Windows编程

开发平台：

Visual C++

CONST.BAS：源码内容

Attribute VB_Name = "Const"
Option Explicit
'+---------------------------------------------------------------------------
'
' Microsoft Windows
'
' File: wincrypt.h
'
' Contents: Cryptographic API Prototypes and Definitions
'
'----------------------------------------------------------------------------
'
' Algorithm IDs and Flags
'
' ALG_ID crackers
' Algorithm classes
Public Const ALG_CLASS_ANY As Long = 0
' Algorithm types
Public Const ALG_TYPE_ANY As Long = 0
' Generic sub-ids
Public Const ALG_SID_ANY As Long = 0
' Some RSA sub-ids
Public Const ALG_SID_RSA_ANY As Long = 0
Public Const ALG_SID_RSA_PKCS As Long = 1
Public Const ALG_SID_RSA_MSATWORK As Long = 2
Public Const ALG_SID_RSA_ENTRUST As Long = 3
Public Const ALG_SID_RSA_PGP As Long = 4
' Some DSS sub-ids
'
Public Const ALG_SID_DSS_ANY As Long = 0
Public Const ALG_SID_DSS_PKCS As Long = 1
Public Const ALG_SID_DSS_DMS As Long = 2
' Block cipher sub ids
' DES sub_ids
Public Const ALG_SID_DES As Long = 1
Public Const ALG_SID_3DES As Long = 3
Public Const ALG_SID_DESX As Long = 4
Public Const ALG_SID_IDEA As Long = 5
Public Const ALG_SID_CAST As Long = 6
Public Const ALG_SID_SAFERSK64 As Long = 7
Public Const ALD_SID_SAFERSK128 As Long = 8
Public Const ALG_SID_3DES_112 As Long = 9
Public Const ALG_SID_CYLINK_MEK As Long = 12
Public Const ALG_SID_RC5 As Long = 13
' Fortezza sub-ids
Public Const ALG_SID_SKIPJACK As Long = 10
Public Const ALG_SID_TEK As Long = 11
' KP_MODE
Public Const CRYPT_MODE_CBCI As Long = 6
Public Const CRYPT_MODE_CFBP As Long = 7
Public Const CRYPT_MODE_OFBP As Long = 8
Public Const CRYPT_MODE_CBCOFM As Long = 9
Public Const CRYPT_MODE_CBCOFMI As Long = 10
' RC2 sub-ids
Public Const ALG_SID_RC2 As Long = 2
' Stream cipher sub-ids
Public Const ALG_SID_RC4 As Long = 1
Public Const ALG_SID_SEAL As Long = 2
' Diffie-Hellman sub-ids
Public Const ALG_SID_DH_SANDF As Long = 1
Public Const ALG_SID_DH_EPHEM As Long = 2
Public Const ALG_SID_AGREED_KEY_ANY As Long = 3
Public Const ALG_SID_KEA As Long = 4
' Hash sub ids
Public Const ALG_SID_MD2 As Long = 1
Public Const ALG_SID_MD4 As Long = 2
Public Const ALG_SID_MD5 As Long = 3
Public Const ALG_SID_SHA As Long = 4
Public Const ALG_SID_SHA1 As Long = 4
Public Const ALG_SID_MAC As Long = 5
Public Const ALG_SID_RIPEMD As Long = 6
Public Const ALG_SID_RIPEMD160 As Long = 7
Public Const ALG_SID_SSL3SHAMD5 As Long = 8
Public Const ALG_SID_HMAC As Long = 9
' secure channel sub ids
Public Const ALG_SID_SSL3_MASTER As Long = 1
Public Const ALG_SID_SCHANNEL_MASTER_HASH As Long = 2
Public Const ALG_SID_SCHANNEL_MAC_KEY As Long = 3
Public Const ALG_SID_PCT1_MASTER As Long = 4
Public Const ALG_SID_SSL2_MASTER As Long = 5
Public Const ALG_SID_TLS1_MASTER As Long = 6
Public Const ALG_SID_SCHANNEL_ENC_KEY As Long = 7
' Our silly example sub-id
Public Const ALG_SID_EXAMPLE As Long = 80
' algorithm identifier definitions
' dwFlags definitions for CryptAcquireContext
Public Const CRYPT_VERIFYCONTEXT As Long = &HF0000000
Public Const CRYPT_NEWKEYSET As Long = &H00000008
Public Const CRYPT_DELETEKEYSET As Long = &H00000010
Public Const CRYPT_MACHINE_KEYSET As Long = &H00000020
' dwFlag definitions for CryptGenKey
Public Const CRYPT_EXPORTABLE As Long = &H00000001
Public Const CRYPT_USER_PROTECTED As Long = &H00000002
Public Const CRYPT_CREATE_SALT As Long = &H00000004
Public Const CRYPT_UPDATE_KEY As Long = &H00000008
Public Const CRYPT_NO_SALT As Long = &H00000010
Public Const CRYPT_PREGEN As Long = &H00000040
Public Const CRYPT_RECIPIENT As Long = &H00000010
Public Const CRYPT_INITIATOR As Long = &H00000040
Public Const CRYPT_ONLINE As Long = &H00000080
Public Const CRYPT_SF As Long = &H00000100
Public Const CRYPT_CREATE_IV As Long = &H00000200
Public Const CRYPT_KEK As Long = &H00000400
Public Const CRYPT_DATA_KEY As Long = &H00000800
' dwFlags definitions for CryptDeriveKey
Public Const CRYPT_SERVER As Long = &H00000400
Public Const KEY_LENGTH_MASK As Long = &HFFFF0000
' dwFlag definitions for CryptExportKey
Public Const CRYPT_Y_ONLY As Long = &H00000001
Public Const CRYPT_SSL2_SLUMMING As Long = &H00000002
' dwFlags definitions for CryptHashSessionKey
Public Const CRYPT_LITTLE_ENDIAN As Long = &H00000001
' dwFlag definitions for CryptSetProviderEx and CryptGetDefaultProvider
Public Const CRYPT_MACHINE_DEFAULT As Long = &H00000001
Public Const CRYPT_USER_DEFAULT As Long = &H00000002
Public Const CRYPT_DELETE_DEFAULT As Long = &H00000004
' exported key blob definitions
Public Const SIMPLEBLOB As Long = &H1
Public Const PUBLICKEYBLOB As Long = &H6
Public Const PRIVATEKEYBLOB As Long = &H7
Public Const PLAINTEXTKEYBLOB As Long = &H8
Public Const AT_KEYEXCHANGE As Long = 1
Public Const AT_SIGNATURE As Long = 2
Public Const CRYPT_USERDATA As Long = 1
' dwParam
Public Const KP_IV As Long = 1
Public Const KP_SALT As Long = 2
Public Const KP_PADDING As Long = 3
Public Const KP_MODE As Long = 4
Public Const KP_MODE_BITS As Long = 5
Public Const KP_PERMISSIONS As Long = 6
Public Const KP_ALGID As Long = 7
Public Const KP_BLOCKLEN As Long = 8
Public Const KP_KEYLEN As Long = 9
Public Const KP_SALT_EX As Long = 10
Public Const KP_P As Long = 11
Public Const KP_G As Long = 12
Public Const KP_Q As Long = 13
Public Const KP_X As Long = 14
Public Const KP_Y As Long = 15
Public Const KP_RA As Long = 16
Public Const KP_RB As Long = 17
Public Const KP_INFO As Long = 18
Public Const KP_EFFECTIVE_KEYLEN As Long = 19
Public Const KP_SCHANNEL_ALG As Long = 20
Public Const KP_CLIENT_RANDOM As Long = 21
Public Const KP_SERVER_RANDOM As Long = 22
Public Const KP_RP As Long = 23
Public Const KP_PRECOMP_MD5 As Long = 24
Public Const KP_PRECOMP_SHA As Long = 25
Public Const KP_CERTIFICATE As Long = 26
Public Const KP_CLEAR_KEY As Long = 27
Public Const KP_PUB_EX_LEN As Long = 28
Public Const KP_PUB_EX_VAL As Long = 29
' KP_PADDING
Public Const PKCS5_PADDING As Long = 1
Public Const RANDOM_PADDING As Long = 2
Public Const ZERO_PADDING As Long = 3
' KP_MODE
Public Const CRYPT_MODE_CBC As Long = 1
Public Const CRYPT_MODE_ECB As Long = 2
Public Const CRYPT_MODE_OFB As Long = 3
Public Const CRYPT_MODE_CFB As Long = 4
Public Const CRYPT_MODE_CTS As Long = 5
' KP_PERMISSIONS
Public Const CRYPT_ENCRYPT As Long = &H0001
Public Const CRYPT_DECRYPT As Long = &H0002
Public Const CRYPT_EXPORT As Long = &H0004
Public Const CRYPT_READ As Long = &H0008
Public Const CRYPT_WRITE As Long = &H0010
Public Const CRYPT_MAC As Long = &H0020
Public Const CRYPT_EXPORT_KEY As Long = &H0040
Public Const CRYPT_IMPORT_KEY As Long = &H0080
Public Const HP_ALGID As Long = &H0001
Public Const HP_HASHVAL As Long = &H0002
Public Const HP_HASHSIZE As Long = &H0004
Public Const HP_HMAC_INFO As Long = &H0005
'
' CryptGetProvParam
'
Public Const PP_ENUMALGS As Long = 1
Public Const PP_ENUMCONTAINERS As Long = 2
Public Const PP_IMPTYPE As Long = 3
Public Const PP_NAME As Long = 4
Public Const PP_VERSION As Long = 5
Public Const PP_CONTAINER As Long = 6
Public Const PP_CHANGE_PASSWORD As Long = 7
Public Const PP_KEYSET_SEC_DESCR As Long = 8
Public Const PP_CERTCHAIN As Long = 9
Public Const PP_KEY_TYPE_SUBTYPE As Long = 10
Public Const PP_PROVTYPE As Long = 16
Public Const PP_KEYSTORAGE As Long = 17
Public Const PP_APPLI_CERT As Long = 18
Public Const PP_SYM_KEYSIZE As Long = 19
Public Const PP_SESSION_KEYSIZE As Long = 20
Public Const PP_UI_PROMPT As Long = 21
Public Const PP_ENUMALGS_EX As Long = 22
Public Const CRYPT_FIRST As Long = 1
Public Const CRYPT_NEXT As Long = 2
Public Const CRYPT_IMPL_HARDWARE As Long = 1
Public Const CRYPT_IMPL_SOFTWARE As Long = 2
Public Const CRYPT_IMPL_MIXED As Long = 3
Public Const CRYPT_IMPL_UNKNOWN As Long = 4
' key storage flags
Public Const CRYPT_SEC_DESCR As Long = &H00000001
Public Const CRYPT_PSTORE As Long = &H00000002
Public Const CRYPT_UI_PROMPT As Long = &H00000004
' protocol flags
Public Const CRYPT_FLAG_PCT1 As Long = &H0001
Public Const CRYPT_FLAG_SSL2 As Long = &H0002
Public Const CRYPT_FLAG_SSL3 As Long = &H0004
Public Const CRYPT_FLAG_TLS1 As Long = &H0008
'
' CryptSetProvParam
'
Public Const PP_CLIENT_HWND As Long = 1
Public Const PP_CONTEXT_INFO As Long = 11
Public Const PP_KEYEXCHANGE_KEYSIZE As Long = 12
Public Const PP_SIGNATURE_KEYSIZE As Long = 13
Public Const PP_KEYEXCHANGE_ALG As Long = 14
Public Const PP_SIGNATURE_ALG As Long = 15
Public Const PROV_RSA_FULL As Long = 1
Public Const PROV_RSA_SIG As Long = 2
Public Const PROV_DSS As Long = 3
Public Const PROV_FORTEZZA As Long = 4
Public Const PROV_MS_EXCHANGE As Long = 5
Public Const PROV_SSL As Long = 6
Public Const PROV_RSA_SCHANNEL As Long = 12
Public Const PROV_DSS_DH As Long = 13
Public Const PROV_EC_ECDSA As Long = 14
Public Const PROV_EC_ECNR As Long = 15
Public Const PROV_EC_ECDSA_FULL As Long = 16
Public Const PROV_EC_ECNR_FULL As Long = 17
Public Const PROV_SPYRUS_LYNKS As Long = 20
'
' STT defined Providers
'
Public Const PROV_STT_MER As Long = 7
Public Const PROV_STT_ACQ As Long = 8
Public Const PROV_STT_BRND As Long = 9
Public Const PROV_STT_ROOT As Long = 10
Public Const PROV_STT_ISS As Long = 11
'
' Provider friendly names
'
Public Const MS_DEF_PROV_A As String = "Microsoft Base Cryptographic Provider v1.0"
Public Const MS_DEF_PROV_W As String = "Microsoft Base Cryptographic Provider v1.0"
Public Const MS_ENHANCED_PROV_A As String = "Microsoft Enhanced Cryptographic Provider v1.0"
Public Const MS_ENHANCED_PROV_W As String = "Microsoft Enhanced Cryptographic Provider v1.0"
Public Const MS_DEF_DSS_PROV_A As String = "Microsoft Base DSS Cryptographic Provider"
Public Const MS_DEF_DSS_PROV_W As String = "Microsoft Base DSS Cryptographic Provider"
Public Const MAXUIDLEN As Long = 64
Public Const CUR_BLOB_VERSION As Long = 2
' structure for use with CryptSetHashParam with CALG_HMAC
' structure for use with CryptSetKeyParam with KP_SCHANNEL_ALG
' uses of algortihms for SCHANNEL_ALG structure
Public Const SCHANNEL_MAC_KEY As Long = &H00000000
Public Const SCHANNEL_ENC_KEY As Long = &H00000001
'+-------------------------------------------------------------------------
' CRYPTOAPI BLOB definitions
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' In a CRYPT_BIT_BLOB the last byte may contain 0-7 unused bits. Therefore, the
' overall bit length is cbData * 8 - cUnusedBits.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Type used for any algorithm
'
' Where the Parameters CRYPT_OBJID_BLOB is in its encoded representation. For most
'--------------------------------------------------------------------------
' Following are the definitions of various algorithm object identifiers
' RSA
Public Const szOID_RSA As String = "1.2.840.113549"
Public Const szOID_PKCS As String = "1.2.840.113549.1"
Public Const szOID_RSA_HASH As String = "1.2.840.113549.2"
Public Const szOID_RSA_ENCRYPT As String = "1.2.840.113549.3"
Public Const szOID_PKCS_1 As String = "1.2.840.113549.1.1"
Public Const szOID_PKCS_2 As String = "1.2.840.113549.1.2"
Public Const szOID_PKCS_3 As String = "1.2.840.113549.1.3"
Public Const szOID_PKCS_4 As String = "1.2.840.113549.1.4"
Public Const szOID_PKCS_5 As String = "1.2.840.113549.1.5"
Public Const szOID_PKCS_6 As String = "1.2.840.113549.1.6"
Public Const szOID_PKCS_7 As String = "1.2.840.113549.1.7"
Public Const szOID_PKCS_8 As String = "1.2.840.113549.1.8"
Public Const szOID_PKCS_9 As String = "1.2.840.113549.1.9"
Public Const szOID_PKCS_10 As String = "1.2.840.113549.1.10"
Public Const szOID_RSA_RSA As String = "1.2.840.113549.1.1.1"
Public Const szOID_RSA_MD2RSA As String = "1.2.840.113549.1.1.2"
Public Const szOID_RSA_MD4RSA As String = "1.2.840.113549.1.1.3"
Public Const szOID_RSA_MD5RSA As String = "1.2.840.113549.1.1.4"
Public Const szOID_RSA_SHA1RSA As String = "1.2.840.113549.1.1.5"
Public Const szOID_RSA_SETOAEP_RSA As String = "1.2.840.113549.1.1.6"
Public Const szOID_RSA_data As String = "1.2.840.113549.1.7.1"
Public Const szOID_RSA_signedData As String = "1.2.840.113549.1.7.2"
Public Const szOID_RSA_envelopedData As String = "1.2.840.113549.1.7.3"
Public Const szOID_RSA_signEnvData As String = "1.2.840.113549.1.7.4"
Public Const szOID_RSA_digestedData As String = "1.2.840.113549.1.7.5"
Public Const szOID_RSA_hashedData As String = "1.2.840.113549.1.7.5"
Public Const szOID_RSA_encryptedData As String = "1.2.840.113549.1.7.6"
Public Const szOID_RSA_emailAddr As String = "1.2.840.113549.1.9.1"
Public Const szOID_RSA_unstructName As String = "1.2.840.113549.1.9.2"
Public Const szOID_RSA_contentType As String = "1.2.840.113549.1.9.3"
Public Const szOID_RSA_messageDigest As String = "1.2.840.113549.1.9.4"
Public Const szOID_RSA_signingTime As String = "1.2.840.113549.1.9.5"
Public Const szOID_RSA_counterSign As String = "1.2.840.113549.1.9.6"
Public Const szOID_RSA_challengePwd As String = "1.2.840.113549.1.9.7"
Public Const szOID_RSA_unstructAddr As String = "1.2.840.113549.1.9.8"
Public Const szOID_RSA_extCertAttrs As String = "1.2.840.113549.1.9.9"
Public Const szOID_RSA_MD2 As String = "1.2.840.113549.2.2"
Public Const szOID_RSA_MD4 As String = "1.2.840.113549.2.4"
Public Const szOID_RSA_MD5 As String = "1.2.840.113549.2.5"
Public Const szOID_RSA_RC2CBC As String = "1.2.840.113549.3.2"
Public Const szOID_RSA_RC4 As String = "1.2.840.113549.3.4"
' ITU-T UsefulDefinitions
Public Const szOID_DS As String = "2.5"
Public Const szOID_DSALG As String = "2.5.8"
Public Const szOID_DSALG_CRPT As String = "2.5.8.1"
Public Const szOID_DSALG_HASH As String = "2.5.8.2"
Public Const szOID_DSALG_SIGN As String = "2.5.8.3"
Public Const szOID_DSALG_RSA As String = "2.5.8.1.1"
' http:
' http:
Public Const szOID_OIW As String = "1.3.14"
Public Const szOID_OIWSEC As String = "1.3.14.3.2"
Public Const szOID_OIWSEC_md4RSA As String = "1.3.14.3.2.2"
Public Const szOID_OIWSEC_md5RSA As String = "1.3.14.3.2.3"
Public Const szOID_OIWSEC_md4RSA2 As String = "1.3.14.3.2.4"
Public Const szOID_OIWSEC_desECB As String = "1.3.14.3.2.6"
Public Const szOID_OIWSEC_desCBC As String = "1.3.14.3.2.7"
Public Const szOID_OIWSEC_desOFB As String = "1.3.14.3.2.8"
Public Const szOID_OIWSEC_desCFB As String = "1.3.14.3.2.9"
Public Const szOID_OIWSEC_desMAC As String = "1.3.14.3.2.10"
Public Const szOID_OIWSEC_rsaSign As String = "1.3.14.3.2.11"
Public Const szOID_OIWSEC_dsa As String = "1.3.14.3.2.12"
Public Const szOID_OIWSEC_shaDSA As String = "1.3.14.3.2.13"
Public Const szOID_OIWSEC_mdc2RSA As String = "1.3.14.3.2.14"
Public Const szOID_OIWSEC_shaRSA As String = "1.3.14.3.2.15"
Public Const szOID_OIWSEC_dhCommMod As String = "1.3.14.3.2.16"
Public Const szOID_OIWSEC_desEDE As String = "1.3.14.3.2.17"
Public Const szOID_OIWSEC_sha As String = "1.3.14.3.2.18"
Public Const szOID_OIWSEC_mdc2 As String = "1.3.14.3.2.19"
Public Const szOID_OIWSEC_dsaComm As String = "1.3.14.3.2.20"
Public Const szOID_OIWSEC_dsaCommSHA As String = "1.3.14.3.2.21"
Public Const szOID_OIWSEC_rsaXchg As String = "1.3.14.3.2.22"
Public Const szOID_OIWSEC_keyHashSeal As String = "1.3.14.3.2.23"
Public Const szOID_OIWSEC_md2RSASign As String = "1.3.14.3.2.24"
Public Const szOID_OIWSEC_md5RSASign As String = "1.3.14.3.2.25"
Public Const szOID_OIWSEC_sha1 As String = "1.3.14.3.2.26"
Public Const szOID_OIWSEC_dsaSHA1 As String = "1.3.14.3.2.27"
Public Const szOID_OIWSEC_dsaCommSHA1 As String = "1.3.14.3.2.28"
Public Const szOID_OIWSEC_sha1RSASign As String = "1.3.14.3.2.29"
Public Const szOID_OIWDIR As String = "1.3.14.7.2"
Public Const szOID_OIWDIR_CRPT As String = "1.3.14.7.2.1"
Public Const szOID_OIWDIR_HASH As String = "1.3.14.7.2.2"
Public Const szOID_OIWDIR_SIGN As String = "1.3.14.7.2.3"
Public Const szOID_OIWDIR_md2 As String = "1.3.14.7.2.2.1"
Public Const szOID_OIWDIR_md2RSA As String = "1.3.14.7.2.3.1"
' INFOSEC Algorithms
Public Const szOID_INFOSEC As String = "2.16.840.1.101.2.1"
Public Const szOID_INFOSEC_sdnsSignature As String = "2.16.840.1.101.2.1.1.1"
Public Const szOID_INFOSEC_mosaicSignature As String = "2.16.840.1.101.2.1.1.2"
Public Const szOID_INFOSEC_sdnsConfidentiality As String = "2.16.840.1.101.2.1.1.3"
Public Const szOID_INFOSEC_mosaicConfidentiality As String = "2.16.840.1.101.2.1.1.4"
Public Const szOID_INFOSEC_sdnsIntegrity As String = "2.16.840.1.101.2.1.1.5"
Public Const szOID_INFOSEC_mosaicIntegrity As String = "2.16.840.1.101.2.1.1.6"
Public Const szOID_INFOSEC_sdnsTokenProtection As String = "2.16.840.1.101.2.1.1.7"
Public Const szOID_INFOSEC_mosaicTokenProtection As String = "2.16.840.1.101.2.1.1.8"
Public Const szOID_INFOSEC_sdnsKeyManagement As String = "2.16.840.1.101.2.1.1.9"
Public Const szOID_INFOSEC_mosaicKeyManagement As String = "2.16.840.1.101.2.1.1.10"
Public Const szOID_INFOSEC_sdnsKMandSig As String = "2.16.840.1.101.2.1.1.11"
Public Const szOID_INFOSEC_mosaicKMandSig As String = "2.16.840.1.101.2.1.1.12"
Public Const szOID_INFOSEC_SuiteASignature As String = "2.16.840.1.101.2.1.1.13"
Public Const szOID_INFOSEC_SuiteAConfidentiality As String = "2.16.840.1.101.2.1.1.14"
Public Const szOID_INFOSEC_SuiteAIntegrity As String = "2.16.840.1.101.2.1.1.15"
Public Const szOID_INFOSEC_SuiteATokenProtection As String = "2.16.840.1.101.2.1.1.16"
Public Const szOID_INFOSEC_SuiteAKeyManagement As String = "2.16.840.1.101.2.1.1.17"
Public Const szOID_INFOSEC_SuiteAKMandSig As String = "2.16.840.1.101.2.1.1.18"
Public Const szOID_INFOSEC_mosaicUpdatedSig As String = "2.16.840.1.101.2.1.1.19"
Public Const szOID_INFOSEC_mosaicKMandUpdSig As String = "2.16.840.1.101.2.1.1.20"
Public Const szOID_INFOSEC_mosaicUpdatedInteg As String = "2.16.840.1.101.2.1.1.21"
'+-------------------------------------------------------------------------
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Type used for an extension to an encoded content
'
' Where the Value's CRYPT_OBJID_BLOB is in its encoded representation.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' AttributeTypeValue
'
' Where the Value's CRYPT_OBJID_BLOB is in its encoded representation.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Attributes
'
' Where the Value's PATTR_BLOBs are in their encoded representation.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
'
' The interpretation of the Value depends on the dwValueType.
' See below for a list of the types.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CERT_RDN attribute Object Identifiers
'--------------------------------------------------------------------------
' Labeling attribute types:
Public Const szOID_COMMON_NAME As String = "2.5.4.3"
Public Const szOID_SUR_NAME As String = "2.5.4.4"
Public Const szOID_DEVICE_SERIAL_NUMBER As String = "2.5.4.5"
' Geographic attribute types:
Public Const szOID_COUNTRY_NAME As String = "2.5.4.6"
Public Const szOID_LOCALITY_NAME As String = "2.5.4.7"
Public Const szOID_STATE_OR_PROVINCE_NAME As String = "2.5.4.8"
Public Const szOID_STREET_ADDRESS As String = "2.5.4.9"
' Organizational attribute types:
Public Const szOID_ORGANIZATION_NAME As String = "2.5.4.10"
Public Const szOID_ORGANIZATIONAL_UNIT_NAME As String = "2.5.4.11"
Public Const szOID_TITLE As String = "2.5.4.12"
' Explanatory attribute types:
Public Const szOID_DESCRIPTION As String = "2.5.4.13"
Public Const szOID_SEARCH_GUIDE As String = "2.5.4.14"
Public Const szOID_BUSINESS_CATEGORY As String = "2.5.4.15"
' Postal addressing attribute types:
Public Const szOID_POSTAL_ADDRESS As String = "2.5.4.16"
Public Const szOID_POSTAL_CODE As String = "2.5.4.17"
Public Const szOID_POST_OFFICE_BOX As String = "2.5.4.18"
Public Const szOID_PHYSICAL_DELIVERY_OFFICE_NAME As String = "2.5.4.19"
' Telecommunications addressing attribute types:
Public Const szOID_TELEPHONE_NUMBER As String = "2.5.4.20"
Public Const szOID_TELEX_NUMBER As String = "2.5.4.21"
Public Const szOID_TELETEXT_TERMINAL_IDENTIFIER As String = "2.5.4.22"
Public Const szOID_FACSIMILE_TELEPHONE_NUMBER As String = "2.5.4.23"
Public Const szOID_X21_ADDRESS As String = "2.5.4.24"
Public Const szOID_INTERNATIONAL_ISDN_NUMBER As String = "2.5.4.25"
Public Const szOID_REGISTERED_ADDRESS As String = "2.5.4.26"
Public Const szOID_DESTINATION_INDICATOR As String = "2.5.4.27"
' Preference attribute types:
Public Const szOID_PREFERRED_DELIVERY_METHOD As String = "2.5.4.28"
' OSI application attribute types:
Public Const szOID_PRESENTATION_ADDRESS As String = "2.5.4.29"
Public Const szOID_SUPPORTED_APPLICATION_CONTEXT As String = "2.5.4.30"
' Relational application attribute types:
Public Const szOID_MEMBER As String = "2.5.4.31"
Public Const szOID_OWNER As String = "2.5.4.32"
Public Const szOID_ROLE_OCCUPANT As String = "2.5.4.33"
Public Const szOID_SEE_ALSO As String = "2.5.4.34"
' Security attribute types:
Public Const szOID_USER_PASSWORD As String = "2.5.4.35"
Public Const szOID_USER_CERTIFICATE As String = "2.5.4.36"
Public Const szOID_CA_CERTIFICATE As String = "2.5.4.37"
Public Const szOID_AUTHORITY_REVOCATION_LIST As String = "2.5.4.38"
Public Const szOID_CERTIFICATE_REVOCATION_LIST As String = "2.5.4.39"
Public Const szOID_CROSS_CERTIFICATE_PAIR As String = "2.5.4.40"
' Undocumented attribute types???
'#define szOID_??? "2.5.4.41"
Public Const szOID_GIVEN_NAME As String = "2.5.4.42"
Public Const szOID_INITIALS As String = "2.5.4.43"
' Pilot user attribute types:
Public Const szOID_DOMAIN_COMPONENT As String = "0.9.2342.19200300.100.1.25"
'+-------------------------------------------------------------------------
' CERT_RDN Attribute Value Types
'
' For RDN_ENCODED_BLOB, the Value's CERT_RDN_VALUE_BLOB is in its encoded
' representation. Otherwise, its an array of bytes.
'
' For all CERT_RDN types, Value.cbData is always the number of bytes, not
' necessarily the number of elements in the string. For instance,
'
' For CertDecodeName, two 0 bytes are always appended to the end of the
' These added 0 bytes are't included in the BLOB.cbData.
'--------------------------------------------------------------------------
Public Const CERT_RDN_ANY_TYPE As Long = 0
Public Const CERT_RDN_ENCODED_BLOB As Long = 1
Public Const CERT_RDN_OCTET_STRING As Long = 2
Public Const CERT_RDN_NUMERIC_STRING As Long = 3
Public Const CERT_RDN_PRINTABLE_STRING As Long = 4
Public Const CERT_RDN_TELETEX_STRING As Long = 5
Public Const CERT_RDN_T61_STRING As Long = 5
Public Const CERT_RDN_VIDEOTEX_STRING As Long = 6
Public Const CERT_RDN_IA5_STRING As Long = 7
Public Const CERT_RDN_GRAPHIC_STRING As Long = 8
Public Const CERT_RDN_VISIBLE_STRING As Long = 9
Public Const CERT_RDN_ISO646_STRING As Long = 9
Public Const CERT_RDN_GENERAL_STRING As Long = 10
Public Const CERT_RDN_UNIVERSAL_STRING As Long = 11
Public Const CERT_RDN_INT4_STRING As Long = 11
Public Const CERT_RDN_BMP_STRING As Long = 12
Public Const CERT_RDN_UNICODE_STRING As Long = 12
' Macro to check that the dwValueType is a character string and not an
' encoded blob or octet string
'+-------------------------------------------------------------------------
' A CERT_RDN consists of an array of the above attributes
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Information stored in a subject's or issuer's name. The information
' is represented as an array of the above RDNs.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Name attribute value without the Object Identifier
'
' The interpretation of the Value depends on the dwValueType.
' See above for a list of the types.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Public Key Info
'
' The PublicKey is the encoded representation of the information as it is
' stored in the bit string
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Information stored in a certificate
'
' The Issuer, Subject, Algorithm, PublicKey and Extension BLOBs are the
' encoded representation of the information.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Certificate versions
'--------------------------------------------------------------------------
Public Const CERT_V1 As Long = 0
Public Const CERT_V2 As Long = 1
Public Const CERT_V3 As Long = 2
'+-------------------------------------------------------------------------
' Certificate Information Flags
'--------------------------------------------------------------------------
Public Const CERT_INFO_VERSION_FLAG As Long = 1
Public Const CERT_INFO_SERIAL_NUMBER_FLAG As Long = 2
Public Const CERT_INFO_SIGNATURE_ALGORITHM_FLAG As Long = 3
Public Const CERT_INFO_ISSUER_FLAG As Long = 4
Public Const CERT_INFO_NOT_BEFORE_FLAG As Long = 5
Public Const CERT_INFO_NOT_AFTER_FLAG As Long = 6
Public Const CERT_INFO_SUBJECT_FLAG As Long = 7
Public Const CERT_INFO_SUBJECT_PUBLIC_KEY_INFO_FLAG As Long = 8
Public Const CERT_INFO_ISSUER_UNIQUE_ID_FLAG As Long = 9
Public Const CERT_INFO_SUBJECT_UNIQUE_ID_FLAG As Long = 10
Public Const CERT_INFO_EXTENSION_FLAG As Long = 11
'+-------------------------------------------------------------------------
' An entry in a CRL
'
' The Extension BLOBs are the encoded representation of the information.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Information stored in a CRL
'
' The Issuer, Algorithm and Extension BLOBs are the encoded
' representation of the information.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CRL versions
'--------------------------------------------------------------------------
Public Const CRL_V1 As Long = 0
Public Const CRL_V2 As Long = 1
'+-------------------------------------------------------------------------
' Information stored in a certificate request
'
' The Subject, Algorithm, PublicKey and Attribute BLOBs are the encoded
' representation of the information.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Certificate Request versions
'--------------------------------------------------------------------------
Public Const CERT_REQUEST_V1 As Long = 0
'+-------------------------------------------------------------------------
' Information stored in Netscape's Keygen request
'--------------------------------------------------------------------------
Public Const CERT_KEYGEN_REQUEST_V1 As Long = 0
'+-------------------------------------------------------------------------
' Certificate, CRL, Certificate Request or Keygen Request Signed Content
'
' The "to be signed" encoded content plus its signature. The ToBeSigned
' is the encoded CERT_INFO, CRL_INFO, CERT_REQUEST_INFO or
' CERT_KEYGEN_REQUEST_INFO.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CTL Usage. Also used for EnhancedKeyUsage extension.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' An entry in a CTL
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Information stored in a CTL
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CTL versions
'--------------------------------------------------------------------------
Public Const CTL_V1 As Long = 0
'+-------------------------------------------------------------------------
' TimeStamp Request
'
' The pszTimeStamp is the OID for the Time type requested
' The pszContentType is the Content Type OID for the content, usually DATA
' The Content is a un-decoded blob
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Certificate and Message encoding types
'
' The encoding type is a DWORD containing both the certificate and message
' encoding types. The certificate encoding type is stored in the LOWORD.
' The message encoding type is stored in the HIWORD. Some functions or
' structure fields require only one of the encoding types. The following
' required:
'
' Its always acceptable to specify both.
'--------------------------------------------------------------------------
Public Const CERT_ENCODING_TYPE_MASK As Long = &H0000FFFF
Public Const CMSG_ENCODING_TYPE_MASK As Long = &HFFFF0000
Public Const CRYPT_ASN_ENCODING As Long = &H00000001
Public Const CRYPT_NDR_ENCODING As Long = &H00000002
Public Const X509_ASN_ENCODING As Long = &H00000001
Public Const X509_NDR_ENCODING As Long = &H00000002
Public Const PKCS_7_ASN_ENCODING As Long = &H00010000
Public Const PKCS_7_NDR_ENCODING As Long = &H00020000
'+-------------------------------------------------------------------------
' format the specified data structure according to the certificate
' encoding type.
'
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Encode / decode the specified data structure according to the certificate
' encoding type.
'
' See below for a list of the predefined data structures.
'--------------------------------------------------------------------------
' When the following flag is set the nocopy optimization is enabled.
' This optimization where appropriate, updates the pvStructInfo fields
' to point to content residing within pbEncoded instead of making a copy
' of and appending to pvStructInfo.
'
' Note, when set, pbEncoded can't be freed until pvStructInfo is freed.
Public Const CRYPT_DECODE_NOCOPY_FLAG As Long = &H1
'+-------------------------------------------------------------------------
' Predefined X509 certificate data structures that can be encoded / decoded.
'--------------------------------------------------------------------------
Public Const CRYPT_ENCODE_DECODE_NONE As Long = 0
'+-------------------------------------------------------------------------
' Predefined X509 certificate extension data structures that can be
' encoded / decoded.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Additional predefined data structures that can be encoded / decoded.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Predefined primitive data structures that can be encoded / decoded.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' More predefined X509 certificate extension data structures that can be
' encoded / decoded.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Predefined PKCS #7 data structures that can be encoded / decoded.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' can be encoded / decoded.
'
' Predefined values: 2000 .. 2999
'
' See spc.h for value and data structure definitions.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Extension Object Identifiers
'--------------------------------------------------------------------------
Public Const szOID_AUTHORITY_KEY_IDENTIFIER As String = "2.5.29.1"
Public Const szOID_KEY_ATTRIBUTES As String = "2.5.29.2"
Public Const szOID_KEY_USAGE_RESTRICTION As String = "2.5.29.4"
Public Const szOID_SUBJECT_ALT_NAME As String = "2.5.29.7"
Public Const szOID_ISSUER_ALT_NAME As String = "2.5.29.8"
Public Const szOID_BASIC_CONSTRAINTS As String = "2.5.29.10"
Public Const szOID_KEY_USAGE As String = "2.5.29.15"
Public Const szOID_BASIC_CONSTRAINTS2 As String = "2.5.29.19"
Public Const szOID_CERT_POLICIES As String = "2.5.29.32"
Public Const szOID_AUTHORITY_KEY_IDENTIFIER2 As String = "2.5.29.35"
Public Const szOID_SUBJECT_KEY_IDENTIFIER As String = "2.5.29.14"
Public Const szOID_SUBJECT_ALT_NAME2 As String = "2.5.29.17"
Public Const szOID_ISSUER_ALT_NAME2 As String = "2.5.29.18"
Public Const szOID_CRL_REASON_CODE As String = "2.5.29.21"
Public Const szOID_CRL_DIST_POINTS As String = "2.5.29.31"
Public Const szOID_ENHANCED_KEY_USAGE As String = "2.5.29.37"
' Internet Public Key Infrastructure
Public Const szOID_PKIX As String = "1.3.6.1.5.5.7"
Public Const szOID_AUTHORITY_INFO_ACCESS As String = "1.3.6.1.5.5.7.2"
' Microsoft extensions or attributes
Public Const szOID_CERT_EXTENSIONS As String = "1.3.6.1.4.1.311.2.1.14"
Public Const szOID_NEXT_UPDATE_LOCATION As String = "1.3.6.1.4.1.311.10.2"
' Microsoft PKCS #7 ContentType Object Identifiers
Public Const szOID_CTL As String = "1.3.6.1.4.1.311.10.1"
'+-------------------------------------------------------------------------
'--------------------------------------------------------------------------
Public Const szOID_POLICY_MAPPINGS As String = "2.5.29.5"
Public Const szOID_SUBJECT_DIR_ATTRS As String = "2.5.29.9"
'+-------------------------------------------------------------------------
'--------------------------------------------------------------------------
Public Const szOID_PKIX_KP As String = "1.3.6.1.5.5.7.3"
' Consistent key usage bits: DIGITAL_SIGNATURE, KEY_ENCIPHERMENT
' or KEY_AGREEMENT
Public Const szOID_PKIX_KP_SERVER_AUTH As String = "1.3.6.1.5.5.7.3.1"
' Consistent key usage bits: DIGITAL_SIGNATURE
Public Const szOID_PKIX_KP_CLIENT_AUTH As String = "1.3.6.1.5.5.7.3.2"
' Consistent key usage bits: DIGITAL_SIGNATURE
Public Const szOID_PKIX_KP_CODE_SIGNING As String = "1.3.6.1.5.5.7.3.3"
' Consistent key usage bits: DIGITAL_SIGNATURE, NON_REPUDIATION and/or
Public Const szOID_PKIX_KP_EMAIL_PROTECTION As String = "1.3.6.1.5.5.7.3.4"
'+-------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Signer of CTLs
Public Const szOID_KP_CTL_USAGE_SIGNING As String = "1.3.6.1.4.1.311.10.3.1"
'+-------------------------------------------------------------------------
' Microsoft Attribute Object Identifiers
'+-------------------------------------------------------------------------
Public Const szOID_YESNO_TRUST_ATTR As String = "1.3.6.1.4.1.311.10.4.1"
'+-------------------------------------------------------------------------
' X509_CERT
'
' The "to be signed" encoded content plus its signature. The ToBeSigned
' X509_CERT_TO_BE_SIGNED, X509_CERT_CRL_TO_BE_SIGNED or
' X509_CERT_REQUEST_TO_BE_SIGNED.
'
' pvStructInfo points to CERT_SIGNED_CONTENT_INFO.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' X509_CERT_TO_BE_SIGNED
'
' pvStructInfo points to CERT_INFO.
'
'
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' X509_CERT_CRL_TO_BE_SIGNED
'
' pvStructInfo points to CRL_INFO.
'
'
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' X509_CERT_REQUEST_TO_BE_SIGNED
'
' pvStructInfo points to CERT_REQUEST_INFO.
'
'
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' X509_EXTENSIONS
' szOID_CERT_EXTENSIONS
'
' pvStructInfo points to following CERT_EXTENSIONS.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' X509_NAME_VALUE
' X509_ANY_STRING
'
' pvStructInfo points to CERT_NAME_VALUE.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' X509_UNICODE_NAME_VALUE
' X509_UNICODE_ANY_STRING
'
' pvStructInfo points to CERT_NAME_VALUE.
'
' The name values are unicode strings.
'
' For CryptEncodeObject:
' Value.pbData points to the unicode string.
' If Value.cbData = 0, then, the unicode string is NULL terminated.
' Otherwise, Value.cbData is the unicode string byte count. The byte count
' is twice the character count.
'
' If the unicode string contains an invalid character for the specified
' dwValueType, then, *pcbEncoded is updated with the unicode character
' index of the first invalid character. LastError is set to:
' CRYPT_E_INVALID_NUMERIC_STRING, CRYPT_E_INVALID_PRINTABLE_STRING or
' CRYPT_E_INVALID_IA5_STRING.
'
' The unicode string is converted before being encoded according to
' the specified dwValueType. If dwValueType is set to 0, LastError
' is set to E_INVALIDARG.
'
' CERT_RDN_ENCODED_BLOB or CERT_RDN_OCTET_STRING), then, CryptEncodeObject
' will return FALSE with LastError set to CRYPT_E_NOT_CHAR_STRING.
'
' For CryptDecodeObject:
' Value.pbData points to a NULL terminated unicode string. Value.cbData
' contains the byte count of the unicode string excluding the NULL
' terminator. dwValueType contains the type used in the encoded object.
' Its not forced to CERT_RDN_UNICODE_STRING. The encoded value is
' converted to the unicode string according to the dwValueType.
'
' If the encoded object isn't one of the character string types, then,
' CryptDecodeObject will return FALSE with LastError set to
' CRYPT_E_NOT_CHAR_STRING. For a non character string, decode using
' X509_NAME_VALUE or X509_ANY_STRING.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' X509_NAME
'
' pvStructInfo points to CERT_NAME_INFO.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' X509_UNICODE_NAME
'
' pvStructInfo points to CERT_NAME_INFO.
'
' The RDN attribute values are unicode strings except for the dwValueTypes of
' CERT_RDN_ENCODED_BLOB or CERT_RDN_OCTET_STRING. These dwValueTypes are
' the same as for a X509_NAME. Their values aren't converted to/from unicode.
'
' For CryptEncodeObject:
' Value.pbData points to the unicode string.
' If Value.cbData = 0, then, the unicode string is NULL terminated.
' Otherwise, Value.cbData is the unicode string byte count. The byte count
' is twice the character count.
'
' an acceptable dwValueType. If the unicode string contains an
' invalid character for the found or specified dwValueType, then,
' *pcbEncoded is updated with the error location of the invalid character.
' See below for details. LastError is set to:
' CRYPT_E_INVALID_NUMERIC_STRING, CRYPT_E_INVALID_PRINTABLE_STRING or
' CRYPT_E_INVALID_IA5_STRING.
'
' The unicode string is converted before being encoded according to
' the specified or ObjId matching dwValueType.
'
' For CryptDecodeObject:
' Value.pbData points to a NULL terminated unicode string. Value.cbData
' contains the byte count of the unicode string excluding the NULL
' terminator. dwValueType contains the type used in the encoded object.
' Its not forced to CERT_RDN_UNICODE_STRING. The encoded value is
' converted to the unicode string according to the dwValueType.
'
' If the dwValueType of the encoded value isn't a character string
' type, then, it isn't converted to UNICODE. Use the
' that Value.pbData points to a converted unicode string.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Unicode Name Value Error Location Definitions
'
' Error location is returned in *pcbEncoded by
'
' Error location consists of:
' RDN_INDEX - 10 bits << 22
' ATTR_INDEX - 6 bits << 16
'--------------------------------------------------------------------------
Public Const CERT_UNICODE_RDN_ERR_INDEX_MASK As Long = &H3FF
Public Const CERT_UNICODE_RDN_ERR_INDEX_SHIFT As Long = 22
Public Const CERT_UNICODE_ATTR_ERR_INDEX_MASK As Long = &H003F
Public Const CERT_UNICODE_ATTR_ERR_INDEX_SHIFT As Long = 16
Public Const CERT_UNICODE_VALUE_ERR_INDEX_MASK As Long = &H0000FFFF
Public Const CERT_UNICODE_VALUE_ERR_INDEX_SHIFT As Long = 0
'+-------------------------------------------------------------------------
' X509_PUBLIC_KEY_INFO
'
' pvStructInfo points to CERT_PUBLIC_KEY_INFO.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' X509_AUTHORITY_KEY_ID
' szOID_AUTHORITY_KEY_IDENTIFIER
'
' pvStructInfo points to following CERT_AUTHORITY_KEY_ID_INFO.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' X509_KEY_ATTRIBUTES
' szOID_KEY_ATTRIBUTES
'
' pvStructInfo points to following CERT_KEY_ATTRIBUTES_INFO.
'--------------------------------------------------------------------------
Public Const CERT_DIGITAL_SIGNATURE_KEY_USAGE As Long = &H80
Public Const CERT_NON_REPUDIATION_KEY_USAGE As Long = &H40
Public Const CERT_KEY_ENCIPHERMENT_KEY_USAGE As Long = &H20
Public Const CERT_DATA_ENCIPHERMENT_KEY_USAGE As Long = &H10
Public Const CERT_KEY_AGREEMENT_KEY_USAGE As Long = &H08
Public Const CERT_KEY_CERT_SIGN_KEY_USAGE As Long = &H04
Public Const CERT_OFFLINE_CRL_SIGN_KEY_USAGE As Long = &H02
Public Const CERT_CRL_SIGN_KEY_USAGE As Long = &H02
'+-------------------------------------------------------------------------
' X509_KEY_USAGE_RESTRICTION
' szOID_KEY_USAGE_RESTRICTION
'
' pvStructInfo points to following CERT_KEY_USAGE_RESTRICTION_INFO.
'--------------------------------------------------------------------------
' See CERT_KEY_ATTRIBUTES_INFO for definition of the RestrictedKeyUsage bits
'+-------------------------------------------------------------------------
' X509_ALTERNATE_NAME
' szOID_SUBJECT_ALT_NAME
' szOID_ISSUER_ALT_NAME
' szOID_SUBJECT_ALT_NAME2
' szOID_ISSUER_ALT_NAME2
'
' pvStructInfo points to following CERT_ALT_NAME_INFO.
'--------------------------------------------------------------------------
Public Const CERT_ALT_NAME_OTHER_NAME As Long = 1
Public Const CERT_ALT_NAME_RFC822_NAME As Long = 2
Public Const CERT_ALT_NAME_DNS_NAME As Long = 3
Public Const CERT_ALT_NAME_X400_ADDRESS As Long = 4
Public Const CERT_ALT_NAME_DIRECTORY_NAME As Long = 5
Public Const CERT_ALT_NAME_EDI_PARTY_NAME As Long = 6
Public Const CERT_ALT_NAME_URL As Long = 7
Public Const CERT_ALT_NAME_IP_ADDRESS As Long = 8
Public Const CERT_ALT_NAME_REGISTERED_ID As Long = 9
'+-------------------------------------------------------------------------
' Alternate name IA5 Error Location Definitions for
' CRYPT_E_INVALID_IA5_STRING.
'
' Error location is returned in *pcbEncoded by
'
' Error location consists of:
' ENTRY_INDEX - 8 bits << 16
'--------------------------------------------------------------------------
Public Const CERT_ALT_NAME_ENTRY_ERR_INDEX_MASK As Long = &HFF
Public Const CERT_ALT_NAME_ENTRY_ERR_INDEX_SHIFT As Long = 16
Public Const CERT_ALT_NAME_VALUE_ERR_INDEX_MASK As Long = &H0000FFFF
Public Const CERT_ALT_NAME_VALUE_ERR_INDEX_SHIFT As Long = 0
'+-------------------------------------------------------------------------
' X509_BASIC_CONSTRAINTS
' szOID_BASIC_CONSTRAINTS
'
' pvStructInfo points to following CERT_BASIC_CONSTRAINTS_INFO.
'--------------------------------------------------------------------------
Public Const CERT_CA_SUBJECT_FLAG As Long = &H80
Public Const CERT_END_ENTITY_SUBJECT_FLAG As Long = &H40
'+-------------------------------------------------------------------------
' X509_BASIC_CONSTRAINTS2
' szOID_BASIC_CONSTRAINTS2
'
' pvStructInfo points to following CERT_BASIC_CONSTRAINTS2_INFO.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' X509_KEY_USAGE
' szOID_KEY_USAGE
'
' pvStructInfo points to a CRYPT_BIT_BLOB. Has same bit definitions as
' CERT_KEY_ATTRIBUTES_INFO's IntendedKeyUsage.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' X509_CERT_POLICIES
' szOID_CERT_POLICIES
'
' pvStructInfo points to following CERT_POLICIES_INFO.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' RSA_CSP_PUBLICKEYBLOB
'
' pvStructInfo points to a PUBLICKEYSTRUC immediately followed by a
' RSAPUBKEY and the modulus bytes.
'
' CryptExportKey outputs the above StructInfo for a dwBlobType of
' PUBLICKEYBLOB. CryptImportKey expects the above StructInfo when
' importing a public key.
'
' For dwCertEncodingType = X509_ASN_ENCODING, the RSA_CSP_PUBLICKEYBLOB is
' encoded as a PKCS #1 RSAPublicKey consisting of a SEQUENCE of a
' modulus INTEGER and a publicExponent INTEGER. The modulus is encoded
' as being a unsigned integer. When decoded, if the modulus was encoded
' as unsigned integer with a leading 0 byte, the 0 byte is removed before
' converting to the CSP modulus bytes.
'
' For decode, the aiKeyAlg field of PUBLICKEYSTRUC is always set to
' CALG_RSA_KEYX.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' X509_KEYGEN_REQUEST_TO_BE_SIGNED
'
' pvStructInfo points to CERT_KEYGEN_REQUEST_INFO.
'
'
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' PKCS_ATTRIBUTE data structure
'
' pvStructInfo points to a CRYPT_ATTRIBUTE.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' PKCS_CONTENT_INFO_SEQUENCE_OF_ANY data structure
'
' pvStructInfo points to following CRYPT_CONTENT_INFO_SEQUENCE_OF_ANY.
'
' For X509_ASN_ENCODING: encoded as a PKCS#7 ContentInfo structure wrapping
' a sequence of ANY. The value of the contentType field is pszObjId,
' while the content field is the following structure:
' SequenceOfAny ::= SEQUENCE OF ANY
'
' The CRYPT_DER_BLOBs point to the already encoded ANY content.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' PKCS_CONTENT_INFO data structure
'
' pvStructInfo points to following CRYPT_CONTENT_INFO.
'
' For X509_ASN_ENCODING: encoded as a PKCS#7 ContentInfo structure.
' The CRYPT_DER_BLOB points to the already encoded ANY content.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' X509_OCTET_STRING data structure
'
' pvStructInfo points to a CRYPT_DATA_BLOB.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' X509_BITS data structure
'
' pvStructInfo points to a CRYPT_BIT_BLOB.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' X509_INTEGER data structure
'
' pvStructInfo points to an int.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' X509_MULTI_BYTE_INTEGER data structure
'
' pvStructInfo points to a CRYPT_INTEGER_BLOB.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' X509_ENUMERATED data structure
'
' pvStructInfo points to an int containing the enumerated value
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' X509_CHOICE_OF_TIME data structure
'
' pvStructInfo points to a FILETIME.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' X509_SEQUENCE_OF_ANY data structure
'
' pvStructInfo points to following CRYPT_SEQUENCE_OF_ANY.
'
' The CRYPT_DER_BLOBs point to the already encoded ANY content.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' X509_AUTHORITY_KEY_ID2
' szOID_AUTHORITY_KEY_IDENTIFIER2
'
' pvStructInfo points to following CERT_AUTHORITY_KEY_ID2_INFO.
'
' For CRYPT_E_INVALID_IA5_STRING, the error location is returned in
'
' See X509_ALTERNATE_NAME for error location defines.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' szOID_SUBJECT_KEY_IDENTIFIER
'
' pvStructInfo points to a CRYPT_DATA_BLOB.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' X509_CRL_REASON_CODE
' szOID_CRL_REASON_CODE
'
' pvStructInfo points to an int which can be set to one of the following
' enumerated values:
'--------------------------------------------------------------------------
Public Const CRL_REASON_UNSPECIFIED As Long = 0
Public Const CRL_REASON_KEY_COMPROMISE As Long = 1
Public Const CRL_REASON_CA_COMPROMISE As Long = 2
Public Const CRL_REASON_AFFILIATION_CHANGED As Long = 3
Public Const CRL_REASON_SUPERSEDED As Long = 4
Public Const CRL_REASON_CESSATION_OF_OPERATION As Long = 5
Public Const CRL_REASON_CERTIFICATE_HOLD As Long = 6
Public Const CRL_REASON_REMOVE_FROM_CRL As Long = 8
'+-------------------------------------------------------------------------
' X509_CRL_DIST_POINTS
' szOID_CRL_DIST_POINTS
'
' pvStructInfo points to following CRL_DIST_POINTS_INFO.
'
' For CRYPT_E_INVALID_IA5_STRING, the error location is returned in
'
' Error location consists of:
' POINT_INDEX - 7 bits << 24
' ENTRY_INDEX - 8 bits << 16
'
' See X509_ALTERNATE_NAME for ENTRY_INDEX and VALUE_INDEX error location
' defines.
'--------------------------------------------------------------------------
Public Const CRL_DIST_POINT_NO_NAME As Long = 0
Public Const CRL_DIST_POINT_FULL_NAME As Long = 1
Public Const CRL_DIST_POINT_ISSUER_RDN_NAME As Long = 2
Public Const CRL_REASON_UNUSED_FLAG As Long = &H80
Public Const CRL_REASON_KEY_COMPROMISE_FLAG As Long = &H40
Public Const CRL_REASON_CA_COMPROMISE_FLAG As Long = &H20
Public Const CRL_REASON_AFFILIATION_CHANGED_FLAG As Long = &H10
Public Const CRL_REASON_SUPERSEDED_FLAG As Long = &H08
Public Const CRL_REASON_CESSATION_OF_OPERATION_FLAG As Long = &H04
Public Const CRL_REASON_CERTIFICATE_HOLD_FLAG As Long = &H02
Public Const CRL_DIST_POINT_ERR_INDEX_MASK As Long = &H7F
Public Const CRL_DIST_POINT_ERR_INDEX_SHIFT As Long = 24
'+-------------------------------------------------------------------------
' X509_ENHANCED_KEY_USAGE
' szOID_ENHANCED_KEY_USAGE
'
' pvStructInfo points to a CERT_ENHKEY_USAGE, CTL_USAGE.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' szOID_NEXT_UPDATE_LOCATION
'
' pvStructInfo points to a CERT_ALT_NAME_INFO.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' PKCS_CTL
' szOID_CTL
'
' pvStructInfo points to a CTL_INFO.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' PKCS7_SIGNER_INFO
'
' pvStructInfo points to CMSG_SIGNER_INFO.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Netscape Certificate Extension Object Identifiers
'--------------------------------------------------------------------------
Public Const szOID_NETSCAPE As String = "2.16.840.1.113730"
Public Const szOID_NETSCAPE_CERT_EXTENSION As String = "2.16.840.1.113730.1"
Public Const szOID_NETSCAPE_CERT_TYPE As String = "2.16.840.1.113730.1.1"
Public Const szOID_NETSCAPE_BASE_URL As String = "2.16.840.1.113730.1.2"
Public Const szOID_NETSCAPE_REVOCATION_URL As String = "2.16.840.1.113730.1.3"
Public Const szOID_NETSCAPE_CA_REVOCATION_URL As String = "2.16.840.1.113730.1.4"
Public Const szOID_NETSCAPE_CERT_RENEWAL_URL As String = "2.16.840.1.113730.1.7"
Public Const szOID_NETSCAPE_CA_POLICY_URL As String = "2.16.840.1.113730.1.8"
Public Const szOID_NETSCAPE_SSL_SERVER_NAME As String = "2.16.840.1.113730.1.12"
Public Const szOID_NETSCAPE_COMMENT As String = "2.16.840.1.113730.1.13"
'+-------------------------------------------------------------------------
' Netscape Certificate Data Type Object Identifiers
'--------------------------------------------------------------------------
Public Const szOID_NETSCAPE_DATA_TYPE As String = "2.16.840.1.113730.2"
Public Const szOID_NETSCAPE_CERT_SEQUENCE As String = "2.16.840.1.113730.2.5"
'+-------------------------------------------------------------------------
' szOID_NETSCAPE_CERT_TYPE extension
'
' Its value is a bit string. CryptDecodeObject/CryptEncodeObject using
' X509_BITS.
'
' The following bits are defined:
'--------------------------------------------------------------------------
Public Const NETSCAPE_SSL_CLIENT_AUTH_CERT_TYPE As Long = &H80
Public Const NETSCAPE_SSL_SERVER_AUTH_CERT_TYPE As Long = &H40
Public Const NETSCAPE_SSL_CA_CERT_TYPE As Long = &H04
'+-------------------------------------------------------------------------
' szOID_NETSCAPE_BASE_URL extension
'
' Its value is an IA5_STRING. CryptDecodeObject/CryptEncodeObject using
' X509_ANY_STRING or X509_UNICODE_ANY_STRING, where,
' dwValueType = CERT_RDN_IA5_STRING.
'
' When present this string is added to the beginning of all relative URLs
' in the certificate. This extension can be considered an optimization
' to reduce the size of the URL extensions.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' szOID_NETSCAPE_REVOCATION_URL extension
'
' Its value is an IA5_STRING. CryptDecodeObject/CryptEncodeObject using
' X509_ANY_STRING or X509_UNICODE_ANY_STRING, where,
' dwValueType = CERT_RDN_IA5_STRING.
'
' It is a relative or absolute URL that can be used to check the
' revocation status of a certificate. The revocation check will be
' performed as an HTTP GET method using a url that is the concatenation of
' revocation-url and certificate-serial-number.
' Where the certificate-serial-number is encoded as a string of
' ascii hexadecimal digits. For example, if the netscape-base-url is
' https:
' cgi-bin/check-rev.cgi?, and the certificate serial number is 173420,
' the resulting URL would be:
' https:
'
' The server should return a document with a Content-Type of
' application/x-netscape-revocation. The document should contain
' a single ascii digit, '1' if the certificate is not curently valid,
' and '0' if it is curently valid.
'
' Note: for all of the URLs that include the certificate serial number,
' the serial number will be encoded as a string which consists of an even
' number of hexadecimal digits. If the number of significant digits is odd,
' the string will have a single leading zero to ensure an even number of
' digits is generated.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' szOID_NETSCAPE_CA_REVOCATION_URL extension
'
' Its value is an IA5_STRING. CryptDecodeObject/CryptEncodeObject using
' X509_ANY_STRING or X509_UNICODE_ANY_STRING, where,
' dwValueType = CERT_RDN_IA5_STRING.
'
' It is a relative or absolute URL that can be used to check the
' revocation status of any certificates that are signed by the CA that
' this certificate belongs to. This extension is only valid in CA
' certificates. The use of this extension is the same as the above
' szOID_NETSCAPE_REVOCATION_URL extension.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' szOID_NETSCAPE_CERT_RENEWAL_URL extension
'
' Its value is an IA5_STRING. CryptDecodeObject/CryptEncodeObject using
' X509_ANY_STRING or X509_UNICODE_ANY_STRING, where,
' dwValueType = CERT_RDN_IA5_STRING.
'
' It is a relative or absolute URL that points to a certificate renewal
' form. The renewal form will be accessed with an HTTP GET method using a
' url that is the concatenation of renewal-url and
' certificate-serial-number. Where the certificate-serial-number is
' encoded as a string of ascii hexadecimal digits. For example, if the
' netscape-base-url is https:
' netscape-cert-renewal-url is cgi-bin/check-renew.cgi?, and the
' certificate serial number is 173420, the resulting URL would be:
' https:
' The document returned should be an HTML form that will allow the user
' to request a renewal of their certificate.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' szOID_NETSCAPE_CA_POLICY_URL extension
'
' Its value is an IA5_STRING. CryptDecodeObject/CryptEncodeObject using
' X509_ANY_STRING or X509_UNICODE_ANY_STRING, where,
' dwValueType = CERT_RDN_IA5_STRING.
'
' It is a relative or absolute URL that points to a web page that
' describes the policies under which the certificate was issued.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' szOID_NETSCAPE_SSL_SERVER_NAME extension
'
' Its value is an IA5_STRING. CryptDecodeObject/CryptEncodeObject using
' X509_ANY_STRING or X509_UNICODE_ANY_STRING, where,
' dwValueType = CERT_RDN_IA5_STRING.
'
' It is a "shell expression" that can be used to match the hostname of the
' SSL server that is using this certificate. It is recommended that if
' the server's hostname does not match this pattern the user be notified
' and given the option to terminate the SSL connection. If this extension
' is not present then the CommonName in the certificate subject's
' distinguished name is used for the same purpose.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' szOID_NETSCAPE_COMMENT extension
'
' Its value is an IA5_STRING. CryptDecodeObject/CryptEncodeObject using
' X509_ANY_STRING or X509_UNICODE_ANY_STRING, where,
' dwValueType = CERT_RDN_IA5_STRING.
'
' It is a comment that may be displayed to the user when the certificate
' is viewed.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' szOID_NETSCAPE_CERT_SEQUENCE
'
' Its value is a PKCS#7 ContentInfo structure wrapping a sequence of
' certificates. The value of the contentType field is
' szOID_NETSCAPE_CERT_SEQUENCE, while the content field is the following
' structure:
' CertificateSequence ::= SEQUENCE OF Certificate.
'
' CryptDecodeObject/CryptEncodeObject using
' PKCS_CONTENT_INFO_SEQUENCE_OF_ANY, where,
' pszObjId = szOID_NETSCAPE_CERT_SEQUENCE and the CRYPT_DER_BLOBs point
' to encoded X509 certificates.
'--------------------------------------------------------------------------
'+=========================================================================
'==========================================================================
' Predefined OID Function Names
Public Const CRYPT_OID_ENCODE_OBJECT_FUNC As String = "CryptDllEncodeObject"
Public Const CRYPT_OID_DECODE_OBJECT_FUNC As String = "CryptDllDecodeObject"
Public Const CRYPT_OID_CREATE_COM_OBJECT_FUNC As String = "CryptDllCreateCOMObject"
Public Const CRYPT_OID_VERIFY_REVOCATION_FUNC As String = "CertDllVerifyRevocation"
Public Const CRYPT_OID_VERIFY_CTL_USAGE_FUNC As String = "CertDllVerifyCTLUsage"
Public Const CRYPT_OID_FORMAT_OBJECT_FUNC As String = "CryptDllFormatObject"
' CryptDllEncodeObject has same function signature as CryptEncodeObject.
' CryptDllDecodeObject has same function signature as CryptDecodeObject.
' CryptDllCreateCOMObject has the following signature:
' IN DWORD dwEncodingType,
' IN LPCSTR pszOID,
' IN PCRYPT_DATA_BLOB pEncodedContent,
' IN DWORD dwFlags,
' IN REFIID riid,
' OUT void **ppvObj);
' CertDllVerifyRevocation has the same signature as CertVerifyRevocation
' CertDllVerifyCTLUsage has the same signature as CertVerifyCTLUsage
' Example of a complete OID Function Registry Name:
' HKEY_LOCAL_MACHINESoftwareMicrosoftCryptographyOID
' Encoding Type 1CryptDllEncodeObject1.2.3
'
' The key's "Dll" value contains the name of the Dll.
' The key's "FuncName" value overrides the default function name
Public Const CRYPT_OID_REGPATH As String = "Software\Microsoft\Cryptography\OID"
Public Const CRYPT_OID_REG_ENCODING_TYPE_PREFIX As String = "EncodingType "
Public Const CRYPT_OID_REG_DLL_VALUE_NAME As String = "Dll"
Public Const CRYPT_OID_REG_FUNC_NAME_VALUE_NAME As String = "FuncName"
Public Const CRYPT_OID_REG_FUNC_NAME_VALUE_NAME_A As String = "FuncName"
' OID used for Default OID functions
Public Const CRYPT_DEFAULT_OID As String = "DEFAULT"
Public Const CRYPT_INSTALL_OID_FUNC_BEFORE_FLAG As Long = 1
'+-------------------------------------------------------------------------
' Install a set of callable OID function addresses.
'
' By default the functions are installed at end of the list.
' Set CRYPT_INSTALL_OID_FUNC_BEFORE_FLAG to install at beginning of list.
'
' hModule should be updated with the hModule passed to DllMain to prevent
' the Dll containing the function addresses from being unloaded by
' CryptGetOIDFuncAddress/CryptFreeOIDFunctionAddress. This would be the
' case when the Dll has also regsvr32'ed OID functions via
' CryptRegisterOIDFunction.
'
' DEFAULT functions are installed by setting rgFuncEntry[].pszOID =
' CRYPT_DEFAULT_OID.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Initialize and return handle to the OID function set identified by its
' function name.
'
' If the set already exists, a handle to the existing set is returned.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Search the list of installed functions for an encoding type and OID match.
' If not found, search the registry.
'
' For success, returns TRUE with *ppvFuncAddr updated with the function's
' address and *phFuncAddr updated with the function address's handle.
' The function's handle is AddRef'ed. CryptFreeOIDFunctionAddress needs to
' be called to release it.
'
' For a registry match, the Dll containing the function is loaded.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Get the list of registered default Dll entries for the specified
' function set and encoding type.
'
' The returned list consists of none, one or more null terminated Dll file
' For example: "first.dll" L"" L"second.dll" L"" L""
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Either: get the first or next installed DEFAULT function OR
' load the Dll containing the DEFAULT function.
'
' If pwszDll is NULL, search the list of installed DEFAULT functions.
' *phFuncAddr must be set to NULL to get the first installed function.
' Successive installed functions are returned by setting *phFuncAddr
' to the hFuncAddr returned by the previous call.
'
' If pwszDll is NULL, the input *phFuncAddr
' is always CryptFreeOIDFunctionAddress'ed by this function, even for
' an error.
'
' If pwszDll isn't NULL, then, attempts to load the Dll and the DEFAULT
' function. *phFuncAddr is ignored upon entry and isn't
' CryptFreeOIDFunctionAddress'ed.
'
' For success, returns TRUE with *ppvFuncAddr updated with the function's
' address and *phFuncAddr updated with the function address's handle.
' The function's handle is AddRef'ed. CryptFreeOIDFunctionAddress needs to
' be called to release it or CryptGetDefaultOIDFunctionAddress can also
' be called for a NULL pwszDll.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Releases the handle AddRef'ed and returned by CryptGetOIDFunctionAddress
' or CryptGetDefaultOIDFunctionAddress.
'
' If a Dll was loaded for the function its unloaded. However, before doing
' the unload, the DllCanUnloadNow function exported by the loaded Dll is
' called. It should return S_FALSE to inhibit the unload or S_TRUE to enable
' the unload. If the Dll doesn't export DllCanUnloadNow, the Dll is unloaded.
'
' DllCanUnloadNow has the following signature:
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Register the Dll containing the function to be called for the specified
' encoding type, function name and OID.
'
' pwszDll may contain environment-variable strings
'
' In addition to registering the DLL, you may override the
' name of the function to be called. For example,
' pszFuncName = "CryptDllEncodeObject",
' pszOverrideFuncName = "MyEncodeXyz".
' This allows a Dll to export multiple OID functions for the same
' function name without needing to interpose its own OID dispatcher function.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Unregister the Dll containing the function to be called for the specified
' encoding type, function name and OID.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Register the Dll containing the default function to be called for the
' specified encoding type and function name.
'
' Unlike CryptRegisterOIDFunction, you can't override the function name
' needing to be exported by the Dll.
'
' The Dll is inserted before the entry specified by dwIndex.
' dwIndex == 0, inserts at the beginning.
' dwIndex == CRYPT_REGISTER_LAST_INDEX, appends at the end.
'
' pwszDll may contain environment-variable strings
'--------------------------------------------------------------------------
Public Const CRYPT_REGISTER_FIRST_INDEX As Long = 0
Public Const CRYPT_REGISTER_LAST_INDEX As Long = &HFFFFFFFF
'+-------------------------------------------------------------------------
' Unregister the Dll containing the default function to be called for
' the specified encoding type and function name.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Set the value for the specified encoding type, function name, OID and
' value name.
'
' See RegSetValueEx for the possible value types.
'
' String types are UNICODE.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Get the value for the specified encoding type, function name, OID and
' value name.
'
' See RegEnumValue for the possible value types.
'
' String types are UNICODE.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Enumerate the OID functions identified by their encoding type,
' function name and OID.
'
' pfnEnumOIDFunc is called for each registry key matching the input
' parameters. Setting dwEncodingType to CRYPT_MATCH_ANY_ENCODING_TYPE matches
' any. Setting pszFuncName or pszOID to NULL matches any.
'
' Set pszOID == CRYPT_DEFAULT_OID to restrict the enumeration to only the
' DEFAULT functions
'
' String types are UNICODE.
'--------------------------------------------------------------------------
Public Const CRYPT_MATCH_ANY_ENCODING_TYPE As Long = &HFFFFFFFF
'+=========================================================================
' Low Level Cryptographic Message Data Structures and APIs
'==========================================================================
Public Const szOID_PKCS_7_DATA As String = "1.2.840.113549.1.7.1"
Public Const szOID_PKCS_7_SIGNED As String = "1.2.840.113549.1.7.2"
Public Const szOID_PKCS_7_ENVELOPED As String = "1.2.840.113549.1.7.3"
Public Const szOID_PKCS_7_SIGNEDANDENVELOPED As String = "1.2.840.113549.1.7.4"
Public Const szOID_PKCS_7_DIGESTED As String = "1.2.840.113549.1.7.5"
Public Const szOID_PKCS_7_ENCRYPTED As String = "1.2.840.113549.1.7.6"
Public Const szOID_PKCS_9_CONTENT_TYPE As String = "1.2.840.113549.1.9.3"
Public Const szOID_PKCS_9_MESSAGE_DIGEST As String = "1.2.840.113549.1.9.4"
'+-------------------------------------------------------------------------
' Message types
'--------------------------------------------------------------------------
Public Const CMSG_DATA As Long = 1
Public Const CMSG_SIGNED As Long = 2
Public Const CMSG_ENVELOPED As Long = 3
Public Const CMSG_SIGNED_AND_ENVELOPED As Long = 4
Public Const CMSG_HASHED As Long = 5
Public Const CMSG_ENCRYPTED As Long = 6
'+-------------------------------------------------------------------------
' Message Type Bit Flags
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CMSG_DATA: pvMsgEncodeInfo = NULL
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CMSG_SIGNED
'
' The pCertInfo in the CMSG_SIGNER_ENCODE_INFO provides the Issuer, SerialNumber
' and PublicKeyInfo.Algorithm. The PublicKeyInfo.Algorithm implicitly
' specifies the HashEncryptionAlgorithm to be used.
'
' The hCryptProv and dwKeySpec specify the private key to use. If dwKeySpec
' == 0, then, defaults to AT_SIGNATURE.
'
' pvHashAuxInfo currently isn't used and must be set to NULL.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CMSG_ENVELOPED
'
' The PCERT_INFO for the rgRecipients provides the Issuer, SerialNumber
' and PublicKeyInfo. The PublicKeyInfo.Algorithm implicitly
' specifies the KeyEncryptionAlgorithm to be used.
'
' The PublicKeyInfo.PublicKey in PCERT_INFO is used to encrypt the content
' encryption key for the recipient.
'
' hCryptProv is used to do the content encryption, recipient key encryption
' and export. The hCryptProv's private keys aren't used.
'
' Note: CAPI currently doesn't support more than one KeyEncryptionAlgorithm
' per provider. This will need to be fixed.
'
' pvEncryptionAuxInfo currently isn't used and must be set to NULL.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CMSG_SIGNED_AND_ENVELOPED
'
' For PKCS #7, a signed and enveloped message doesn't have the
' signer's authenticated or unauthenticated attributes. Otherwise, a
' combination of the CMSG_SIGNED_ENCODE_INFO and CMSG_ENVELOPED_ENCODE_INFO.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CMSG_HASHED
'
' hCryptProv is used to do the hash. Doesn't need to use a private key.
'
' If fDetachedHash is set, then, the encoded message doesn't contain
'
' pvHashAuxInfo currently isn't used and must be set to NULL.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CMSG_ENCRYPTED
'
' The key used to encrypt the message is identified outside of the message
'
' The content input to CryptMsgUpdate has already been encrypted.
'
' pvEncryptionAuxInfo currently isn't used and must be set to NULL.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' This parameter allows messages to be of variable length with streamed
' output.
'
' By default, messages are of a definite length and
' called to get the cryptographically processed content. Until closed,
' the handle keeps a copy of the processed content.
'
' With streamed output, the processed content can be freed as its streamed.
'
' If the length of the content to be updated is known at the time of the
' open, then, ContentLength should be set to that length. Otherwise, it
' should be set to CMSG_INDEFINITE_LENGTH.
'--------------------------------------------------------------------------
Public Const CMSG_INDEFINITE_LENGTH As Long = &HFFFFFFFF
'+-------------------------------------------------------------------------
' Open dwFlags
'--------------------------------------------------------------------------
Public Const CMSG_BARE_CONTENT_FLAG As Long = &H00000001
Public Const CMSG_LENGTH_ONLY_FLAG As Long = &H00000002
Public Const CMSG_DETACHED_FLAG As Long = &H00000004
Public Const CMSG_AUTHENTICATED_ATTRIBUTES_FLAG As Long = &H00000008
Public Const CMSG_CONTENTS_OCTETS_FLAG As Long = &H00000010
'+-------------------------------------------------------------------------
' Open a cryptographic message for encoding
'
' For PKCS #7:
' If the content to be passed to CryptMsgUpdate has already
' from another message encode), then, the CMSG_ENCODED_CONTENT_INFO_FLAG should
' be set in dwFlags. If not set, then, the inner ContentType is Data and
' the input to CryptMsgUpdate is treated as the inner Data type's Content,
' a string of bytes.
' If CMSG_BARE_CONTENT_FLAG is specified for a streamed message,
' the streamed output will not have an outer ContentInfo wrapper. This
' makes it suitable to be streamed into an enclosing message.
'
' The pStreamInfo parameter needs to be set to stream the encoded message
' output.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Calculate the length of an encoded cryptographic message.
'
' Calculates the length of the encoded message given the
' message type, encoding parameters and total length of
' the data to be updated. Note, this might not be the exact length. However,
' it will always be greater than or equal to the actual length.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Open a cryptographic message for decoding
'
' BUGBUG! These comments need to be changed
' For PKCS #7: if the inner ContentType isn't Data, then, the inner
' ContentInfo consisting of both ContentType and Content is output.
' To also enable ContentInfo output for the Data ContentType, then,
' the CMSG_ENCODED_CONTENT_INFO_FLAG should be set
' in dwFlags. If not set, then, only the content portion of the inner
' ContentInfo is output for the Data ContentType.
'
' To only calculate the length of the decoded message, set the
' CMSG_LENGTH_ONLY_FLAG in dwFlags. After the final CryptMsgUpdate get the
' MSG_CONTENT_PARAM. Note, this might not be the exact length. However,
' it will always be greater than or equal to the actual length.
'
' hCryptProv specifies the crypto provider to use for hashing and/or
' decrypting the message. For enveloped messages, hCryptProv also specifies
' the private exchange key to use. For signed messages, hCryptProv is used
' when CryptMsgVerifySigner is called.
'
' For enveloped messages, the pRecipientInfo contains the Issuer and
' SerialNumber identifying the RecipientInfo in the message.
'
' Note, the pRecipientInfo should correspond to the provider's private
' exchange key.
'
' If pRecipientInfo is NULL, then, the message isn't decrypted. To decrypt
' CryptMsgUpdate.
'
' The pStreamInfo parameter needs to be set to stream the decoded content
' output. Note, if pRecipientInfo is NULL, then, the streamed output isn't
' decrypted.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Close a cryptographic message handle
'
' LastError is preserved unless FALSE is returned.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Update the content of a cryptographic message. Depending on how the
' message was opened, the content is either encoded or decoded.
'
' This function is repetitively called to append to the message content.
' fFinal is set to identify the last update. On fFinal, the encode/decode
' is completed. The encoded/decoded content and the decoded parameters
' are valid until the open and all duplicated handles are closed.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Perform a special "control" function after the final CryptMsgUpdate of a
' encoded/decoded cryptographic message.
'
' The dwCtrlType parameter specifies the type of operation to be performed.
'
' The pvCtrlPara definition depends on the dwCtrlType value.
'
' See below for a list of the control operations and their pvCtrlPara
' type definition.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Message control types
'--------------------------------------------------------------------------
Public Const CMSG_CTRL_VERIFY_SIGNATURE As Long = 1
Public Const CMSG_CTRL_DECRYPT As Long = 2
Public Const CMSG_CTRL_VERIFY_HASH As Long = 5
Public Const CMSG_CTRL_ADD_SIGNER As Long = 6
Public Const CMSG_CTRL_DEL_SIGNER As Long = 7
Public Const CMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR As Long = 8
Public Const CMSG_CTRL_DEL_SIGNER_UNAUTH_ATTR As Long = 9
Public Const CMSG_CTRL_ADD_CERT As Long = 10
Public Const CMSG_CTRL_DEL_CERT As Long = 11
Public Const CMSG_CTRL_ADD_CRL As Long = 12
Public Const CMSG_CTRL_DEL_CRL As Long = 13
'+-------------------------------------------------------------------------
' CMSG_CTRL_VERIFY_SIGNATURE
'
' Verify the signature of a SIGNED or SIGNED_AND_ENVELOPED
' message after it has been decoded.
'
' For a SIGNED_AND_ENVELOPED message, called after
' with a NULL pRecipientInfo.
'
' pvCtrlPara points to a CERT_INFO struct.
'
' The CERT_INFO contains the Issuer and SerialNumber identifying
' the Signer of the message. The CERT_INFO also contains the
' PublicKeyInfo
' used to verify the signature. The cryptographic provider specified
' in CryptMsgOpenToDecode is used.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CMSG_CTRL_DECRYPT
'
' Decrypt an ENVELOPED or SIGNED_AND_ENVELOPED message after it has been
' decoded.
'
' hCryptProv and dwKeySpec specify the private key to use. For dwKeySpec ==
' 0, defaults to AT_KEYEXCHANGE.
'
' dwRecipientIndex is the index of the recipient in the message associated
' with the hCryptProv's private key.
'
' This control function needs to be called, if you don't know the appropriate
' recipient before calling CryptMsgOpenToDecode. After the final
' CryptMsgUpdate, the list of recipients is obtained by iterating through
' CMSG_RECIPIENT_INFO_PARAM. The recipient corresponding to a private
' key owned by the caller is selected and passed to this function to decrypt
' the message.
'
' Note, the message can only be decrypted once.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CMSG_CTRL_VERIFY_HASH
'
' Verify the hash of a HASHED message after it has been decoded.
'
' Only the hCryptMsg parameter is used, to specify the message whose
' hash is being verified.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CMSG_CTRL_ADD_SIGNER
'
' Add a signer to a signed-data or signed-and-enveloped-data message.
'
' pvCtrlPara points to a CMSG_SIGNER_ENCODE_INFO.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CMSG_CTRL_DEL_SIGNER
'
' Remove a signer from a signed-data or signed-and-enveloped-data message.
'
' pvCtrlPara points to a DWORD containing the 0-based index of the
' signer to be removed.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR
'
' Add an unauthenticated attribute to the SignerInfo of a signed-data or
' signed-and-enveloped-data message.
'
' The unauthenticated attribute is input in the form of an encoded blob.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CMSG_CTRL_DEL_SIGNER_UNAUTH_ATTR
'
' Delete an unauthenticated attribute from the SignerInfo of a signed-data
' or signed-and-enveloped-data message.
'
' The unauthenticated attribute to be removed is specified by
' a 0-based index.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CMSG_CTRL_ADD_CERT
'
' Add a certificate to a signed-data or signed-and-enveloped-data message.
'
' pvCtrlPara points to a CRYPT_DATA_BLOB containing the certificate's
' encoded bytes.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CMSG_CTRL_DEL_CERT
'
' Delete a certificate from a signed-data or signed-and-enveloped-data
' message.
'
' pvCtrlPara points to a DWORD containing the 0-based index of the
' certificate to be removed.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CMSG_CTRL_ADD_CRL
'
' Add a CRL to a signed-data or signed-and-enveloped-data message.
'
' pvCtrlPara points to a CRYPT_DATA_BLOB containing the CRL's
' encoded bytes.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CMSG_CTRL_DEL_CRL
'
' Delete a CRL from a signed-data or signed-and-enveloped-data message.
'
' pvCtrlPara points to a DWORD containing the 0-based index of the CRL
' to be removed.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Verify a countersignature, at the SignerInfo level.
' ie. verify that pbSignerInfoCountersignature contains the encrypted
' hash of the encryptedDigest field of pbSignerInfo.
'
' hCryptProv is used to hash the encryptedDigest field of pbSignerInfo.
' The only fields referenced from pciCountersigner are SerialNumber, Issuer,
' and SubjectPublicKeyInfo.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Countersign an already-existing signature in a message
'
' dwIndex is a zero-based index of the SignerInfo to be countersigned.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Output an encoded SignerInfo blob, suitable for use as a countersignature
' attribute in the unauthenticated attributes of a signed-data or
' signed-and-enveloped-data message.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Get a parameter after encoding/decoding a cryptographic message. Called
' after the final CryptMsgUpdate. Only the CMSG_CONTENT_PARAM and
' CMSG_COMPUTED_HASH_PARAM are valid for an encoded message.
'
' For an encoded HASHED message, the CMSG_COMPUTED_HASH_PARAM can be got
' before any CryptMsgUpdates to get its length.
'
' The pvData type definition depends on the dwParamType value.
'
' Elements pointed to by fields in the pvData structure follow the
' structure. Therefore, *pcbData may exceed the size of the structure.
'
' Upon input, if *pcbData == 0, then, *pcbData is updated with the length
' of the data and the pvData parameter is ignored.
'
' Upon return, *pcbData is updated with the length of the data.
'
' The OBJID BLOBs returned in the pvData structures point to
' their still encoded representation. The appropriate functions
' must be called to decode the information.
'
' See below for a list of the parameters to get.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Get parameter types and their corresponding data structure definitions.
'--------------------------------------------------------------------------
Public Const CMSG_TYPE_PARAM As Long = 1
Public Const CMSG_CONTENT_PARAM As Long = 2
Public Const CMSG_BARE_CONTENT_PARAM As Long = 3
Public Const CMSG_INNER_CONTENT_TYPE_PARAM As Long = 4
Public Const CMSG_SIGNER_COUNT_PARAM As Long = 5
Public Const CMSG_SIGNER_INFO_PARAM As Long = 6
Public Const CMSG_SIGNER_CERT_INFO_PARAM As Long = 7
Public Const CMSG_SIGNER_HASH_ALGORITHM_PARAM As Long = 8
Public Const CMSG_SIGNER_AUTH_ATTR_PARAM As Long = 9
Public Const CMSG_SIGNER_UNAUTH_ATTR_PARAM As Long = 10
Public Const CMSG_CERT_COUNT_PARAM As Long = 11
Public Const CMSG_CERT_PARAM As Long = 12
Public Const CMSG_CRL_COUNT_PARAM As Long = 13
Public Const CMSG_CRL_PARAM As Long = 14
Public Const CMSG_ENVELOPE_ALGORITHM_PARAM As Long = 15
Public Const CMSG_RECIPIENT_COUNT_PARAM As Long = 17
Public Const CMSG_RECIPIENT_INDEX_PARAM As Long = 18
Public Const CMSG_RECIPIENT_INFO_PARAM As Long = 19
Public Const CMSG_HASH_ALGORITHM_PARAM As Long = 20
Public Const CMSG_HASH_DATA_PARAM As Long = 21
Public Const CMSG_COMPUTED_HASH_PARAM As Long = 22
Public Const CMSG_ENCRYPT_PARAM As Long = 26
Public Const CMSG_ENCRYPTED_DIGEST As Long = 27
Public Const CMSG_ENCODED_SIGNER As Long = 28
Public Const CMSG_ENCODED_MESSAGE As Long = 29
'+-------------------------------------------------------------------------
' CMSG_TYPE_PARAM
'
' The type of the decoded message.
'
' pvData points to a DWORD
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CMSG_CONTENT_PARAM
'
' The encoded content of a cryptographic message. Depending on how the
' message was opened, the content is either the whole PKCS#7
' In the decode case, the decrypted content is returned, if enveloped.
' If not enveloped, and if the inner content is of type DATA, the returned
' data is the contents octets of the inner content.
'
' pvData points to the buffer receiving the content bytes
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CMSG_BARE_CONTENT_PARAM
'
' The encoded content of an encoded cryptographic message, without the
' outer layer of ContentInfo. That is, only the encoding of the
' ContentInfo.content field is returned.
'
' pvData points to the buffer receiving the content bytes
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CMSG_INNER_CONTENT_TYPE_PARAM
'
' The type of the inner content of a decoded cryptographic message,
' in the form of a NULL-terminated object identifier string
'
' pvData points to the buffer receiving the object identifier string
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CMSG_SIGNER_COUNT_PARAM
'
' Count of signers in a SIGNED or SIGNED_AND_ENVELOPED message
'
' pvData points to a DWORD
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CMSG_SIGNER_CERT_INFO_PARAM
'
' To get all the signers, repetitively call CryptMsgGetParam, with
' dwIndex set to 0 .. SignerCount - 1.
'
' pvData points to a CERT_INFO struct.
'
' Only the following fields have been updated in the CERT_INFO struct:
' Issuer and SerialNumber.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CMSG_SIGNER_INFO_PARAM
'
' To get all the signers, repetitively call CryptMsgGetParam, with
' dwIndex set to 0 .. SignerCount - 1.
'
' pvData points to a CMSG_SIGNER_INFO struct.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CMSG_SIGNER_HASH_ALGORITHM_PARAM
'
' This parameter specifies the HashAlgorithm that was used for the signer.
'
' Set dwIndex to iterate through all the signers.
'
' pvData points to an CRYPT_ALGORITHM_IDENTIFIER struct.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CMSG_SIGNER_AUTH_ATTR_PARAM
'
' The authenticated attributes for the signer.
'
' Set dwIndex to iterate through all the signers.
'
' pvData points to a CMSG_ATTR struct.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CMSG_SIGNER_UNAUTH_ATTR_PARAM
'
' The unauthenticated attributes for the signer.
'
' Set dwIndex to iterate through all the signers.
'
' pvData points to a CMSG_ATTR struct.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CMSG_CERT_COUNT_PARAM
'
' Count of certificates in a SIGNED or SIGNED_AND_ENVELOPED message.
'
' pvData points to a DWORD
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CMSG_CERT_PARAM
'
' To get all the certificates, repetitively call CryptMsgGetParam, with
' dwIndex set to 0 .. CertCount - 1.
'
' pvData points to an array of the certificate's encoded bytes.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CMSG_CRL_COUNT_PARAM
'
' Count of CRLs in a SIGNED or SIGNED_AND_ENVELOPED message.
'
' pvData points to a DWORD
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CMSG_CRL_PARAM
'
' To get all the CRLs, repetitively call CryptMsgGetParam, with
' dwIndex set to 0 .. CrlCount - 1.
'
' pvData points to an array of the CRL's encoded bytes.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CMSG_ENVELOPE_ALGORITHM_PARAM
'
' The ContentEncryptionAlgorithm that was used in
' an ENVELOPED or SIGNED_AND_ENVELOPED message.
'
' pvData points to an CRYPT_ALGORITHM_IDENTIFIER struct.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CMSG_RECIPIENT_COUNT_PARAM
'
' Count of recipients in an ENVELOPED or SIGNED_AND_ENVELOPED message.
'
' pvData points to a DWORD
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CMSG_RECIPIENT_INDEX_PARAM
'
' Index of the recipient used to decrypt an ENVELOPED or SIGNED_AND_ENVELOPED
' message.
'
' pvData points to a DWORD
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CMSG_RECIPIENT_INFO_PARAM
'
' To get all the recipients, repetitively call CryptMsgGetParam, with
' dwIndex set to 0 .. RecipientCount - 1.
'
' pvData points to a CERT_INFO struct.
'
' Only the following fields have been updated in the CERT_INFO struct:
' Issuer, SerialNumber and PublicKeyAlgorithm. The PublicKeyAlgorithm
' specifies the KeyEncryptionAlgorithm that was used.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CMSG_HASH_ALGORITHM_PARAM
'
' The HashAlgorithm in a HASHED message.
'
' pvData points to an CRYPT_ALGORITHM_IDENTIFIER struct.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CMSG_HASH_DATA_PARAM
'
' The hash in a HASHED message.
'
' pvData points to an array of bytes.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CMSG_COMPUTED_HASH_PARAM
'
' The computed hash for a HASHED message.
'
' This may be called for either an encoded or decoded message.
' It also may be called before any encoded CryptMsgUpdates to get its length.
'
' pvData points to an array of bytes.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CMSG_ENCRYPT_PARAM
'
' The ContentEncryptionAlgorithm that was used in an ENCRYPTED message.
'
' pvData points to an CRYPT_ALGORITHM_IDENTIFIER struct.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CMSG_ENCODED_MESSAGE
'
' The full encoded message. This is useful in the case of a decoded
' signed-and-enveloped-data message which has been countersigned).
'
' pvData points to an array of the message's encoded bytes.
'--------------------------------------------------------------------------
'+=========================================================================
' Certificate Store Data Structures and APIs
'==========================================================================
'+-------------------------------------------------------------------------
' In its most basic implementation, a cert store is simply a
' collection of certificates and/or CRLs. This is the case when
' a cert store is opened with all of its certificates and CRLs
' coming from a PKCS #7 encoded cryptographic message.
'
' Nonetheless, all cert stores have the following properties:
' - A public key may have more than one certificate in the store.
' For example, a private/public key used for signing may have a
' certificate issued for VISA and another issued for
' Mastercard. Also, when a certificate is renewed there might
' be more than one certificate with the same subject and
' issuer.
' - However, each certificate in the store is uniquely
' identified by its Issuer and SerialNumber.
' - There's an issuer of subject certificate relationship. A
' certificate's issuer is found by doing a match of
' pSubjectCert->Issuer with pIssuerCert->Subject.
' The relationship is verified by using
' the issuer's public key to verify the subject certificate's
' signature. Note, there might be X.509 v3 extensions
' to assist in finding the issuer certificate.
' - Since issuer certificates might be renewed, a subject
' certificate might have more than one issuer certificate.
' - There's an issuer of CRL relationship. An
' issuer's CRL is found by doing a match of
' pIssuerCert->Subject with pCrl->Issuer.
' The relationship is verified by using
' the issuer's public key to verify the CRL's
' signature. Note, there might be X.509 v3 extensions
' to assist in finding the CRL.
' - Since some issuers might support the X.509 v3 delta CRL
' extensions, an issuer might have more than one CRL.
' - The store shouldn't have any redundant certificates or
' CRLs. There shouldn't be two certificates with the same
' Issuer and SerialNumber. There shouldn't be two CRLs with
' the same Issuer, ThisUpdate and NextUpdate.
' - The store has NO policy or trust information. No
' certificates are tagged as being "root". Its up to
' SerialNumber) for certificates it trusts.
' - The store might contain bad certificates and/or CRLs.
' The issuer's signature of a subject certificate or CRL may
' not verify. Certificates or CRLs may not satisfy their
' time validity requirements. Certificates may be
' revoked.
'
' In addition to the certificates and CRLs, properties can be
' stored. There are two predefined property IDs for a user
' certificate: CERT_KEY_PROV_HANDLE_PROP_ID and
' CERT_KEY_PROV_INFO_PROP_ID. The CERT_KEY_PROV_HANDLE_PROP_ID
' is a HCRYPTPROV handle to the private key assoicated
' with the certificate. The CERT_KEY_PROV_INFO_PROP_ID contains
' information to be used to call
' CryptAcquireContext and CryptProvSetParam to get a handle
' to the private key associated with the certificate.
'
' There exists two more predefined property IDs for certificates
' and CRLs, CERT_SHA1_HASH_PROP_ID and CERT_MD5_HASH_PROP_ID.
' If these properties don't already exist, then, a hash of the
' hash algorithm, currently, CERT_SHA1_HASH_PROP_ID).
'
' There are additional APIs for creating certificate and CRL
' CertCreateCRLContext).
'
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Certificate context.
'
' A certificate context contains both the encoded and decoded representation
' of a certificate. A certificate context returned by a cert store function
' must be freed by calling the CertFreeCertificateContext function. The
' CertDuplicateCertificateContext function can be called to make a duplicate
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' CRL context.
'
' A CRL context contains both the encoded and decoded representation
' of a CRL. A CRL context returned by a cert store function
' must be freed by calling the CertFreeCRLContext function. The
' CertDuplicateCRLContext function can be called to make a duplicate
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
'
' A CTL context contains both the encoded and decoded representation
' of a CTL. Also contains an opened HCRYPTMSG handle to the decoded
' cryptographic signed message containing the CTL_INFO as its inner content.
' pbCtlContent is the encoded inner content of the signed message.
'
' The CryptMsg APIs can be used to extract additional signer information.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Certificate, CRL and CTL property IDs
'
' See CertSetCertificateContextProperty or CertGetCertificateContextProperty
' for usage information.
'--------------------------------------------------------------------------
Public Const CERT_KEY_PROV_HANDLE_PROP_ID As Long = 1
Public Const CERT_KEY_PROV_INFO_PROP_ID As Long = 2
Public Const CERT_SHA1_HASH_PROP_ID As Long = 3
Public Const CERT_MD5_HASH_PROP_ID As Long = 4
Public Const CERT_KEY_CONTEXT_PROP_ID As Long = 5
Public Const CERT_KEY_SPEC_PROP_ID As Long = 6
Public Const CERT_IE30_RESERVED_PROP_ID As Long = 7
Public Const CERT_PUBKEY_HASH_RESERVED_PROP_ID As Long = 8
Public Const CERT_ENHKEY_USAGE_PROP_ID As Long = 9
Public Const CERT_NEXT_UPDATE_LOCATION_PROP_ID As Long = 10
Public Const CERT_FRIENDLY_NAME_PROP_ID As Long = 11
' Note, 32 - 34 are reserved for the CERT, CRL and CTL file element IDs.
Public Const CERT_FIRST_RESERVED_PROP_ID As Long = 12
Public Const CERT_LAST_RESERVED_PROP_ID As Long = &H00007FFF
Public Const CERT_FIRST_USER_PROP_ID As Long = &H00008000
Public Const CERT_LAST_USER_PROP_ID As Long = &H0000FFFF
'+-------------------------------------------------------------------------
' Cryptographic Key Provider Information
'
' CRYPT_KEY_PROV_INFO defines the CERT_KEY_PROV_INFO_PROP_ID's pvData.
'
' The CRYPT_KEY_PROV_INFO fields are passed to CryptAcquireContext
' to get a HCRYPTPROV handle. The optional CRYPT_KEY_PROV_PARAM fields are
' passed to CryptProvSetParam to further initialize the provider.
'
' The dwKeySpec field identifies the private key to use from the container
' For example, AT_KEYEXCHANGE or AT_SIGNATURE.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' The following flag should be set in the above dwFlags to enable
' CryptAcquireContext is done in the Sign or Decrypt Message functions.
'
' The following define must not collide with any of the
' CryptAcquireContext dwFlag defines.
'--------------------------------------------------------------------------
Public Const CERT_SET_KEY_PROV_HANDLE_PROP_ID As Long = &H00000001
Public Const CERT_SET_KEY_CONTEXT_PROP_ID As Long = &H00000001
'+-------------------------------------------------------------------------
' Certificate Key Context
'
' CERT_KEY_CONTEXT defines the CERT_KEY_CONTEXT_PROP_ID's pvData.
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Certificate Store Provider Types
'--------------------------------------------------------------------------
Public Const sz_CERT_STORE_PROV_MEMORY As String = "Memory"
Public Const sz_CERT_STORE_PROV_FILENAME_W As String = "File"
Public Const sz_CERT_STORE_PROV_SYSTEM_W As String = "System"
Public Const sz_CERT_STORE_PROV_PKCS7 As String = "PKCS7"
Public Const sz_CERT_STORE_PROV_SERIALIZED As String = "Serialized"
'+-------------------------------------------------------------------------
' Certificate Store verify/results flags
'--------------------------------------------------------------------------
Public Const CERT_STORE_SIGNATURE_FLAG As Long = &H00000001
Public Const CERT_STORE_TIME_VALIDITY_FLAG As Long = &H00000002
Public Const CERT_STORE_REVOCATION_FLAG As Long = &H00000004
Public Const CERT_STORE_NO_CRL_FLAG As Long = &H00010000
Public Const CERT_STORE_NO_ISSUER_FLAG As Long = &H00020000
'+-------------------------------------------------------------------------
' Certificate Store open/property flags
'--------------------------------------------------------------------------
Public Const CERT_STORE_NO_CRYPT_RELEASE_FLAG As Long = &H00000001
Public Const CERT_STORE_READONLY_FLAG As Long = &H00008000
'+-------------------------------------------------------------------------
' Certificate Store Provider flags are in the HiWord 0xFFFF0000
'--------------------------------------------------------------------------
'+-------------------------------------------------------------------------
' Certificate System Store Flag Values
'--------------------------------------------------------------------------
' Location of the system store in the registry:
' HKEY_CURRENT_USER or HKEY_LOCAL_MACHINE
Public Const CERT_SYSTEM_STORE_LOCATION_MASK As Long = &H00030000
Public Const CERT_SYSTEM_STORE_CURRENT_USER As Long = &H00010000
Public Const CERT_SYSTEM_STORE_LOCAL_MACHINE As Long = &H00020000
'+-------------------------------------------------------------------------
' Open the cert store using the specified store provider.
'
' hCryptProv specifies the crypto provider to use to create the hash
' properties or verify the signature of a subject certificate or CRL.
' The store doesn't need to use a private
' key. If the CERT_STORE_NO_CRYPT_RELEASE_FLAG isn't set, hCryptProv is
' CryptReleaseContext'ed on the final CertCloseStore.
'
' Note, if the open fails, hCryptProv is released if it would have been
' released when the store was closed.
'
' If hCryptProv is zero, then, the default provider and container for the
' PROV_RSA_FULL provider type is CryptAcquireContext'ed with
' CRYPT_VERIFYCONTEXT access. The CryptAcquireContext is deferred until
' the first create hash or verify signature. In addition, once acquired,
' the default provider isn't released until process exit when crypt32.dll
' is unloaded. The acquired default provider is shared across all stores
' and threads.
'
' After initializing the store's data structures and optionally acquiring a
' default crypt provider, CertOpenStore calls CryptGetOIDFunctionAddress to
' get the address of the CRYPT_OID_OPEN_STORE_PROV_FUNC specified by
' lpszStoreProvider. Since a store can contain certificates with different
' encoding types, CryptGetOIDFunctionAddress is called with dwEncodingType
' set to 0 and not the dwEncodingType passed to CertOpenStore.
' PFN_CERT_DLL_OPEN_STORE_FUNC specifies the signature of the provider's
' open function. This provider open function is called to load the
' store's certificates and CRLs. Optionally, the provider may return an
' array of functions called before a certificate or CRL is added or deleted
' or has a property that is set.
'
' Use of the dwEncodingType parameter is provider dependent. The type
' definition for pvPara also depends on the provider.
'
' Store providers are installed or registered via
' CryptInstallOIDFunctionAddress or CryptRegisterOIDFunction, where,
' dwEncodingType is 0 and pszFuncName is CRYPT_OID_OPEN_STORE_PROV_FUNC.
'
'
' CERT_STORE_PROV_MSG:
' Gets the certificates and CRLs from the specified cryptographic message.
' dwEncodingType contains the message and certificate encoding types.
' The message's handle is passed in pvPara. Given,
'
' CERT_STORE_PROV_MEMORY
' sz_CERT_STORE_PROV_MEMORY:
' Opens a store without any initial certificates or CRLs. pvPara
' isn't used.
'
' CERT_STORE_PROV_FILE:
' Reads the certificates and CRLs from the specified file. The file's
' handle is passed in pvPara. Given,
'
' For a successful open, the file pointer is advanced past
' the certificates and CRLs and their properties read from the file.
' Note, only expects a serialized store and not a file containing
' either a PKCS #7 signed message or a single encoded certificate.
'
' The hFile isn't closed.
'
' CERT_STORE_PROV_REG:
' Reads the certificates and CRLs from the registry. The registry's
' key handle is passed in pvPara. Given,
'
' The input hKey isn't closed by the provider. Before returning, the
' provider opens/creates "Certificates" and "CRLs" subkeys. These
' subkeys remain open until the store is closed.
'
' If CERT_STORE_READONLY_FLAG is set, then, the registry subkeys are
' RegOpenKey'ed with KEY_READ_ACCESS. Otherwise, the registry subkeys
' are RegCreateKey'ed with KEY_ALL_ACCESS.
'
' This provider returns the array of functions for reading, writing,
' deleting and property setting certificates and CRLs.
' Any changes to the opened store are immediately pushed through to
' the registry. However, if CERT_STORE_READONLY_FLAG is set, then,
' writing, deleting or property setting results in a
'
' Note, all the certificates and CRLs are read from the registry
' when the store is opened. The opened store serves as a write through
' cache. However, the opened store isn't notified of other changes
' made to the registry. Note, RegNotifyChangeKeyValue is supported
' on NT but not supported on Windows95.
'
' CERT_STORE_PROV_PKCS7:
' sz_CERT_STORE_PROV_PKCS7:
' Gets the certificates and CRLs from the encoded PKCS #7 signed message.
' dwEncodingType specifies the message and certificate encoding types.
' The pointer to the encoded message's blob is passed in pvPara. Given,
'
' Note, also supports the IE3.0 special version of a
' PKCS #7 signed message referred to as a "SPC" formatted message.
'
' CERT_STORE_PROV_SERIALIZED:
' sz_CERT_STORE_PROV_SERIALIZED:
' Gets the certificates and CRLs from memory containing a serialized