This does not include the CERT_QUERY_CONTENT_FLAG_PFX_AND_LOAD flag. If this flag is specified,
/// this function will attempt to obtain information about the object, trying different content types until the proper content type
/// is found or the content types are exhausted. This is obviously inefficient, so this flag should only be used if the content type
/// is not known.
///
///
/// -
/// CERT_QUERY_CONTENT_FLAG_CERT
/// The content is a single certificate.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_CERT_PAIR
///
/// The content is an Abstract Syntax Notation One (ASN.1) encoded X509_CERT_PAIR (an encoded certificate pair that contains either
/// forward, reverse, or forward and reverse cross certificates).
///
///
/// -
/// CERT_QUERY_CONTENT_FLAG_CRL
/// The content is a single CRL.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_CTL
/// The content is a single CTL.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_PFX
///
/// The content is a PFX (PKCS #12) packet, but it will not be loaded by this function. You can use the PFXImportCertStore function
/// to load this into a store.
///
///
/// -
/// CERT_QUERY_CONTENT_FLAG_PFX_AND_LOAD
///
/// The content is a PFX (PKCS #12) packet and will be loaded by this function subject to the conditions specified in the following
/// note. Windows Server 2003 and Windows XP: This value is not supported.
///
///
/// -
/// CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED
/// The content is a PKCS #7 signed message.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED
/// The content is an embedded PKCS #7 signed message.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_PKCS7_UNSIGNED
/// The content is a PKCS #7 unsigned message.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_PKCS10
/// The content is a PKCS #10 message.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_SERIALIZED_CERT
/// The content is a serialized single certificate.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_SERIALIZED_CRL
/// The content is a serialized single CRL.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_SERIALIZED_CTL
/// The content is serialized single CTL.
///
/// -
/// CERT_QUERY_CONTENT_FLAG_SERIALIZED_STORE
/// The content is a serialized store.
///
///
///
///
/// Indicates the expected format of the returned type. This can be one of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// CERT_QUERY_FORMAT_FLAG_ALL
/// The content can be returned in any format.
///
/// -
/// CERT_QUERY_FORMAT_FLAG_ASN_ASCII_HEX_ENCODED
/// The content should be returned in ASCII hex-encoded format with a "{ASN}" prefix.
///
/// -
/// CERT_QUERY_FORMAT_FLAG_BASE64_ENCODED
/// The content should be returned in Base64 encoded format.
///
/// -
/// CERT_QUERY_FORMAT_FLAG_BINARY
/// The content should be returned in binary format.
///
///
///
/// This parameter is reserved for future use and must be set to zero.
///
///
/// A pointer to a DWORD value that receives the type of encoding used in the message. If this information is not needed, set
/// this parameter to NULL.
///
/// This parameter can receives a combination of one or more of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// PKCS_7_ASN_ENCODING 65536 (0x10000)
/// Specifies PKCS 7 message encoding.
///
/// -
/// X509_ASN_ENCODING 1 (0x1)
/// Specifies X.509 certificate encoding.
///
///
///
///
///
/// A pointer to a DWORD value that receives the actual type of the content. If this information is not needed, set this
/// parameter to NULL. The returned content type can be one of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// CERT_QUERY_CONTENT_CERT
/// The content is a single certificate.
///
/// -
/// CERT_QUERY_CONTENT_CERT_PAIR
/// The content is an ASN.1 encoded X509_CERT_pair.
///
/// -
/// CERT_QUERY_CONTENT_CRL
/// The content is a single CRL.
///
/// -
/// CERT_QUERY_CONTENT_CTL
/// The content is a single CTL.
///
/// -
/// CERT_QUERY_CONTENT_PFX
///
/// The content is a PFX (PKCS #12) packet. This function only verifies that the object is a PKCS #12 packet. The PKCS #12 packet is
/// not loaded into a certificate store.
///
///
/// -
/// CERT_QUERY_CONTENT_PFX_AND_LOAD
///
/// The content is a PFX (PKCS #12) packet, and it has been loaded into a certificate store. Windows Server 2003 and Windows XP:
/// This value is not supported.
///
///
/// -
/// CERT_QUERY_CONTENT_PKCS7_SIGNED
/// The content is a PKCS #7 signed message.
///
/// -
/// CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED
/// The content is an embedded PKCS #7 signed message.
///
/// -
/// CERT_QUERY_CONTENT_PKCS7_UNSIGNED
/// The content is a PKCS #7 unsigned message.
///
/// -
/// CERT_QUERY_CONTENT_PKCS10
/// The content is a PKCS #10 message.
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_CERT
/// The content is a serialized single certificate.
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_CRL
/// The content is a serialized single CRL.
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_CTL
/// The content is a serialized single CTL.
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_STORE
/// The content is a serialized store.
///
///
///
///
///
/// A pointer to a DWORD value that receives the actual format type of the content. If this information is not needed, set
/// this parameter to NULL. The returned format type can be one of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// CERT_QUERY_FORMAT_ASN_ASCII_HEX_ENCODED
/// The content is in ASCII hex-encoded format with an "{ASN}" prefix.
///
/// -
/// CERT_QUERY_FORMAT_BASE64_ENCODED
/// The content is in Base64 encoded format.
///
/// -
/// CERT_QUERY_FORMAT_BINARY
/// The content is in binary format.
///
///
///
///
///
/// A pointer to an HCERTSTORE value that receives a handle to a certificate store that includes all of the certificates,
/// CRLs, and CTLs in the object.
///
///
/// This parameter only receives a certificate store handle when the dwContentType parameter receives one of the following values.
/// This parameter receives NULL for all other content types.
///
/// CERT_QUERY_CONTENT_CERT
/// CERT_QUERY_CONTENT_CRL
/// CERT_QUERY_CONTENT_CTL
/// CERT_QUERY_CONTENT_PFX_AND_LOAD
/// CERT_QUERY_CONTENT_PKCS7_SIGNED
/// CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED
/// CERT_QUERY_CONTENT_SERIALIZED_CERT
/// CERT_QUERY_CONTENT_SERIALIZED_CRL
/// CERT_QUERY_CONTENT_SERIALIZED_CTL
/// CERT_QUERY_CONTENT_SERIALIZED_STORE
/// When you have finished using the handle, free it by passing the handle to the CertCloseStore function.
/// If this information is not needed, set this parameter to NULL.
///
///
/// A pointer to an HCRYPTMSG value that receives the handle of an opened message.
///
/// This parameter only receives a message handle when the dwContentType parameter receives one of the following values. This
/// parameter receives NULL for all other content types.
///
/// CERT_QUERY_CONTENT_PKCS7_SIGNED
/// CERT_QUERY_CONTENT_PKCS7_SIGNED_EMBED
/// CERT_QUERY_CONTENT_PKCS7_UNSIGNED
/// When you have finished using the handle, free it by passing the handle to the CryptMsgClose function.
/// If this information is not needed, set this parameter to NULL.
///
///
/// A pointer to a pointer that receives additional information about the object.
///
/// The format of this data depends on the value received by the dwContentType parameter. The following table lists the format of
/// the data for the specified dwContentType value.
///
///
///
/// dwContentType value
/// Meaning
///
/// -
/// CERT_QUERY_CONTENT_CERT
///
/// This parameter receives a pointer to a CERT_CONTEXT structure. When you have finished using the structure, free it by passing
/// this pointer to the CertFreeCertificateContext function.
///
///
/// -
/// CERT_QUERY_CONTENT_CRL
///
/// This parameter receives a pointer to a CRL_CONTEXT structure. When you have finished using the structure, free it by passing
/// this pointer to the CertFreeCRLContext function.
///
///
/// -
/// CERT_QUERY_CONTENT_CTL
///
/// This parameter receives a pointer to a CTL_CONTEXT structure. When you have finished using the structure, free it by passing
/// this pointer to the CertFreeCTLContext function.
///
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_CERT
///
/// This parameter receives a pointer to a CERT_CONTEXT structure. When you have finished using the structure, free it by passing
/// this pointer to the CertFreeCertificateContext function.
///
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_CRL
///
/// This parameter receives a pointer to a CRL_CONTEXT structure. When you have finished using the structure, free it by passing
/// this pointer to the CertFreeCRLContext function.
///
///
/// -
/// CERT_QUERY_CONTENT_SERIALIZED_CTL
///
/// This parameter receives a pointer to a CTL_CONTEXT structure. When you have finished using the structure, free it by passing
/// this pointer to the CertFreeCTLContext function.
///
///
///
/// If this information is not needed, set this parameter to NULL.
///
///
/// If the function succeeds, the function returns nonzero.
/// If the function fails, it returns zero. For extended error information, call GetLastError.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptqueryobject BOOL CryptQueryObject( DWORD
// dwObjectType, const void *pvObject, DWORD dwExpectedContentTypeFlags, DWORD dwExpectedFormatTypeFlags, DWORD dwFlags, DWORD
// *pdwMsgAndCertEncodingType, DWORD *pdwContentType, DWORD *pdwFormatType, HCERTSTORE *phCertStore, HCRYPTMSG *phMsg, const void
// **ppvContext );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "d882f2b0-0f0a-41c7-afca-a232dc00797b")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptQueryObject(CertQueryObjectType dwObjectType, [In] IntPtr pvObject, CertQueryContentFlags dwExpectedContentTypeFlags, CertQueryFormatFlags dwExpectedFormatTypeFlags,
[Optional] uint dwFlags, out CertEncodingType pdwMsgAndCertEncodingType, out CertQueryContentType pdwContentType, out CertQueryFormatType pdwFormatType, out SafeHCERTSTORE phCertStore,
out SafeHCRYPTMSG phMsg, out SafePCCTL_CONTEXT ppvContext);
///
///
/// The CryptSignAndEncodeCertificate function encodes and signs a certificate, certificate revocation list (CRL),
/// certificate trust list (CTL), or certificate request.
///
/// This function performs the following operations:
///
/// -
/// Calls CryptEncodeObject using lpszStructType to encode the "to be signed" information.
///
/// -
/// Calls CryptSignCertificate to sign this encoded information.
///
/// -
/// Calls CryptEncodeObject again, with lpszStructType set to X509_CERT, to further encode the resulting signed, encoded information.
///
///
///
///
/// A handle of the cryptographic service provider (CSP) to do the signature. This handle is an HCRYPTPROV handle that has been
/// created by using the CryptAcquireContext function or an NCRYPT_KEY_HANDLE handle that has been created by using the
/// NCryptOpenKey function. New applications should always pass in a NCRYPT_KEY_HANDLE handle of a CNG CSP.
///
///
///
/// Identifies the private key to use from the provider's container. This must be one of the following values. This parameter is
/// ignored if a CNG key is passed in the hCryptProvOrNCryptKey parameter.
///
///
///
/// Value
/// Meaning
///
/// -
/// AT_KEYEXCHANGE
/// Use the key exchange key.
///
/// -
/// AT_SIGNATURE
/// Use the digital signature key.
///
///
///
///
/// Specifies the encoding type used. This can be the following value.
///
///
/// Value
/// Meaning
///
/// -
/// X509_ASN_ENCODING
/// Specifies X.509 certificate encoding.
///
///
///
///
///
/// A pointer to a null-terminated ANSI string that contains the type of data to be encoded and signed. The following predefined
/// lpszStructType constants are used with encode operations.
///
///
///
/// Value
/// Meaning
///
/// -
/// X509_CERT_CRL_TO_BE_SIGNED
/// pvStructInfo is the address of a CRL_INFO structure.
///
/// -
/// X509_CERT_REQUEST_TO_BE_SIGNED
/// pvStructInfo is the address of a CERT_REQUEST_INFO structure.
///
/// -
/// X509_CERT_TO_BE_SIGNED
/// pvStructInfo is the address of a CERT_INFO structure.
///
/// -
/// X509_KEYGEN_REQUEST_TO_BE_SIGNED
/// pvStructInfo is the address of a CERT_KEYGEN_REQUEST_INFO structure.
///
///
///
///
/// The address of a structure that contains the data to be signed and encoded. The format of this structure is determined by the
/// lpszStructType parameter.
///
///
///
/// A pointer to a CRYPT_ALGORITHM_IDENTIFIER structure that contains the object identifier (OID) of the signature algorithm and any
/// additional parameters needed. This function uses the following algorithm OIDs:
///
///
/// -
/// szOID_RSA_MD5RSA
///
/// -
/// szOID_RSA_SHA1RSA
///
/// -
/// szOID_X957_SHA1DSA
///
///
/// If the signature algorithm is a
/// hash
/// algorithm, the signature contains only the unencrypted hash octets. A private key is not used to encrypt the hash.
/// dwKeySpec
/// is not used and
/// hCryptProvOrNCryptKey
/// can be
/// NULL
/// if an appropriate default CSP can be used for hashing.
///
/// Reserved. Must be NULL.
///
/// A pointer to a buffer to receive the signed and encoded output.
///
/// This parameter can be NULL to set the size of this information for memory allocation purposes. For more information, see
/// Retrieving Data of Unknown Length.
///
///
///
///
/// A pointer to a DWORD that contains the size, in bytes, of the buffer pointed to by the pbEncoded parameter. When the
/// function returns, the DWORD contains the number of bytes stored or to be stored in the buffer.
///
///
/// Note When processing the data returned in the buffer, applications need to use the actual size of the data returned. The
/// actual size can be slightly smaller than the size of the buffer specified on input. (On input, buffer sizes are usually
/// specified large enough to ensure that the largest possible output data will fit in the buffer.) On output, the variable pointed
/// to by this parameter is updated to reflect the actual size of the data copied to the buffer.
///
///
///
/// If the function succeeds, the return value is nonzero ( TRUE).
/// If the function fails, the return value is zero ( FALSE). For extended error information, call GetLastError.
///
/// Note Errors from the called functions CryptCreateHash, CryptSignHash and CryptHashData might be propagated to this function.
///
/// Possible error codes include, but are not limited to, the following.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_MORE_DATA
///
/// If the buffer specified by the pbEncoded parameter is not large enough to hold the returned data, the function sets the
/// ERROR_MORE_DATA code and stores the required buffer size, in bytes, into the variable pointed to by pcbEncoded.
///
///
/// -
/// ERROR_FILE_NOT_FOUND
/// Invalid certificate encoding type. Currently only X509_ASN_ENCODING is supported.
///
/// -
/// NTE_BAD_ALGID
/// The signature algorithm's OID does not map to a known or supported hash algorithm.
///
/// -
/// CRYPT_E_BAD_ENCODE
///
/// An error was encountered while encoding or decoding. The most likely cause of this error is the improper initialization of the
/// fields in the structure pointed to by pvStructInfo.
///
///
///
///
/// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information
/// about these errors, see ASN.1 Encoding/Decoding Return Values.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptsignandencodecertificate BOOL
// CryptSignAndEncodeCertificate( BCRYPT_KEY_HANDLE hBCryptKey, DWORD dwKeySpec, DWORD dwCertEncodingType, LPCSTR lpszStructType,
// const void *pvStructInfo, PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, const void *pvHashAuxInfo, BYTE *pbEncoded, DWORD
// *pcbEncoded );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "ee138918-ed7c-4980-8b18-64004a0dd7df")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptSignAndEncodeCertificate(NCrypt.NCRYPT_KEY_HANDLE hBCryptKey, CertKeySpec dwKeySpec, CertEncodingType dwCertEncodingType,
[In] SafeOID lpszStructType, [In] IntPtr pvStructInfo, in CRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm,
[In, Optional] IntPtr pvHashAuxInfo, [Out] IntPtr pbEncoded, ref uint pcbEncoded);
///
///
/// The CryptSignAndEncodeCertificate function encodes and signs a certificate, certificate revocation list (CRL),
/// certificate trust list (CTL), or certificate request.
///
/// This function performs the following operations:
///
/// -
/// Calls CryptEncodeObject using lpszStructType to encode the "to be signed" information.
///
/// -
/// Calls CryptSignCertificate to sign this encoded information.
///
/// -
/// Calls CryptEncodeObject again, with lpszStructType set to X509_CERT, to further encode the resulting signed, encoded information.
///
///
///
///
/// A handle of the cryptographic service provider (CSP) to do the signature. This handle is an HCRYPTPROV handle that has been
/// created by using the CryptAcquireContext function or an NCRYPT_KEY_HANDLE handle that has been created by using the
/// NCryptOpenKey function. New applications should always pass in a NCRYPT_KEY_HANDLE handle of a CNG CSP.
///
///
///
/// Identifies the private key to use from the provider's container. This must be one of the following values. This parameter is
/// ignored if a CNG key is passed in the hCryptProvOrNCryptKey parameter.
///
///
///
/// Value
/// Meaning
///
/// -
/// AT_KEYEXCHANGE
/// Use the key exchange key.
///
/// -
/// AT_SIGNATURE
/// Use the digital signature key.
///
///
///
///
/// Specifies the encoding type used. This can be the following value.
///
///
/// Value
/// Meaning
///
/// -
/// X509_ASN_ENCODING
/// Specifies X.509 certificate encoding.
///
///
///
///
///
/// A pointer to a null-terminated ANSI string that contains the type of data to be encoded and signed. The following predefined
/// lpszStructType constants are used with encode operations.
///
///
///
/// Value
/// Meaning
///
/// -
/// X509_CERT_CRL_TO_BE_SIGNED
/// pvStructInfo is the address of a CRL_INFO structure.
///
/// -
/// X509_CERT_REQUEST_TO_BE_SIGNED
/// pvStructInfo is the address of a CERT_REQUEST_INFO structure.
///
/// -
/// X509_CERT_TO_BE_SIGNED
/// pvStructInfo is the address of a CERT_INFO structure.
///
/// -
/// X509_KEYGEN_REQUEST_TO_BE_SIGNED
/// pvStructInfo is the address of a CERT_KEYGEN_REQUEST_INFO structure.
///
///
///
///
/// The address of a structure that contains the data to be signed and encoded. The format of this structure is determined by the
/// lpszStructType parameter.
///
///
///
/// A pointer to a CRYPT_ALGORITHM_IDENTIFIER structure that contains the object identifier (OID) of the signature algorithm and any
/// additional parameters needed. This function uses the following algorithm OIDs:
///
///
/// -
/// szOID_RSA_MD5RSA
///
/// -
/// szOID_RSA_SHA1RSA
///
/// -
/// szOID_X957_SHA1DSA
///
///
/// If the signature algorithm is a
/// hash
/// algorithm, the signature contains only the unencrypted hash octets. A private key is not used to encrypt the hash.
/// dwKeySpec
/// is not used and
/// hCryptProvOrNCryptKey
/// can be
/// NULL
/// if an appropriate default CSP can be used for hashing.
///
/// Reserved. Must be NULL.
///
/// A pointer to a buffer to receive the signed and encoded output.
///
/// This parameter can be NULL to set the size of this information for memory allocation purposes. For more information, see
/// Retrieving Data of Unknown Length.
///
///
///
///
/// A pointer to a DWORD that contains the size, in bytes, of the buffer pointed to by the pbEncoded parameter. When the
/// function returns, the DWORD contains the number of bytes stored or to be stored in the buffer.
///
///
/// Note When processing the data returned in the buffer, applications need to use the actual size of the data returned. The
/// actual size can be slightly smaller than the size of the buffer specified on input. (On input, buffer sizes are usually
/// specified large enough to ensure that the largest possible output data will fit in the buffer.) On output, the variable pointed
/// to by this parameter is updated to reflect the actual size of the data copied to the buffer.
///
///
///
/// If the function succeeds, the return value is nonzero ( TRUE).
/// If the function fails, the return value is zero ( FALSE). For extended error information, call GetLastError.
///
/// Note Errors from the called functions CryptCreateHash, CryptSignHash and CryptHashData might be propagated to this function.
///
/// Possible error codes include, but are not limited to, the following.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_MORE_DATA
///
/// If the buffer specified by the pbEncoded parameter is not large enough to hold the returned data, the function sets the
/// ERROR_MORE_DATA code and stores the required buffer size, in bytes, into the variable pointed to by pcbEncoded.
///
///
/// -
/// ERROR_FILE_NOT_FOUND
/// Invalid certificate encoding type. Currently only X509_ASN_ENCODING is supported.
///
/// -
/// NTE_BAD_ALGID
/// The signature algorithm's OID does not map to a known or supported hash algorithm.
///
/// -
/// CRYPT_E_BAD_ENCODE
///
/// An error was encountered while encoding or decoding. The most likely cause of this error is the improper initialization of the
/// fields in the structure pointed to by pvStructInfo.
///
///
///
///
/// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information
/// about these errors, see ASN.1 Encoding/Decoding Return Values.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptsignandencodecertificate BOOL
// CryptSignAndEncodeCertificate( BCRYPT_KEY_HANDLE hBCryptKey, DWORD dwKeySpec, DWORD dwCertEncodingType, LPCSTR lpszStructType,
// const void *pvStructInfo, PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, const void *pvHashAuxInfo, BYTE *pbEncoded, DWORD
// *pcbEncoded );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "ee138918-ed7c-4980-8b18-64004a0dd7df")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptSignAndEncodeCertificate(HCRYPTPROV hBCryptKey, CertKeySpec dwKeySpec, CertEncodingType dwCertEncodingType,
[In] SafeOID lpszStructType, [In] IntPtr pvStructInfo, in CRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm,
[In, Optional] IntPtr pvHashAuxInfo, [Out] IntPtr pbEncoded, ref uint pcbEncoded);
/// The CryptSignCertificate function signs the "to be signed" information in the encoded signed content.
///
/// Handle of the CSP that does the signature. This handle must be an HCRYPTPROV handle that has been created by using the
/// CryptAcquireContext function or an NCRYPT_KEY_HANDLE handle that has been created by using the NCryptOpenKey function.
/// New applications should always pass in the NCRYPT_KEY_HANDLE handle of a CNG CSP.
///
///
/// Identifies the private key to use from the provider's container. It can be AT_KEYEXCHANGE or AT_SIGNATURE. This parameter is
/// ignored if an NCRYPT_KEY_HANDLE is used in the hCryptProvOrNCryptKey parameter.
///
///
///
/// Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by
/// combining them with a bitwise- OR operation as shown in the following example:
///
/// X509_ASN_ENCODING | PKCS_7_ASN_ENCODING
/// Currently defined encoding types are:
///
/// -
/// X509_ASN_ENCODING
///
/// -
/// PKCS_7_ASN_ENCODING
///
///
///
/// A pointer to the encoded content to be signed.
/// The size, in bytes, of the encoded content, pbEncodedToBeSigned.
///
/// A pointer to a CRYPT_ALGORITHM_IDENTIFIER structure with a pszObjId member set to one of the following:
///
/// -
/// szOID_RSA_MD5RSA
///
/// -
/// szOID_RSA_SHA1RSA
///
/// -
/// szOID_X957_SHA1DSA
///
/// -
/// szOID_RSA_SSA_PSS
///
/// -
/// szOID_ECDSA_SPECIFIED
///
///
///
/// If the signature algorithm is a hash algorithm, the signature contains only the un-encrypted hash octets. A private key is not
/// used to encrypt the hash.
///
/// dwKeySpec
/// is not used and
/// hCryptProvOrNCryptKey
/// can be
/// NULL
/// if an appropriate default CSP can be used for hashing.
///
/// Not currently used. Must be NULL.
///
/// A pointer to a buffer to receive the signed hash of the content.
///
/// This parameter can be NULL to set the size of this information for memory allocation purposes. For more information, see
/// Retrieving Data of Unknown Length.
///
///
///
///
/// A pointer to a DWORD that contains the size, in bytes, of the buffer pointed to by the pbSignature parameter. When the
/// function returns, the DWORD contains the number of bytes stored or to be stored in the buffer.
///
///
/// Note When processing the data returned in the buffer, applications must use the actual size of the data returned. The
/// actual size can be slightly smaller than the size of the buffer specified on input. (On input, buffer sizes are usually
/// specified large enough to ensure that the largest possible output data will fit in the buffer.) On output, the variable pointed
/// to by this parameter is updated to reflect the actual size of the data copied to the buffer.
///
///
///
/// If the function succeeds, the return value is nonzero ( TRUE).
/// If the function fails, the return value is zero ( FALSE). For extended error information, call GetLastError.
///
/// Note Errors from the called functions CryptCreateHash, CryptSignHash and CryptHashData might be propagated to this function.
///
/// This function has the following error codes.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_MORE_DATA
///
/// If the buffer specified by the pbSignature parameter is not large enough to hold the returned data, the function sets the
/// ERROR_MORE_DATA code, and stores the required buffer size, in bytes, into the variable pointed to by pcbSignature.
///
///
/// -
/// NTE_BAD_ALGID
/// The signature algorithm's object identifier (OID) does not map to a known or supported hash algorithm.
///
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptsigncertificate BOOL CryptSignCertificate(
// BCRYPT_KEY_HANDLE hBCryptKey, DWORD dwKeySpec, DWORD dwCertEncodingType, const BYTE *pbEncodedToBeSigned, DWORD
// cbEncodedToBeSigned, PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, const void *pvHashAuxInfo, BYTE *pbSignature, DWORD
// *pcbSignature );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "27578149-e5c0-47e5-8309-0d0ed7075d13")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptSignCertificate(NCrypt.NCRYPT_KEY_HANDLE hBCryptKey, CertKeySpec dwKeySpec, CertEncodingType dwCertEncodingType,
[In] IntPtr pbEncodedToBeSigned, uint cbEncodedToBeSigned, in CRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, [In, Optional] IntPtr pvHashAuxInfo,
[Out] IntPtr pbSignature, ref uint pcbSignature);
/// The CryptSignCertificate function signs the "to be signed" information in the encoded signed content.
///
/// Handle of the CSP that does the signature. This handle must be an HCRYPTPROV handle that has been created by using the
/// CryptAcquireContext function or an NCRYPT_KEY_HANDLE handle that has been created by using the NCryptOpenKey function.
/// New applications should always pass in the NCRYPT_KEY_HANDLE handle of a CNG CSP.
///
///
/// Identifies the private key to use from the provider's container. It can be AT_KEYEXCHANGE or AT_SIGNATURE. This parameter is
/// ignored if an NCRYPT_KEY_HANDLE is used in the hCryptProvOrNCryptKey parameter.
///
///
///
/// Specifies the encoding type used. It is always acceptable to specify both the certificate and message encoding types by
/// combining them with a bitwise- OR operation as shown in the following example:
///
/// X509_ASN_ENCODING | PKCS_7_ASN_ENCODING
/// Currently defined encoding types are:
///
/// -
/// X509_ASN_ENCODING
///
/// -
/// PKCS_7_ASN_ENCODING
///
///
///
/// A pointer to the encoded content to be signed.
/// The size, in bytes, of the encoded content, pbEncodedToBeSigned.
///
/// A pointer to a CRYPT_ALGORITHM_IDENTIFIER structure with a pszObjId member set to one of the following:
///
/// -
/// szOID_RSA_MD5RSA
///
/// -
/// szOID_RSA_SHA1RSA
///
/// -
/// szOID_X957_SHA1DSA
///
/// -
/// szOID_RSA_SSA_PSS
///
/// -
/// szOID_ECDSA_SPECIFIED
///
///
///
/// If the signature algorithm is a hash algorithm, the signature contains only the un-encrypted hash octets. A private key is not
/// used to encrypt the hash.
///
/// dwKeySpec
/// is not used and
/// hCryptProvOrNCryptKey
/// can be
/// NULL
/// if an appropriate default CSP can be used for hashing.
///
/// Not currently used. Must be NULL.
///
/// A pointer to a buffer to receive the signed hash of the content.
///
/// This parameter can be NULL to set the size of this information for memory allocation purposes. For more information, see
/// Retrieving Data of Unknown Length.
///
///
///
///
/// A pointer to a DWORD that contains the size, in bytes, of the buffer pointed to by the pbSignature parameter. When the
/// function returns, the DWORD contains the number of bytes stored or to be stored in the buffer.
///
///
/// Note When processing the data returned in the buffer, applications must use the actual size of the data returned. The
/// actual size can be slightly smaller than the size of the buffer specified on input. (On input, buffer sizes are usually
/// specified large enough to ensure that the largest possible output data will fit in the buffer.) On output, the variable pointed
/// to by this parameter is updated to reflect the actual size of the data copied to the buffer.
///
///
///
/// If the function succeeds, the return value is nonzero ( TRUE).
/// If the function fails, the return value is zero ( FALSE). For extended error information, call GetLastError.
///
/// Note Errors from the called functions CryptCreateHash, CryptSignHash and CryptHashData might be propagated to this function.
///
/// This function has the following error codes.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_MORE_DATA
///
/// If the buffer specified by the pbSignature parameter is not large enough to hold the returned data, the function sets the
/// ERROR_MORE_DATA code, and stores the required buffer size, in bytes, into the variable pointed to by pcbSignature.
///
///
/// -
/// NTE_BAD_ALGID
/// The signature algorithm's object identifier (OID) does not map to a known or supported hash algorithm.
///
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptsigncertificate BOOL CryptSignCertificate(
// BCRYPT_KEY_HANDLE hBCryptKey, DWORD dwKeySpec, DWORD dwCertEncodingType, const BYTE *pbEncodedToBeSigned, DWORD
// cbEncodedToBeSigned, PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, const void *pvHashAuxInfo, BYTE *pbSignature, DWORD
// *pcbSignature );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "27578149-e5c0-47e5-8309-0d0ed7075d13")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptSignCertificate(HCRYPTPROV hBCryptKey, CertKeySpec dwKeySpec, CertEncodingType dwCertEncodingType,
[In] IntPtr pbEncodedToBeSigned, uint cbEncodedToBeSigned, in CRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm, [In, Optional] IntPtr pvHashAuxInfo,
[Out] IntPtr pbSignature, ref uint pcbSignature);
///
/// The CryptVerifyCertificateSignature function verifies the signature of a certificate, certificate revocation list (CRL),
/// or certificate request by using the public key in a CERT_PUBLIC_KEY_INFO structure. The function does not require access to a
/// private key.
///
///
/// This parameter is not used and should be set to NULL.
///
/// Windows Server 2003 and Windows XP: A handle to the cryptographic service provider (CSP) used to verify the
/// signature.This parameter's data type is HCRYPTPROV.
///
///
/// NULL is passed unless there is a strong reason for passing in a specific cryptographic provider. Passing in NULL
/// causes the default RSA or DSS provider to be acquired.
///
///
///
///
/// The certificate encoding type that was used to encrypt the subject. The message encoding type identifier, contained in the high
/// WORD of this value, is ignored by this function.
///
/// This parameter can be the following currently defined certificate encoding type.
///
///
/// Value
/// Meaning
///
/// -
/// X509_ASN_ENCODING 1 (0x1)
/// Specifies X.509 certificate encoding.
///
///
///
/// A pointer to an encoded BLOB of CERT_SIGNED_CONTENT_INFO content on which the signature is to be verified.
/// The size, in bytes, of the encoded content in pbEncoded.
///
/// A pointer to a CERT_PUBLIC_KEY_INFO structure that contains the public key to use when verifying the signature.
///
///
/// Returns nonzero if successful or zero otherwise.
/// For extended error information, call GetLastError.
///
/// Note Errors from the called functions CryptCreateHash, CryptImportKey, CryptVerifySignature, and CryptHashData may be
/// propagated to this function.
///
/// On failure, this function will cause the following error codes to be returned from GetLastError.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_FILE_NOT_FOUND
/// Invalid certificate encoding type. Currently only X509_ASN_ENCODING is supported.
///
/// -
/// NTE_BAD_ALGID
/// The signature algorithm's object identifier (OID) does not map to a known or supported hash algorithm.
///
/// -
/// NTE_BAD_SIGNATURE
/// The signature was not valid.
///
///
///
/// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information
/// about these errors, see ASN.1 Encoding/Decoding Return Values.
///
///
/// This function currently calls the CryptVerifyCertificateSignatureEx function to perform the verification.
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptverifycertificatesignature BOOL
// CryptVerifyCertificateSignature( HCRYPTPROV_LEGACY hCryptProv, DWORD dwCertEncodingType, const BYTE *pbEncoded, DWORD cbEncoded,
// PCERT_PUBLIC_KEY_INFO pPublicKey );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "ac13a1dd-3ca9-470e-8d8f-d79d7d057f45")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptVerifyCertificateSignature([Optional] HCRYPTPROV hCryptProv, CertEncodingType dwCertEncodingType, [In] IntPtr pbEncoded, uint cbEncoded, in CERT_PUBLIC_KEY_INFO pPublicKey);
///
/// The CryptVerifyCertificateSignatureEx function verifies the signature of a subject certificate, certificate revocation
/// list, certificate request, or keygen request by using the issuer's public key. The function does not require access to a private key.
///
///
/// This parameter is not used and should be set to NULL.
///
/// Windows Server 2003 and Windows XP: A handle to the cryptographic service provider used to verify the signature.This
/// parameter's data type is HCRYPTPROV.
///
///
/// NULL is passed unless there is a strong reason for passing in a specific cryptographic provider. Passing in NULL
/// causes the default RSA or DSS provider to be acquired.
///
///
///
///
/// The certificate encoding type that was used to encrypt the subject. The message encoding type identifier, contained in the high
/// WORD of this value, is ignored by this function.
///
/// This parameter can be the following currently defined certificate encoding type.
///
///
/// Value
/// Meaning
///
/// -
/// X509_ASN_ENCODING 1 (0x1)
/// Specifies X.509 certificate encoding.
///
///
///
///
/// The subject type. This parameter can be one of the following subject types.
///
///
/// Value
/// Meaning
///
/// -
/// CRYPT_VERIFY_CERT_SIGN_SUBJECT_BLOB 1 (0x1)
/// pvSubject is a pointer to a CRYPT_DATA_BLOBstructure.
///
/// -
/// CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT 2 (0x2)
/// pvSubject is a pointer to a CCERT_CONTEXTstructure.
///
/// -
/// CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL 3 (0x3)
/// pvSubject is a pointer to a CCRL_CONTEXTstructure.
///
/// -
/// CRYPT_VERIFY_CERT_SIGN_SUBJECT_OCSP_BASIC_SIGNED_RESPONSE 4 (0x4)
///
/// pvSubject is a pointer to an OCSP_BASIC_SIGNED_RESPONSE_INFO structure. Windows Server 2003 and Windows XP: This subject type is
/// not supported.
///
///
///
///
/// A pointer to a structure of the type indicated by dwSubjectType that contains the signature to be verified.
///
/// The issuer type. This parameter can be one of the following issuer types.
///
///
/// Value
/// Meaning
///
/// -
/// CRYPT_VERIFY_CERT_SIGN_ISSUER_PUBKEY 1 (0x1)
/// pvIssuer is a pointer to a CERT_PUBLIC_KEY_INFOstructure.
///
/// -
/// CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT 2 (0x2)
/// pvIssuer is a pointer to a CCERT_CONTEXTstructure.
///
/// -
/// CRYPT_VERIFY_CERT_SIGN_ISSUER_CHAIN 3 (0x3)
/// pvIssuer is a pointer to a CCERT_CHAIN_CONTEXTstructure.
///
/// -
/// CRYPT_VERIFY_CERT_SIGN_ISSUER_NULL 4 (0x4)
/// pvIssuer must be NULL.
///
///
///
/// Note If dwIssuerType is CRYPT_VERIFY_CERT_SIGN_ISSUER_NULL and the signature algorithm is a hashing algorithm, the
/// signature is expected to contain only unencrypted hash octets. Only CRYPT_VERIFY_CERT_SIGN_ISSUER_NULL can be specified
/// in this nonencrypted signature case. If any other dwIssuerType is specified, verification fails and GetLastError returns E_INVALIDARG.
///
///
///
/// A pointer to a structure of the type indicated by the value of dwIssuerType. The structure contains access to the public key
/// needed to verify the signature.
///
///
/// Flags that modify the function behavior. This can be zero or a bitwise OR of the following values.
///
///
/// Value
/// Meaning
///
/// -
/// CRYPT_VERIFY_CERT_SIGN_DISABLE_MD2_MD4_FLAG 0x00000001
///
/// If you set this flag and CryptVerifyCertificateSignatureEx detects an MD2 or MD4 algorithm, the function returns FALSE and sets
/// GetLastError to NTE_BAD_ALGID. The signature is still verified, but this combination of errors enables the caller, now knowing
/// that an MD2 or MD4 algorithm was used, to decide whether to trust or reject the signature. Windows 8 and Windows Server 2012:
/// Support for this flag begins.
///
///
/// -
/// CRYPT_VERIFY_CERT_SIGN_SET_STRONG_PROPERTIES_FLAG 0x00000002
///
/// Sets strong signature properties, after successful verification, on the subject pointed to by the pvSubject parameter. The
/// following property is set on the certificate context: The following properties are set on the CRL context: Windows 8 and Windows
/// Server 2012: Support for this flag begins.
///
///
/// -
/// CRYPT_VERIFY_CERT_SIGN_RETURN_STRONG_PROPERTIES_FLAG 0x00000004
///
/// Returns a pointer to a CRYPT_VERIFY_CERT_SIGN_STRONG_PROPERTIES_INFO structure in the pvExtra parameter. The structure contains
/// the length, in bits, of the public key and the names of the signing and hashing algorithms used. You must call CryptMemFree to
/// free the structure. If memory cannot be allocated for the CRYPT_VERIFY_CERT_SIGN_STRONG_PROPERTIES_INFO structure, this function
/// returns successfully but sets the pvExtra parameter to NULL. Windows 8 and Windows Server 2012: Support for this flag begins.
///
///
///
///
///
/// Pointer to a CRYPT_VERIFY_CERT_SIGN_STRONG_PROPERTIES_INFO structure if the dwFlags parameter is set to CRYPT_VERIFY_CERT_SIGN_RETURN_STRONG_PROPERTIES_FLAG.
/// You must call CryptMemFree to free the structure.
///
///
/// Returns nonzero if successful or zero otherwise.
/// For extended error information, call GetLastError.
///
/// Note Errors from the called functions CryptCreateHash, CryptImportKey, CryptVerifySignature, and CryptHashData may be
/// propagated to this function.
///
/// On failure, this function will cause the following error codes to be returned from GetLastError.
///
///
/// Return code
/// Description
///
/// -
/// ERROR_FILE_NOT_FOUND
/// Invalid certificate encoding type. Currently only X509_ASN_ENCODING is supported.
///
/// -
/// NTE_BAD_ALGID
/// The signature algorithm's object identifier (OID) does not map to a known or supported hash algorithm.
///
/// -
/// NTE_BAD_SIGNATURE
/// The signature was not valid.
///
///
///
/// If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information
/// about these errors, see ASN.1 Encoding/Decoding Return Values.
///
///
///
/// The subject buffer can contain an encoded BLOB or a context for a certificate or CRL. In the case of a certificate context, if
/// the certificate's public key parameters are missing and if these parameters can be inherited from the certificate's issuer for
/// example from the DSS public key parameter, the context's CERT_PUBKEY_ALG_PARA_PROP_ID property is updated with the issuer's
/// public key algorithm parameters for a valid signature.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptverifycertificatesignatureex BOOL
// CryptVerifyCertificateSignatureEx( HCRYPTPROV_LEGACY hCryptProv, DWORD dwCertEncodingType, DWORD dwSubjectType, void *pvSubject,
// DWORD dwIssuerType, void *pvIssuer, DWORD dwFlags, void *pvExtra );
[DllImport(Lib.Crypt32, SetLastError = true, ExactSpelling = true)]
[PInvokeData("wincrypt.h", MSDNShortId = "8a84af66-b174-4a3e-b1d7-6f218a52d877")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CryptVerifyCertificateSignatureEx([Optional] HCRYPTPROV hCryptProv, CertEncodingType dwCertEncodingType, CryptVerifyCertSignSubject dwSubjectType,
IntPtr pvSubject, CryptVerifyCertSignIssuer dwIssuerType, [In, Optional] IntPtr pvIssuer, CryptVerifyCertSignFlags dwFlags, [In, Out, Optional] IntPtr pvExtra);
///
/// The CERT_NAME_INFO structure contains subject or issuer names. The information is represented as an array of CERT_RDN structures.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-cert_name_info typedef struct _CERT_NAME_INFO { DWORD
// cRDN; PCERT_RDN rgRDN; } CERT_NAME_INFO, *PCERT_NAME_INFO;
[PInvokeData("wincrypt.h", MSDNShortId = "402d1051-d91a-4a79-96f6-10ed96a32d5c")]
[StructLayout(LayoutKind.Sequential)]
public struct CERT_NAME_INFO
{
/// Number of elements in the rgRDN array.
public uint cRDN;
/// Array of pointers to CERT_RDN structures.
public IntPtr rgRDN;
}
///
/// The CERT_REVOCATION_PARA structure is passed in calls to the CertVerifyRevocation function to assist in finding the
/// issuer of the context to be verified. The CERT_REVOCATION_PARA structure is an optional parameter in the
/// CertVerifyRevocation function.
///
///
///
/// The CERT_REVOCATION_PARA structure provides additional information that the CertVerifyRevocation function can use to
/// determine the context issuer.
///
///
/// If your application must check the freshness of the CRL or resynchronize the CRL cache, you can provide extra structure members
/// to assist the CertVerifyRevocation function with this. To include the additional structure members, define the constant
/// CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS in your application before including Wincrypt.h
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-cert_revocation_para typedef struct _CERT_REVOCATION_PARA
// { DWORD cbSize; PCCERT_CONTEXT pIssuerCert; DWORD cCertStore; HCERTSTORE *rgCertStore; HCERTSTORE hCrlStore; LPFILETIME
// pftTimeToUse; DWORD dwUrlRetrievalTimeout; BOOL fCheckFreshnessTime; DWORD dwFreshnessTime; LPFILETIME pftCurrentTime;
// PCERT_REVOCATION_CRL_INFO pCrlInfo; LPFILETIME pftCacheResync; PCERT_REVOCATION_CHAIN_PARA pChainPara; } CERT_REVOCATION_PARA, *PCERT_REVOCATION_PARA;
[PInvokeData("wincrypt.h", MSDNShortId = "730db593-c55f-4ecf-bcac-5de54ab90db6")]
[StructLayout(LayoutKind.Sequential)]
public struct CERT_REVOCATION_PARA
{
/// The size, in bytes, of this structure.
public uint cbSize;
///
/// A pointer to a CERT_CONTEXT structure that contains the certificate of the issuer of a certificate specified in the
/// rgpvContext array in the CertVerifyRevocation parameter list.
///
public PCCERT_CONTEXT pIssuerCert;
///
/// When set, contains the number of elements in the rgCertStore array. Set to zero if you are not supplying a list of
/// store handles in the rgCertStore parameter.
///
public uint cCertStore;
///
/// An array of certificate store handles. Specifies a set of stores that are searched for issuer certificates. If rgCertStore
/// is not set, the default stores are searched.
///
public IntPtr rgCertStore;
///
/// Optional store handle. When specified, a handler that uses certificate revocation lists (CRLs) can search this store for CRLs.
///
public HCERTSTORE hCrlStore;
///
/// A pointer to a FILETIME version of UTC time. When specified, the handler must, if possible, determine revocation
/// status relative to the time given. If NULL or the handler cannot determine the status relative to the
/// pftTimeToUse value, revocation status can be determined independent of time or relative to current time.
///
public IntPtr pftTimeToUse;
///
/// This member is defined only if CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS is defined. The time-out, in milliseconds, that
/// the revocation handler will wait when attempting to retrieve revocation information. If it is set to zero, the revocation
/// handler's default time-out is used. If CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS is defined, this member must be set to
/// zero if it is unused.
///
public uint dwUrlRetrievalTimeout;
///
/// This member is defined only if CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS is defined. If TRUE, an attempt is made
/// to retrieve a new CRL if the issue date of the CRL is less than or equal to the Current Time minus dwFreshnessTime.
/// If this flag is not set, the CRL's NextUpdate time is used. If CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS is defined, this
/// member must be set to FALSE if it is unused.
///
[MarshalAs(UnmanagedType.Bool)] public bool fCheckFreshnessTime;
///
/// This member is defined only if CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS is defined. The time, in seconds, is used to
/// determine whether an attempt will be made to retrieve a new CRL. If CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS is defined,
/// this member must be set to zero if it is unused.
///
public uint dwFreshnessTime;
///
/// This member is defined only if CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS is defined. A pointer to a FILETIME
/// structure that is used in the freshness time check. If the value of this pointer is null, the revocation handler uses the
/// current time. If CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS is defined, this member must be set to null if it is unused.
///
public IntPtr pftCurrentTime;
///
/// This member is defined only if CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS is defined. This member contains a pointer to a
/// PCERT_REVOCATION_CRL_INFO structure that contains CRL context information. The CRL information is only applicable to the
/// last context checked. To access the information in this CRL, call the CertVerifyRevocation function with cContext set to 1.
/// If CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS is defined, the member must be set to null if it is unused.
///
public IntPtr pCrlInfo;
///
///
/// This member is defined only if CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS is defined. This member contains a pointer to a
/// FILETIME structure that specifies the use of cached information. Any information cached before the specified time is
/// considered invalid and new information is retrieved. If CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS is defined, this member
/// must be set to null if it is unused.
///
/// Windows Server 2003 and Windows XP: This member is not used.
///
public IntPtr pftCacheResync;
///
///
/// This member is defined only if CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS is defined. This member contains a pointer to a
/// CERT_REVOCATION_CHAIN_PARA structure that contains parameters used for building a chain for an independent OCSP signer
/// certificate. If CERT_REVOCATION_PARA_HAS_EXTRA_FIELDS is defined, this member must be set to null if it is unused.
///
///
/// Windows Vista, Windows Server 2003 and Windows XP: This member is not used in the listed systems. The member is
/// available beginning with Windows Vista with SP1.
///
///
public IntPtr pChainPara;
}
///
/// The CERT_REVOCATION_STATUS structure contains information on the revocation status of the certificate. It is passed to
/// and returned by CertVerifyRevocation. On return from the function, it specifies the status of a revoked or unchecked context.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-cert_revocation_status typedef struct
// _CERT_REVOCATION_STATUS { DWORD cbSize; DWORD dwIndex; DWORD dwError; DWORD dwReason; BOOL fHasFreshnessTime; DWORD
// dwFreshnessTime; } CERT_REVOCATION_STATUS, *PCERT_REVOCATION_STATUS;
[PInvokeData("wincrypt.h", MSDNShortId = "087ea37a-907a-4652-a5df-dd8e86755490")]
[StructLayout(LayoutKind.Sequential)]
public struct CERT_REVOCATION_STATUS
{
///
/// Size of this structure in bytes.
///
/// Upon input to CERT_REVOCATION_STATUS, cbSize must be set to a size greater than or equal to the size of a
/// CERT_REVOCATION_STATUS structure. Otherwise, CERT_REVOCATION_STATUS returns FALSE and GetLastError
/// returns E_INVALIDARG.
///
///
public uint cbSize;
///
/// Specifies an index value for the rgpvContext array passed to CertVerifyRevocation. It is the index of the first context in
/// that array that was revoked or that could not be checked for revocation. For information about the contexts that were not
/// checked, CertVerifyRevocation is called again, specifying a rgpvContext array that contains the unchecked contexts
/// from the original list.
///
public uint dwIndex;
///
/// Specifies the returned error status. This value matches the return value of GetLastError on return from the call to
/// CertVerifyRevocation. For the list of these error values, see the table in the Return Values section of CertVerifyRevocation.
///
public Win32Error dwError;
///
///
/// Specifies the cause of the error. This member is set only if dwError is CRYPT_E_REVOKED. It contains a code that
/// indicates why the context was revoked. It can be one of the following values.
///
///
///
/// Value
/// Meaning
///
/// -
/// CRL_REASON_UNSPECIFIED
/// No reason was specified for revocation.
///
/// -
/// CRL_REASON_KEY_COMPROMISE
///
/// It is known or suspected that the subject's private key or other aspects of the subject validated in the certificate are compromised.
///
///
/// -
/// CRL_REASON_CA_COMPROMISE
/// It is known or suspected that the CA's private key or other aspects of the CA validated in the certificate are compromised.
///
/// -
/// CRL_REASON_AFFILIATION_CHANGED
///
/// The subject's name or other information in the certificate has been modified but there is no cause to suspect that the
/// private key has been compromised.
///
///
/// -
/// CRL_REASON_SUPERSEDED
/// The certificate has been superseded, but there is no cause to suspect that the private key has been compromised.
///
/// -
/// CRL_REASON_CESSATION_OF_OPERATION
///
/// The certificate is no longer needed for the purpose for which it was issued, but there is no cause to suspect that the
/// private key has been compromised.
///
///
/// -
/// CRL_REASON_CERTIFICATE_HOLD
/// The certificate has been placed on hold.
///
///
///
public CRL_REASON dwReason;
///
/// Depending on cbSize, this structure can contain this member. If this member is TRUE, the revocation freshness
/// time returned by dwFreshnessTime is valid.
///
[MarshalAs(UnmanagedType.Bool)] public bool fHasFreshnessTime;
///
/// Depending on cbSize, this structure can contain this member. If present, this member gives the time in seconds
/// between the current time and when the CRL was published.
///
public uint dwFreshnessTime;
}
///
///
/// [The CRYPT_ATTRIBUTES structure is available for use in the operating systems specified in the Requirements section. It
/// may be altered or unavailable in subsequent versions.]
///
/// The CRYPT_ATTRIBUTES structure contains an array of attributes.
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-crypt_attributes typedef struct _CRYPT_ATTRIBUTES { DWORD
// cAttr; PCRYPT_ATTRIBUTE rgAttr; } CRYPT_ATTRIBUTES, *PCRYPT_ATTRIBUTES;
[PInvokeData("wincrypt.h", MSDNShortId = "782f3022-d852-4ad7-8e0f-afbccc25928a")]
[StructLayout(LayoutKind.Sequential)]
public struct CRYPT_ATTRIBUTES
{
/// Number of elements in the rgAttr array.
public uint cAttr;
/// Array of CRYPT_ATTRIBUTE structures.
public IntPtr rgAttr;
}
///
///
/// [The CRYPT_PKCS8_EXPORT_PARAMS structure is available for use in the operating systems specified in the Requirements
/// section. It may be altered or unavailable in subsequent versions.]
///
///
/// The CRYPT_PKCS8_EXPORT_PARAMS structure identifies the private key and a callback function to encrypt the private key.
/// CRYPT_PKCS8_EXPORT_PARAMS is used as a parameter to the CryptExportPKCS8Ex function, which exports a private key in PKCS
/// #8 format.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-crypt_pkcs8_export_params typedef struct
// _CRYPT_PKCS8_EXPORT_PARAMS { HCRYPTPROV hCryptProv; DWORD dwKeySpec; LPSTR pszPrivateKeyObjId; PCRYPT_ENCRYPT_PRIVATE_KEY_FUNC
// pEncryptPrivateKeyFunc; LPVOID pVoidEncryptFunc; } CRYPT_PKCS8_EXPORT_PARAMS, *PCRYPT_PKCS8_EXPORT_PARAMS;
[PInvokeData("wincrypt.h", MSDNShortId = "5a60c96e-907a-409e-921c-59055452463f")]
[StructLayout(LayoutKind.Sequential)]
public struct CRYPT_PKCS8_EXPORT_PARAMS
{
///
/// An HCRYPTPROV variable that contains a handle to the cryptographic service provider (CSP) used to encrypt the private key.
/// This is a handle to the CSP obtained by calling CryptAcquireContext.
///
public HCRYPTPROV hCryptProv;
///
///
/// A DWORD variable that contains the key specification. The following dwKeySpec values are defined for the
/// default provider.
///
///
///
/// Value
/// Meaning
///
/// -
/// AT_KEYEXCHANGE
/// Keys used to encrypt/decrypt session keys.
///
/// -
/// AT_SIGNATURE
/// Keys used to create and verify digital signatures.
///
///
///
public CertKeySpec dwKeySpec;
/// An LPSTR variable that contains the object identifier (OID) of the private key to be exported.
public StrPtrAnsi pszPrivateKeyObjId;
///
/// A PCRYPT_ENCRYPT_PRIVATE_KEY_FUNC pointer that points to a callback to a function that encrypts the private key. If this is
/// NULL, the private key is not encrypted, and a PKCS #8 CRYPT_ENCRYPTED_PRIVATE_KEY_INFO structure will not be
/// generated by CryptExportPKCS8Ex.
///
[MarshalAs(UnmanagedType.FunctionPtr)] public PCRYPT_ENCRYPT_PRIVATE_KEY_FUNC pEncryptPrivateKeyFunc;
/// A LPVOID value that provides data used for encryption, such as key, initialization vector, and password.
public IntPtr pVoidEncryptFunc;
}
///
///
/// [The CRYPT_PKCS8_IMPORT_PARAMS structure is available for use in the operating systems specified in the Requirements
/// section. It may be altered or unavailable in subsequent versions.]
///
///
/// The CRYPT_PKCS8_IMPORT_PARAMS structure contains a PKCS #8 private key and pointers to callback functions.
/// CRYPT_PKCS8_IMPORT_PARAMS is used by the CryptImportPKCS8 function. The first callback supplies the algorithm object
/// identifier (OID) and key length needed to specify the cryptographic service provider (CSP) into which the key will be imported.
/// If the private key in PKCS #8 is encrypted, the CRYPT_PKCS8_IMPORT_PARAMS structure contains the encrypted private key,
/// and the second callback is used to decrypt this private key.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-crypt_pkcs8_import_params typedef struct
// _CRYPT_PKCS8_IMPORT_PARAMS { CRYPT_DIGEST_BLOB PrivateKey; PCRYPT_RESOLVE_HCRYPTPROV_FUNC pResolvehCryptProvFunc; LPVOID
// pVoidResolveFunc; PCRYPT_DECRYPT_PRIVATE_KEY_FUNC pDecryptPrivateKeyFunc; LPVOID pVoidDecryptFunc; } CRYPT_PKCS8_IMPORT_PARAMS,
// *PCRYPT_PKCS8_IMPORT_PARAMS, CRYPT_PRIVATE_KEY_BLOB_AND_PARAMS, *PCRYPT_PRIVATE_KEY_BLOB_AND_PARAMS;
[PInvokeData("wincrypt.h", MSDNShortId = "a016e807-60d3-4ae4-829b-43acea2ee8c1")]
[StructLayout(LayoutKind.Sequential)]
public struct CRYPT_PKCS8_IMPORT_PARAMS
{
/// A CRYPT_DIGEST_BLOB structure that contains the PKCS #8 data.
public CRYPTOAPI_BLOB PrivateKey;
///
/// A PCRYPT_RESOLVE_HCRYPTPROV_FUNC pointer that points to data used by a user-defined function that retrieves a handle to a CSP.
///
[MarshalAs(UnmanagedType.FunctionPtr)]
public PCRYPT_RESOLVE_HCRYPTPROV_FUNC pResolvehCryptProvFunc;
/// An LPVOID value that identifies the function used to retrieve the CSP provider handle.
public IntPtr pVoidResolveFunc;
/// A PCRYPT_DECRYPT_PRIVATE_KEY_FUNC pointer that points to a callback function used to decrypt the private key.
[MarshalAs(UnmanagedType.FunctionPtr)]
public PCRYPT_DECRYPT_PRIVATE_KEY_FUNC pDecryptPrivateKeyFunc;
/// An LPVOID value that provides data used for encryption, such as key, initialization vector, and password.
public IntPtr pVoidDecryptFunc;
}
///
///
/// [The CRYPT_PRIVATE_KEY_INFO structure is available for use in the operating systems specified in the Requirements
/// section. It may be altered or unavailable in subsequent versions.]
///
///
/// The CRYPT_PRIVATE_KEY_INFO structure contains a clear-text private key in the PrivateKey field (DER encoded).
/// CRYPT_PRIVATE_KEY_INFO contains the information in a PKCS #8 PrivateKeyInfo ASN.1 type found in the PKCS #8 standard.
///
///
// https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-crypt_private_key_info typedef struct
// _CRYPT_PRIVATE_KEY_INFO { DWORD Version; CRYPT_ALGORITHM_IDENTIFIER Algorithm; CRYPT_DER_BLOB PrivateKey; PCRYPT_ATTRIBUTES
// pAttributes; } CRYPT_PRIVATE_KEY_INFO, *PCRYPT_PRIVATE_KEY_INFO;
[PInvokeData("wincrypt.h", MSDNShortId = "63a5d1c2-88b3-45fa-94d3-2179cb8802c9")]
[StructLayout(LayoutKind.Sequential)]
public struct CRYPT_PRIVATE_KEY_INFO
{
/// A DWORD value that identifies the PKCS #8 version.
public uint Version;
///
/// A CRYPT_ALGORITHM_IDENTIFIER structure that indicates the algorithm in which the private key (RSA or DSA) is to be used.
///
public CRYPT_ALGORITHM_IDENTIFIER Algorithm;
/// A CRYPT_DER_BLOB structure that contains the key data.
public CRYPTOAPI_BLOB PrivateKey;
/// A CRYPT_ATTRIBUTES structure that identifies the PKCS #8 attributes.
public IntPtr pAttributes;
}
/// Standard crypto memory allocation methods.
///
public class CryptMemMethods : MemoryMethodsBase
{
/// Gets a static instance of this class.
public static readonly CryptMemMethods Instance = new CryptMemMethods();
/// Gets a handle to a memory allocation of the specified size.
/// The size, in bytes, of memory to allocate.
/// A memory handle.
///
public override IntPtr AllocMem(int size) => Win32Error.ThrowLastErrorIfNull(CryptMemAlloc((uint)size));
/// Frees the memory associated with a handle.
/// A memory handle.
///
public override void FreeMem(IntPtr hMem) => CryptMemFree(hMem);
/// Gets the reallocation method.
/// A memory handle.
/// The size, in bytes, of memory to allocate.
/// A memory handle.
public override IntPtr ReAllocMem(IntPtr hMem, int size) => Win32Error.ThrowLastErrorIfNull(CryptMemRealloc(hMem, (uint)size));
}
/// Safe handle for crypto memory.
///
public class SafeCryptMem : SafeMemoryHandleExt
{
/// Initializes a new instance of the class.
/// The size of memory to allocate, in bytes.
/// size - The value of this argument must be non-negative
public SafeCryptMem(SizeT size = default) : base(size) { }
/// Initializes a new instance of the class.
/// The handle.
/// The size of memory allocated to the handle, in bytes.
/// if set to true if this class is responsible for freeing the memory on disposal.
public SafeCryptMem(IntPtr handle, SizeT size, bool ownsHandle) : base(handle, size, ownsHandle) { }
///
/// Allocates from unmanaged memory to represent an array of pointers and marshals the unmanaged pointers (IntPtr) to the native
/// array equivalent.
///
/// Array of unmanaged pointers
/// SafeHGlobalHandle object to an native (unmanaged) array of pointers
public SafeCryptMem(byte[] bytes) : base(bytes) { }
/// Allocates from unmanaged memory to represent a Unicode string (WSTR) and marshal this to a native PWSTR.
/// The string value.
/// The character set of the string.
/// SafeMemoryHandleExt object to an native (unmanaged) string
public SafeCryptMem(string s, CharSet charSet = CharSet.Unicode) : base(s, charSet) { }
}
/// Provides a for that is disposed using .
public class SafeHCRYPTKEY : SafeHANDLE
{
/// Represents a NULL handle for . This must be used instead of .
public static readonly SafeHCRYPTKEY Null = new SafeHCRYPTKEY(IntPtr.Zero, false);
/// Initializes a new instance of the class and assigns an existing handle.
/// An object that represents the pre-existing handle to use.
///
/// to reliably release the handle during the finalization phase; otherwise, (not recommended).
///
public SafeHCRYPTKEY(IntPtr preexistingHandle, bool ownsHandle = true) : base(preexistingHandle, ownsHandle) { }
/// Initializes a new instance of the class.
private SafeHCRYPTKEY() : base() { }
/// Performs an implicit conversion from to .
/// The safe handle instance.
/// The result of the conversion.
public static implicit operator HCRYPTKEY(SafeHCRYPTKEY h) => h.handle;
///
protected override bool InternalReleaseHandle() => CryptDestroyKey(handle);
[DllImport(Lib.AdvApi32, SetLastError = true, ExactSpelling = true)]
[return: MarshalAs(UnmanagedType.Bool)] private static extern bool CryptDestroyKey(HCRYPTKEY hKey);
}
}
}