Windows编程

开发平台：

Delphi

JwaWinCrypt.pas：源码内容

// The following flag is applicable when encoding X509_UNICODE_NAME.
// When set, CERT_RDN_UTF8_STRING is selected instead of
// CERT_RDN_UNICODE_STRING.
CRYPT_UNICODE_NAME_ENCODE_ENABLE_UTF8_UNICODE_FLAG = CERT_RDN_ENABLE_UTF8_UNICODE_FLAG;
{$EXTERNALSYM CRYPT_UNICODE_NAME_ENCODE_ENABLE_UTF8_UNICODE_FLAG}
// The following flag is applicable when encoding X509_UNICODE_NAME,
// X509_UNICODE_NAME_VALUE or X509_UNICODE_ANY_STRING.
// When set, the characters aren't checked to see if they
// are valid for the specified Value Type.
CRYPT_UNICODE_NAME_ENCODE_DISABLE_CHECK_TYPE_FLAG = CERT_RDN_DISABLE_CHECK_TYPE_FLAG;
{$EXTERNALSYM CRYPT_UNICODE_NAME_ENCODE_DISABLE_CHECK_TYPE_FLAG}
// The following flag is applicable when encoding the PKCS_SORTED_CTL. This
// flag should be set if the identifier for the TrustedSubjects is a hash,
// such as, MD5 or SHA1.
CRYPT_SORTED_CTL_ENCODE_HASHED_SUBJECT_IDENTIFIER_FLAG = $10000;
{$EXTERNALSYM CRYPT_SORTED_CTL_ENCODE_HASHED_SUBJECT_IDENTIFIER_FLAG}
type
PCRYPT_DECODE_PARA = ^CRYPT_DECODE_PARA;
{$EXTERNALSYM PCRYPT_DECODE_PARA}
_CRYPT_DECODE_PARA = record
cbSize: DWORD;
pfnAlloc: PFN_CRYPT_ALLOC; // OPTIONAL
pfnFree: PFN_CRYPT_FREE; // OPTIONAL
end;
{$EXTERNALSYM _CRYPT_DECODE_PARA}
CRYPT_DECODE_PARA = _CRYPT_DECODE_PARA;
{$EXTERNALSYM CRYPT_DECODE_PARA}
TCryptDecodePara = CRYPT_DECODE_PARA;
PCryptDecodePara = PCRYPT_DECODE_PARA;
function CryptDecodeObjectEx(dwCertEncodingType: DWORD; lpszStructType: LPCSTR;
pbEncoded: Pointer; cbEncoded, dwFlags: DWORD; pDecodePara: PCRYPT_DECODE_PARA;
pvStructInfo: Pointer; var pcbStructInfo: DWORD): BOOL; stdcall;
{$EXTERNALSYM CryptDecodeObjectEx}
function CryptDecodeObject(dwCertEncodingType: DWORD; lpszStructType: LPCSTR;
pbEncoded: LPBYTE; cbEncoded, dwFlags: DWORD; pvStructInfo: Pointer;
var pcbStructInfo: DWORD): BOOL; stdcall;
{$EXTERNALSYM CryptDecodeObject}
// When the following flag is set the nocopy optimization is enabled.
// This optimization where appropriate, updates the pvStructInfo fields
// to point to content residing within pbEncoded instead of making a copy
// of and appending to pvStructInfo.
//
// Note, when set, pbEncoded can't be freed until pvStructInfo is freed.
const
CRYPT_DECODE_NOCOPY_FLAG = $1;
{$EXTERNALSYM CRYPT_DECODE_NOCOPY_FLAG}
// For CryptDecodeObject(), by default the pbEncoded is the "to be signed"
// plus its signature. Set the following flag, if pbEncoded points to only
// the "to be signed".
//
// This flag is applicable to
// X509_CERT_TO_BE_SIGNED
// X509_CERT_CRL_TO_BE_SIGNED
// X509_CERT_REQUEST_TO_BE_SIGNED
// X509_KEYGEN_REQUEST_TO_BE_SIGNED
CRYPT_DECODE_TO_BE_SIGNED_FLAG = $2;
{$EXTERNALSYM CRYPT_DECODE_TO_BE_SIGNED_FLAG}
// When the following flag is set, the OID strings are allocated in
// crypt32.dll and shared instead of being copied into the returned
// data structure. This flag may be set if crypt32.dll isn't unloaded
// before the caller is unloaded.
CRYPT_DECODE_SHARE_OID_STRING_FLAG = $4;
{$EXTERNALSYM CRYPT_DECODE_SHARE_OID_STRING_FLAG}
// By default the signature bytes are reversed. The following flag can
// be set to inhibit the byte reversal.
//
// This flag is applicable to
// X509_CERT_TO_BE_SIGNED
CRYPT_DECODE_NO_SIGNATURE_BYTE_REVERSAL_FLAG = $8;
{$EXTERNALSYM CRYPT_DECODE_NO_SIGNATURE_BYTE_REVERSAL_FLAG}
// When the following flag is set the called decode function allocates
// memory for the decoded structure. A pointer to the allocated structure
// is returned in pvStructInfo. If pDecodePara or pDecodePara->pfnAlloc is
// NULL, then, LocalAlloc is called for the allocation and LocalFree must
// be called to do the free. Otherwise, pDecodePara->pfnAlloc is called
// for the allocation.
//
// *pcbStructInfo is ignored on input and updated with the length of the
// allocated, decoded structure.
//
// This flag may also be set in the CryptDecodeObject API. Since
// CryptDecodeObject doesn't take a pDecodePara, LocalAlloc is always
// called for the allocation which must be freed by calling LocalFree.
CRYPT_DECODE_ALLOC_FLAG = $8000;
{$EXTERNALSYM CRYPT_DECODE_ALLOC_FLAG}
// The following flag is applicable when decoding X509_UNICODE_NAME,
// X509_UNICODE_NAME_VALUE or X509_UNICODE_ANY_STRING.
// By default, CERT_RDN_T61_STRING values are initially decoded
// as UTF8. If the UTF8 decoding fails, then, decoded as 8 bit characters.
// Setting this flag skips the initial attempt to decode as UTF8.
CRYPT_UNICODE_NAME_DECODE_DISABLE_IE4_UTF8_FLAG = CERT_RDN_DISABLE_IE4_UTF8_FLAG;
{$EXTERNALSYM CRYPT_UNICODE_NAME_DECODE_DISABLE_IE4_UTF8_FLAG}
//+-------------------------------------------------------------------------
// Predefined X509 certificate data structures that can be encoded / decoded.
//--------------------------------------------------------------------------
CRYPT_ENCODE_DECODE_NONE = 0;
{$EXTERNALSYM CRYPT_ENCODE_DECODE_NONE}
X509_CERT = LPCSTR(1);
{$EXTERNALSYM X509_CERT}
X509_CERT_TO_BE_SIGNED = LPCSTR(2);
{$EXTERNALSYM X509_CERT_TO_BE_SIGNED}
X509_CERT_CRL_TO_BE_SIGNED = LPCSTR(3);
{$EXTERNALSYM X509_CERT_CRL_TO_BE_SIGNED}
X509_CERT_REQUEST_TO_BE_SIGNED = LPCSTR(4);
{$EXTERNALSYM X509_CERT_REQUEST_TO_BE_SIGNED}
X509_EXTENSIONS = LPCSTR(5);
{$EXTERNALSYM X509_EXTENSIONS}
X509_NAME_VALUE = LPCSTR(6);
{$EXTERNALSYM X509_NAME_VALUE}
X509_NAME = LPCSTR(7);
{$EXTERNALSYM X509_NAME}
X509_PUBLIC_KEY_INFO = LPCSTR(8);
{$EXTERNALSYM X509_PUBLIC_KEY_INFO}
//+-------------------------------------------------------------------------
// Predefined X509 certificate extension data structures that can be
// encoded / decoded.
//--------------------------------------------------------------------------
X509_AUTHORITY_KEY_ID = LPCSTR(9);
{$EXTERNALSYM X509_AUTHORITY_KEY_ID}
X509_KEY_ATTRIBUTES = LPCSTR(10);
{$EXTERNALSYM X509_KEY_ATTRIBUTES}
X509_KEY_USAGE_RESTRICTION = LPCSTR(11);
{$EXTERNALSYM X509_KEY_USAGE_RESTRICTION}
X509_ALTERNATE_NAME = LPCSTR(12);
{$EXTERNALSYM X509_ALTERNATE_NAME}
X509_BASIC_CONSTRAINTS = LPCSTR(13);
{$EXTERNALSYM X509_BASIC_CONSTRAINTS}
X509_KEY_USAGE = LPCSTR(14);
{$EXTERNALSYM X509_KEY_USAGE}
X509_BASIC_CONSTRAINTS2 = LPCSTR(15);
{$EXTERNALSYM X509_BASIC_CONSTRAINTS2}
X509_CERT_POLICIES = LPCSTR(16);
{$EXTERNALSYM X509_CERT_POLICIES}
//+-------------------------------------------------------------------------
// Additional predefined data structures that can be encoded / decoded.
//--------------------------------------------------------------------------
PKCS_UTC_TIME = LPCSTR(17);
{$EXTERNALSYM PKCS_UTC_TIME}
PKCS_TIME_REQUEST = LPCSTR(18);
{$EXTERNALSYM PKCS_TIME_REQUEST}
RSA_CSP_PUBLICKEYBLOB = LPCSTR(19);
{$EXTERNALSYM RSA_CSP_PUBLICKEYBLOB}
X509_UNICODE_NAME = LPCSTR(20);
{$EXTERNALSYM X509_UNICODE_NAME}
X509_KEYGEN_REQUEST_TO_BE_SIGNED = LPCSTR(21);
{$EXTERNALSYM X509_KEYGEN_REQUEST_TO_BE_SIGNED}
PKCS_ATTRIBUTE = LPCSTR(22);
{$EXTERNALSYM PKCS_ATTRIBUTE}
PKCS_CONTENT_INFO_SEQUENCE_OF_ANY = LPCSTR(23);
{$EXTERNALSYM PKCS_CONTENT_INFO_SEQUENCE_OF_ANY}
//+-------------------------------------------------------------------------
// Predefined primitive data structures that can be encoded / decoded.
//--------------------------------------------------------------------------
X509_UNICODE_NAME_VALUE = LPCSTR(24);
{$EXTERNALSYM X509_UNICODE_NAME_VALUE}
X509_ANY_STRING = X509_NAME_VALUE;
{$EXTERNALSYM X509_ANY_STRING}
X509_UNICODE_ANY_STRING = X509_UNICODE_NAME_VALUE;
{$EXTERNALSYM X509_UNICODE_ANY_STRING}
X509_OCTET_STRING = LPCSTR(25);
{$EXTERNALSYM X509_OCTET_STRING}
X509_BITS = LPCSTR(26);
{$EXTERNALSYM X509_BITS}
X509_INTEGER = LPCSTR(27);
{$EXTERNALSYM X509_INTEGER}
X509_MULTI_BYTE_INTEGER = LPCSTR(28);
{$EXTERNALSYM X509_MULTI_BYTE_INTEGER}
X509_ENUMERATED = LPCSTR(29);
{$EXTERNALSYM X509_ENUMERATED}
X509_CHOICE_OF_TIME = LPCSTR(30);
{$EXTERNALSYM X509_CHOICE_OF_TIME}
//+-------------------------------------------------------------------------
// More predefined X509 certificate extension data structures that can be
// encoded / decoded.
//--------------------------------------------------------------------------
X509_AUTHORITY_KEY_ID2 = LPCSTR(31);
{$EXTERNALSYM X509_AUTHORITY_KEY_ID2}
X509_AUTHORITY_INFO_ACCESS = LPCSTR(32);
{$EXTERNALSYM X509_AUTHORITY_INFO_ACCESS}
X509_CRL_REASON_CODE = X509_ENUMERATED;
{$EXTERNALSYM X509_CRL_REASON_CODE}
PKCS_CONTENT_INFO = LPCSTR(33);
{$EXTERNALSYM PKCS_CONTENT_INFO}
X509_SEQUENCE_OF_ANY = LPCSTR(34);
{$EXTERNALSYM X509_SEQUENCE_OF_ANY}
X509_CRL_DIST_POINTS = LPCSTR(35);
{$EXTERNALSYM X509_CRL_DIST_POINTS}
X509_ENHANCED_KEY_USAGE = LPCSTR(36);
{$EXTERNALSYM X509_ENHANCED_KEY_USAGE}
PKCS_CTL = LPCSTR(37);
{$EXTERNALSYM PKCS_CTL}
X509_MULTI_BYTE_UINT = LPCSTR(38);
{$EXTERNALSYM X509_MULTI_BYTE_UINT}
X509_DSS_PUBLICKEY = X509_MULTI_BYTE_UINT;
{$EXTERNALSYM X509_DSS_PUBLICKEY}
X509_DSS_PARAMETERS = LPCSTR(39);
{$EXTERNALSYM X509_DSS_PARAMETERS}
X509_DSS_SIGNATURE = LPCSTR(40);
{$EXTERNALSYM X509_DSS_SIGNATURE}
PKCS_RC2_CBC_PARAMETERS = LPCSTR(41);
{$EXTERNALSYM PKCS_RC2_CBC_PARAMETERS}
PKCS_SMIME_CAPABILITIES = LPCSTR(42);
{$EXTERNALSYM PKCS_SMIME_CAPABILITIES}
//+-------------------------------------------------------------------------
// data structures for private keys
//--------------------------------------------------------------------------
PKCS_RSA_PRIVATE_KEY = LPCSTR(43);
{$EXTERNALSYM PKCS_RSA_PRIVATE_KEY}
PKCS_PRIVATE_KEY_INFO = LPCSTR(44);
{$EXTERNALSYM PKCS_PRIVATE_KEY_INFO}
PKCS_ENCRYPTED_PRIVATE_KEY_INFO = LPCSTR(45);
{$EXTERNALSYM PKCS_ENCRYPTED_PRIVATE_KEY_INFO}
//+-------------------------------------------------------------------------
// certificate policy qualifier
//--------------------------------------------------------------------------
X509_PKIX_POLICY_QUALIFIER_USERNOTICE = LPCSTR(46);
{$EXTERNALSYM X509_PKIX_POLICY_QUALIFIER_USERNOTICE}
//+-------------------------------------------------------------------------
// Diffie-Hellman Key Exchange
//--------------------------------------------------------------------------
X509_DH_PUBLICKEY = X509_MULTI_BYTE_UINT;
{$EXTERNALSYM X509_DH_PUBLICKEY}
X509_DH_PARAMETERS = LPCSTR(47);
{$EXTERNALSYM X509_DH_PARAMETERS}
PKCS_ATTRIBUTES = LPCSTR(48);
{$EXTERNALSYM PKCS_ATTRIBUTES}
PKCS_SORTED_CTL = LPCSTR(49);
{$EXTERNALSYM PKCS_SORTED_CTL}
//+-------------------------------------------------------------------------
// X942 Diffie-Hellman
//--------------------------------------------------------------------------
X942_DH_PARAMETERS = LPCSTR(50);
{$EXTERNALSYM X942_DH_PARAMETERS}
//+-------------------------------------------------------------------------
// The following is the same as X509_BITS, except before encoding,
// the bit length is decremented to exclude trailing zero bits.
//--------------------------------------------------------------------------
X509_BITS_WITHOUT_TRAILING_ZEROES = LPCSTR(51);
{$EXTERNALSYM X509_BITS_WITHOUT_TRAILING_ZEROES}
//+-------------------------------------------------------------------------
// X942 Diffie-Hellman Other Info
//--------------------------------------------------------------------------
X942_OTHER_INFO = LPCSTR(52);
{$EXTERNALSYM X942_OTHER_INFO}
//+-------------------------------------------------------------------------
// Predefined PKCS #7 data structures that can be encoded / decoded.
//--------------------------------------------------------------------------
PKCS7_SIGNER_INFO = LPCSTR(500);
{$EXTERNALSYM PKCS7_SIGNER_INFO}
//+-------------------------------------------------------------------------
// Predefined PKCS #7 data structures that can be encoded / decoded.
//--------------------------------------------------------------------------
CMS_SIGNER_INFO = LPCSTR(501);
{$EXTERNALSYM CMS_SIGNER_INFO}
//+-------------------------------------------------------------------------
// Predefined Software Publishing Credential (SPC) data structures that
// can be encoded / decoded.
//
// Predefined values: 2000 .. 2999
//
// See spc.h for value and data structure definitions.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// Extension Object Identifiers
//--------------------------------------------------------------------------
szOID_AUTHORITY_KEY_IDENTIFIER = '2.5.29.1';
{$EXTERNALSYM szOID_AUTHORITY_KEY_IDENTIFIER}
szOID_KEY_ATTRIBUTES = '2.5.29.2';
{$EXTERNALSYM szOID_KEY_ATTRIBUTES}
szOID_CERT_POLICIES_95 = '2.5.29.3';
{$EXTERNALSYM szOID_CERT_POLICIES_95}
szOID_KEY_USAGE_RESTRICTION = '2.5.29.4';
{$EXTERNALSYM szOID_KEY_USAGE_RESTRICTION}
szOID_SUBJECT_ALT_NAME = '2.5.29.7';
{$EXTERNALSYM szOID_SUBJECT_ALT_NAME}
szOID_ISSUER_ALT_NAME = '2.5.29.8';
{$EXTERNALSYM szOID_ISSUER_ALT_NAME}
szOID_BASIC_CONSTRAINTS = '2.5.29.10';
{$EXTERNALSYM szOID_BASIC_CONSTRAINTS}
szOID_KEY_USAGE = '2.5.29.15';
{$EXTERNALSYM szOID_KEY_USAGE}
szOID_PRIVATEKEY_USAGE_PERIOD = '2.5.29.16';
{$EXTERNALSYM szOID_PRIVATEKEY_USAGE_PERIOD}
szOID_BASIC_CONSTRAINTS2 = '2.5.29.19';
{$EXTERNALSYM szOID_BASIC_CONSTRAINTS2}
szOID_CERT_POLICIES = '2.5.29.32';
{$EXTERNALSYM szOID_CERT_POLICIES}
szOID_AUTHORITY_KEY_IDENTIFIER2 = '2.5.29.35';
{$EXTERNALSYM szOID_AUTHORITY_KEY_IDENTIFIER2}
szOID_SUBJECT_KEY_IDENTIFIER = '2.5.29.14';
{$EXTERNALSYM szOID_SUBJECT_KEY_IDENTIFIER}
szOID_SUBJECT_ALT_NAME2 = '2.5.29.17';
{$EXTERNALSYM szOID_SUBJECT_ALT_NAME2}
szOID_ISSUER_ALT_NAME2 = '2.5.29.18';
{$EXTERNALSYM szOID_ISSUER_ALT_NAME2}
szOID_CRL_REASON_CODE = '2.5.29.21';
{$EXTERNALSYM szOID_CRL_REASON_CODE}
szOID_CRL_DIST_POINTS = '2.5.29.31';
{$EXTERNALSYM szOID_CRL_DIST_POINTS}
szOID_ENHANCED_KEY_USAGE = '2.5.29.37';
{$EXTERNALSYM szOID_ENHANCED_KEY_USAGE}
// Microsoft PKCS10 Attributes
szOID_RENEWAL_CERTIFICATE = '1.3.6.1.4.1.311.13.1';
{$EXTERNALSYM szOID_RENEWAL_CERTIFICATE}
szOID_ENROLLMENT_NAME_VALUE_PAIR = '1.3.6.1.4.1.311.13.2.1';
{$EXTERNALSYM szOID_ENROLLMENT_NAME_VALUE_PAIR}
szOID_ENROLLMENT_CSP_PROVIDER = '1.3.6.1.4.1.311.13.2.2';
{$EXTERNALSYM szOID_ENROLLMENT_CSP_PROVIDER}
szOID_OS_VERSION = '1.3.6.1.4.1.311.13.2.3';
{$EXTERNALSYM szOID_OS_VERSION}
//
// Extension contain certificate type
szOID_ENROLLMENT_AGENT = '1.3.6.1.4.1.311.20.2.1';
{$EXTERNALSYM szOID_ENROLLMENT_AGENT}
// Internet Public Key Infrastructure (PKIX)
szOID_PKIX = '1.3.6.1.5.5.7';
{$EXTERNALSYM szOID_PKIX}
szOID_PKIX_PE = '1.3.6.1.5.5.7.1';
{$EXTERNALSYM szOID_PKIX_PE}
szOID_AUTHORITY_INFO_ACCESS = '1.3.6.1.5.5.7.1.1';
{$EXTERNALSYM szOID_AUTHORITY_INFO_ACCESS}
// Microsoft extensions or attributes
szOID_CERT_EXTENSIONS = '1.3.6.1.4.1.311.2.1.14';
{$EXTERNALSYM szOID_CERT_EXTENSIONS}
szOID_NEXT_UPDATE_LOCATION = '1.3.6.1.4.1.311.10.2';
{$EXTERNALSYM szOID_NEXT_UPDATE_LOCATION}
// Microsoft PKCS #7 ContentType Object Identifiers
szOID_CTL = '1.3.6.1.4.1.311.10.1';
{$EXTERNALSYM szOID_CTL}
// Microsoft Sorted CTL Extension Object Identifier
szOID_SORTED_CTL = '1.3.6.1.4.1.311.10.1.1';
{$EXTERNALSYM szOID_SORTED_CTL}
// serialized serial numbers for PRS
szOID_SERIALIZED = '1.3.6.1.4.1.311.10.3.3.1';
{$EXTERNALSYM szOID_SERIALIZED}
// UPN principal name in SubjectAltName
szOID_NT_PRINCIPAL_NAME = '1.3.6.1.4.1.311.20.2.3';
{$EXTERNALSYM szOID_NT_PRINCIPAL_NAME}
// Windows product update unauthenticated attribute
szOID_PRODUCT_UPDATE = '1.3.6.1.4.1.311.31.1';
{$EXTERNALSYM szOID_PRODUCT_UPDATE}
//+-------------------------------------------------------------------------
// Object Identifiers for use with Auto Enrollment
//--------------------------------------------------------------------------
szOID_AUTO_ENROLL_CTL_USAGE = '1.3.6.1.4.1.311.20.1';
{$EXTERNALSYM szOID_AUTO_ENROLL_CTL_USAGE}
// Extension contain certificate type
szOID_ENROLL_CERTTYPE_EXTENSION = '1.3.6.1.4.1.311.20.2';
{$EXTERNALSYM szOID_ENROLL_CERTTYPE_EXTENSION}
szOID_CERT_MANIFOLD = '1.3.6.1.4.1.311.20.3';
{$EXTERNALSYM szOID_CERT_MANIFOLD}
//+-------------------------------------------------------------------------
// Object Identifiers for use with the MS Certificate Server
//--------------------------------------------------------------------------
szOID_CERTSRV_CA_VERSION = '1.3.6.1.4.1.311.21.1';
{$EXTERNALSYM szOID_CERTSRV_CA_VERSION}
//+-------------------------------------------------------------------------
// Object Identifiers for use with the MS Directory Service
//--------------------------------------------------------------------------
szOID_NTDS_REPLICATION = '1.3.6.1.4.1.311.25.1';
{$EXTERNALSYM szOID_NTDS_REPLICATION}
//+-------------------------------------------------------------------------
// Extension Object Identifiers (currently not implemented)
//--------------------------------------------------------------------------
szOID_POLICY_MAPPINGS = '2.5.29.5';
{$EXTERNALSYM szOID_POLICY_MAPPINGS}
szOID_SUBJECT_DIR_ATTRS = '2.5.29.9';
{$EXTERNALSYM szOID_SUBJECT_DIR_ATTRS}
//+-------------------------------------------------------------------------
// Enhanced Key Usage (Purpose) Object Identifiers
//--------------------------------------------------------------------------
szOID_PKIX_KP = '1.3.6.1.5.5.7.3';
{$EXTERNALSYM szOID_PKIX_KP}
// Consistent key usage bits: DIGITAL_SIGNATURE, KEY_ENCIPHERMENT
// or KEY_AGREEMENT
szOID_PKIX_KP_SERVER_AUTH = '1.3.6.1.5.5.7.3.1';
{$EXTERNALSYM szOID_PKIX_KP_SERVER_AUTH}
// Consistent key usage bits: DIGITAL_SIGNATURE
szOID_PKIX_KP_CLIENT_AUTH = '1.3.6.1.5.5.7.3.2';
{$EXTERNALSYM szOID_PKIX_KP_CLIENT_AUTH}
// Consistent key usage bits: DIGITAL_SIGNATURE
szOID_PKIX_KP_CODE_SIGNING = '1.3.6.1.5.5.7.3.3';
{$EXTERNALSYM szOID_PKIX_KP_CODE_SIGNING}
// Consistent key usage bits: DIGITAL_SIGNATURE, NON_REPUDIATION and/or
// (KEY_ENCIPHERMENT or KEY_AGREEMENT)
szOID_PKIX_KP_EMAIL_PROTECTION = '1.3.6.1.5.5.7.3.4';
{$EXTERNALSYM szOID_PKIX_KP_EMAIL_PROTECTION}
// Consistent key usage bits: DIGITAL_SIGNATURE and/or
// (KEY_ENCIPHERMENT or KEY_AGREEMENT)
szOID_PKIX_KP_IPSEC_END_SYSTEM = '1.3.6.1.5.5.7.3.5';
{$EXTERNALSYM szOID_PKIX_KP_IPSEC_END_SYSTEM}
// Consistent key usage bits: DIGITAL_SIGNATURE and/or
// (KEY_ENCIPHERMENT or KEY_AGREEMENT)
szOID_PKIX_KP_IPSEC_TUNNEL = '1.3.6.1.5.5.7.3.6';
{$EXTERNALSYM szOID_PKIX_KP_IPSEC_TUNNEL}
// Consistent key usage bits: DIGITAL_SIGNATURE and/or
// (KEY_ENCIPHERMENT or KEY_AGREEMENT)
szOID_PKIX_KP_IPSEC_USER = '1.3.6.1.5.5.7.3.7';
{$EXTERNALSYM szOID_PKIX_KP_IPSEC_USER}
// Consistent key usage bits: DIGITAL_SIGNATURE or NON_REPUDIATION
szOID_PKIX_KP_TIMESTAMP_SIGNING = '1.3.6.1.5.5.7.3.8';
{$EXTERNALSYM szOID_PKIX_KP_TIMESTAMP_SIGNING}
//+-------------------------------------------------------------------------
// Microsoft Enhanced Key Usage (Purpose) Object Identifiers
//+-------------------------------------------------------------------------
// Signer of CTLs
szOID_KP_CTL_USAGE_SIGNING = '1.3.6.1.4.1.311.10.3.1';
{$EXTERNALSYM szOID_KP_CTL_USAGE_SIGNING}
// Signer of TimeStamps
szOID_KP_TIME_STAMP_SIGNING = '1.3.6.1.4.1.311.10.3.2';
{$EXTERNALSYM szOID_KP_TIME_STAMP_SIGNING}
szOID_SERVER_GATED_CRYPTO = '1.3.6.1.4.1.311.10.3.3';
{$EXTERNALSYM szOID_SERVER_GATED_CRYPTO}
szOID_SGC_NETSCAPE = '2.16.840.1.113730.4.1';
{$EXTERNALSYM szOID_SGC_NETSCAPE}
szOID_KP_EFS = '1.3.6.1.4.1.311.10.3.4';
{$EXTERNALSYM szOID_KP_EFS}
// Can use Windows Hardware Compatible (WHQL)
szOID_WHQL_CRYPTO = '1.3.6.1.4.1.311.10.3.5';
{$EXTERNALSYM szOID_WHQL_CRYPTO}
// Signed by the NT5 build lab
szOID_NT5_CRYPTO = '1.3.6.1.4.1.311.10.3.6';
{$EXTERNALSYM szOID_NT5_CRYPTO}
// Signed by and OEM of WHQL
szOID_OEM_WHQL_CRYPTO = '1.3.6.1.4.1.311.10.3.7';
{$EXTERNALSYM szOID_OEM_WHQL_CRYPTO}
// Signed by the Embedded NT
szOID_EMBEDDED_NT_CRYPTO = '1.3.6.1.4.1.311.10.3.8';
{$EXTERNALSYM szOID_EMBEDDED_NT_CRYPTO}
szOID_DRM = '1.3.6.1.4.1.311.10.5.1';
{$EXTERNALSYM szOID_DRM}
szOID_LICENSES = '1.3.6.1.4.1.311.10.6.1';
{$EXTERNALSYM szOID_LICENSES}
szOID_LICENSE_SERVER = '1.3.6.1.4.1.311.10.6.2';
{$EXTERNALSYM szOID_LICENSE_SERVER}
szOID_KP_SMARTCARD_LOGON = '1.3.6.1.4.1.311.20.2.2';
{$EXTERNALSYM szOID_KP_SMARTCARD_LOGON}
//+-------------------------------------------------------------------------
// Microsoft Attribute Object Identifiers
//+-------------------------------------------------------------------------
szOID_YESNO_TRUST_ATTR = '1.3.6.1.4.1.311.10.4.1';
{$EXTERNALSYM szOID_YESNO_TRUST_ATTR}
//+-------------------------------------------------------------------------
// Qualifiers that may be part of the szOID_CERT_POLICIES and
// szOID_CERT_POLICIES95 extensions
//+-------------------------------------------------------------------------
szOID_PKIX_POLICY_QUALIFIER_CPS = '1.3.6.1.5.5.7.2.1';
{$EXTERNALSYM szOID_PKIX_POLICY_QUALIFIER_CPS}
szOID_PKIX_POLICY_QUALIFIER_USERNOTICE = '1.3.6.1.5.5.7.2.2';
{$EXTERNALSYM szOID_PKIX_POLICY_QUALIFIER_USERNOTICE}
// OID for old qualifer
szOID_CERT_POLICIES_95_QUALIFIER1 = '2.16.840.1.113733.1.7.1.1';
{$EXTERNALSYM szOID_CERT_POLICIES_95_QUALIFIER1}
//+-------------------------------------------------------------------------
// X509_CERT
//
// The "to be signed" encoded content plus its signature. The ToBeSigned
// content is the CryptEncodeObject() output for one of the following:
// X509_CERT_TO_BE_SIGNED, X509_CERT_CRL_TO_BE_SIGNED or
// X509_CERT_REQUEST_TO_BE_SIGNED.
//
// pvStructInfo points to CERT_SIGNED_CONTENT_INFO.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_CERT_TO_BE_SIGNED
//
// pvStructInfo points to CERT_INFO.
//
// For CryptDecodeObject(), the pbEncoded is the "to be signed" plus its
// signature (output of a X509_CERT CryptEncodeObject()).
//
// For CryptEncodeObject(), the pbEncoded is just the "to be signed".
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_CERT_CRL_TO_BE_SIGNED
//
// pvStructInfo points to CRL_INFO.
//
// For CryptDecodeObject(), the pbEncoded is the "to be signed" plus its
// signature (output of a X509_CERT CryptEncodeObject()).
//
// For CryptEncodeObject(), the pbEncoded is just the "to be signed".
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_CERT_REQUEST_TO_BE_SIGNED
//
// pvStructInfo points to CERT_REQUEST_INFO.
//
// For CryptDecodeObject(), the pbEncoded is the "to be signed" plus its
// signature (output of a X509_CERT CryptEncodeObject()).
//
// For CryptEncodeObject(), the pbEncoded is just the "to be signed".
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_EXTENSIONS
// szOID_CERT_EXTENSIONS
//
// pvStructInfo points to following CERT_EXTENSIONS.
//--------------------------------------------------------------------------
type
PCERT_EXTENSIONS = ^CERT_EXTENSIONS;
{$EXTERNALSYM PCERT_EXTENSIONS}
_CERT_EXTENSIONS = record
cExtension: DWORD;
rgExtension: PCERT_EXTENSION;
end;
{$EXTERNALSYM _CERT_EXTENSIONS}
CERT_EXTENSIONS = _CERT_EXTENSIONS;
{$EXTERNALSYM CERT_EXTENSIONS}
TCertExtensions = CERT_EXTENSIONS;
PCertExtensions = PCERT_EXTENSIONS;
//+-------------------------------------------------------------------------
// X509_NAME_VALUE
// X509_ANY_STRING
//
// pvStructInfo points to CERT_NAME_VALUE.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_UNICODE_NAME_VALUE
// X509_UNICODE_ANY_STRING
//
// pvStructInfo points to CERT_NAME_VALUE.
//
// The name values are unicode strings.
//
// For CryptEncodeObject:
// Value.pbData points to the unicode string.
// If Value.cbData = 0, then, the unicode string is NULL terminated.
// Otherwise, Value.cbData is the unicode string byte count. The byte count
// is twice the character count.
//
// If the unicode string contains an invalid character for the specified
// dwValueType, then, *pcbEncoded is updated with the unicode character
// index of the first invalid character. LastError is set to:
// CRYPT_E_INVALID_NUMERIC_STRING, CRYPT_E_INVALID_PRINTABLE_STRING or
// CRYPT_E_INVALID_IA5_STRING.
//
// To disable the above check, either set CERT_RDN_DISABLE_CHECK_TYPE_FLAG
// in dwValueType or set CRYPT_UNICODE_NAME_ENCODE_DISABLE_CHECK_TYPE_FLAG
// in dwFlags passed to CryptEncodeObjectEx.
//
// The unicode string is converted before being encoded according to
// the specified dwValueType. If dwValueType is set to 0, LastError
// is set to E_INVALIDARG.
//
// If the dwValueType isn't one of the character strings (its a
// CERT_RDN_ENCODED_BLOB or CERT_RDN_OCTET_STRING), then, CryptEncodeObject
// will return FALSE with LastError set to CRYPT_E_NOT_CHAR_STRING.
//
// For CryptDecodeObject:
// Value.pbData points to a NULL terminated unicode string. Value.cbData
// contains the byte count of the unicode string excluding the NULL
// terminator. dwValueType contains the type used in the encoded object.
// Its not forced to CERT_RDN_UNICODE_STRING. The encoded value is
// converted to the unicode string according to the dwValueType.
//
// If the encoded object isn't one of the character string types, then,
// CryptDecodeObject will return FALSE with LastError set to
// CRYPT_E_NOT_CHAR_STRING. For a non character string, decode using
// X509_NAME_VALUE or X509_ANY_STRING.
//
// By default, CERT_RDN_T61_STRING values are initially decoded
// as UTF8. If the UTF8 decoding fails, then, decoded as 8 bit characters.
// Set CRYPT_UNICODE_NAME_DECODE_DISABLE_IE4_UTF8_FLAG in dwFlags
// passed to either CryptDecodeObject or CryptDecodeObjectEx to
// skip the initial attempt to decode as UTF8.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_NAME
//
// pvStructInfo points to CERT_NAME_INFO.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_UNICODE_NAME
//
// pvStructInfo points to CERT_NAME_INFO.
//
// The RDN attribute values are unicode strings except for the dwValueTypes of
// CERT_RDN_ENCODED_BLOB or CERT_RDN_OCTET_STRING. These dwValueTypes are
// the same as for a X509_NAME. Their values aren't converted to/from unicode.
//
// For CryptEncodeObject:
// Value.pbData points to the unicode string.
// If Value.cbData = 0, then, the unicode string is NULL terminated.
// Otherwise, Value.cbData is the unicode string byte count. The byte count
// is twice the character count.
//
// If dwValueType = 0 (CERT_RDN_ANY_TYPE), the pszObjId is used to find
// an acceptable dwValueType. If the unicode string contains an
// invalid character for the found or specified dwValueType, then,
// *pcbEncoded is updated with the error location of the invalid character.
// See below for details. LastError is set to:
// CRYPT_E_INVALID_NUMERIC_STRING, CRYPT_E_INVALID_PRINTABLE_STRING or
// CRYPT_E_INVALID_IA5_STRING.
//
// To disable the above check, either set CERT_RDN_DISABLE_CHECK_TYPE_FLAG
// in dwValueType or set CRYPT_UNICODE_NAME_ENCODE_DISABLE_CHECK_TYPE_FLAG
// in dwFlags passed to CryptEncodeObjectEx.
//
// Set CERT_RDN_UNICODE_STRING in dwValueType or set
// CRYPT_UNICODE_NAME_ENCODE_ENABLE_T61_UNICODE_FLAG in dwFlags passed
// to CryptEncodeObjectEx to select CERT_RDN_T61_STRING instead of
// CERT_RDN_UNICODE_STRING if all the unicode characters are <= 0xFF.
//
// Set CERT_RDN_ENABLE_UTF8_UNICODE_STRING in dwValueType or set
// CRYPT_UNICODE_NAME_ENCODE_ENABLE_UTF8_UNICODE_FLAG in dwFlags passed
// to CryptEncodeObjectEx to select CERT_RDN_UTF8_STRING instead of
// CERT_RDN_UNICODE_STRING.
//
// The unicode string is converted before being encoded according to
// the specified or ObjId matching dwValueType.
//
// For CryptDecodeObject:
// Value.pbData points to a NULL terminated unicode string. Value.cbData
// contains the byte count of the unicode string excluding the NULL
// terminator. dwValueType contains the type used in the encoded object.
// Its not forced to CERT_RDN_UNICODE_STRING. The encoded value is
// converted to the unicode string according to the dwValueType.
//
// If the dwValueType of the encoded value isn't a character string
// type, then, it isn't converted to UNICODE. Use the
// IS_CERT_RDN_CHAR_STRING() macro on the dwValueType to check
// that Value.pbData points to a converted unicode string.
//
// By default, CERT_RDN_T61_STRING values are initially decoded
// as UTF8. If the UTF8 decoding fails, then, decoded as 8 bit characters.
// Set CRYPT_UNICODE_NAME_DECODE_DISABLE_IE4_UTF8_FLAG in dwFlags
// passed to either CryptDecodeObject or CryptDecodeObjectEx to
// skip the initial attempt to decode as UTF8.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// Unicode Name Value Error Location Definitions
//
// Error location is returned in *pcbEncoded by
// CryptEncodeObject(X509_UNICODE_NAME)
//
// Error location consists of:
// RDN_INDEX - 10 bits << 22
// ATTR_INDEX - 6 bits << 16
// VALUE_INDEX - 16 bits (unicode character index)
//--------------------------------------------------------------------------
const
CERT_UNICODE_RDN_ERR_INDEX_MASK = $3FF;
{$EXTERNALSYM CERT_UNICODE_RDN_ERR_INDEX_MASK}
CERT_UNICODE_RDN_ERR_INDEX_SHIFT = 22;
{$EXTERNALSYM CERT_UNICODE_RDN_ERR_INDEX_SHIFT}
CERT_UNICODE_ATTR_ERR_INDEX_MASK = $003F;
{$EXTERNALSYM CERT_UNICODE_ATTR_ERR_INDEX_MASK}
CERT_UNICODE_ATTR_ERR_INDEX_SHIFT = 16;
{$EXTERNALSYM CERT_UNICODE_ATTR_ERR_INDEX_SHIFT}
CERT_UNICODE_VALUE_ERR_INDEX_MASK = $0000FFFF;
{$EXTERNALSYM CERT_UNICODE_VALUE_ERR_INDEX_MASK}
CERT_UNICODE_VALUE_ERR_INDEX_SHIFT = 0;
{$EXTERNALSYM CERT_UNICODE_VALUE_ERR_INDEX_SHIFT}
function GET_CERT_UNICODE_RDN_ERR_INDEX(X: DWORD): DWORD;
{$EXTERNALSYM GET_CERT_UNICODE_RDN_ERR_INDEX}
function GET_CERT_UNICODE_ATTR_ERR_INDEX(X: DWORD): DWORD;
{$EXTERNALSYM GET_CERT_UNICODE_ATTR_ERR_INDEX}
function GET_CERT_UNICODE_VALUE_ERR_INDEX(X: DWORD): DWORD;
{$EXTERNALSYM GET_CERT_UNICODE_VALUE_ERR_INDEX}
//+-------------------------------------------------------------------------
// X509_PUBLIC_KEY_INFO
//
// pvStructInfo points to CERT_PUBLIC_KEY_INFO.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_AUTHORITY_KEY_ID
// szOID_AUTHORITY_KEY_IDENTIFIER
//
// pvStructInfo points to following CERT_AUTHORITY_KEY_ID_INFO.
//--------------------------------------------------------------------------
type
PCERT_AUTHORITY_KEY_ID_INFO = ^CERT_AUTHORITY_KEY_ID_INFO;
{$EXTERNALSYM PCERT_AUTHORITY_KEY_ID_INFO}
_CERT_AUTHORITY_KEY_ID_INFO = record
KeyId: CRYPT_DATA_BLOB;
CertIssuer: CERT_NAME_BLOB;
CertSerialNumber: CRYPT_INTEGER_BLOB;
end;
{$EXTERNALSYM _CERT_AUTHORITY_KEY_ID_INFO}
CERT_AUTHORITY_KEY_ID_INFO = _CERT_AUTHORITY_KEY_ID_INFO;
{$EXTERNALSYM CERT_AUTHORITY_KEY_ID_INFO}
TCertAuthorityKeyIdInfo = CERT_AUTHORITY_KEY_ID_INFO;
PCertAuthorityKeyIdInfo = PCERT_AUTHORITY_KEY_ID_INFO;
//+-------------------------------------------------------------------------
// X509_KEY_ATTRIBUTES
// szOID_KEY_ATTRIBUTES
//
// pvStructInfo points to following CERT_KEY_ATTRIBUTES_INFO.
//--------------------------------------------------------------------------
PCERT_PRIVATE_KEY_VALIDITY = ^CERT_PRIVATE_KEY_VALIDITY;
{$EXTERNALSYM PCERT_PRIVATE_KEY_VALIDITY}
_CERT_PRIVATE_KEY_VALIDITY = record
NotBefore: FILETIME;
NotAfter: FILETIME;
end;
{$EXTERNALSYM _CERT_PRIVATE_KEY_VALIDITY}
CERT_PRIVATE_KEY_VALIDITY = _CERT_PRIVATE_KEY_VALIDITY;
{$EXTERNALSYM CERT_PRIVATE_KEY_VALIDITY}
TCertPrivateKeyValidity = CERT_PRIVATE_KEY_VALIDITY;
PCertPrivateKeyValidity = PCERT_PRIVATE_KEY_VALIDITY;
PCERT_KEY_ATTRIBUTES_INFO = ^CERT_KEY_ATTRIBUTES_INFO;
{$EXTERNALSYM PCERT_KEY_ATTRIBUTES_INFO}
_CERT_KEY_ATTRIBUTES_INFO = record
KeyId: CRYPT_DATA_BLOB;
IntendedKeyUsage: CRYPT_BIT_BLOB;
pPrivateKeyUsagePeriod: PCERT_PRIVATE_KEY_VALIDITY; // OPTIONAL
end;
{$EXTERNALSYM _CERT_KEY_ATTRIBUTES_INFO}
CERT_KEY_ATTRIBUTES_INFO = _CERT_KEY_ATTRIBUTES_INFO;
{$EXTERNALSYM CERT_KEY_ATTRIBUTES_INFO}
TCertKeyAttributesInfo = CERT_KEY_ATTRIBUTES_INFO;
PCertKeyAttributesInfo = PCERT_KEY_ATTRIBUTES_INFO;
// Byte[0]
const
CERT_DIGITAL_SIGNATURE_KEY_USAGE = $80;
{$EXTERNALSYM CERT_DIGITAL_SIGNATURE_KEY_USAGE}
CERT_NON_REPUDIATION_KEY_USAGE = $40;
{$EXTERNALSYM CERT_NON_REPUDIATION_KEY_USAGE}
CERT_KEY_ENCIPHERMENT_KEY_USAGE = $20;
{$EXTERNALSYM CERT_KEY_ENCIPHERMENT_KEY_USAGE}
CERT_DATA_ENCIPHERMENT_KEY_USAGE = $10;
{$EXTERNALSYM CERT_DATA_ENCIPHERMENT_KEY_USAGE}
CERT_KEY_AGREEMENT_KEY_USAGE = $08;
{$EXTERNALSYM CERT_KEY_AGREEMENT_KEY_USAGE}
CERT_KEY_CERT_SIGN_KEY_USAGE = $04;
{$EXTERNALSYM CERT_KEY_CERT_SIGN_KEY_USAGE}
CERT_OFFLINE_CRL_SIGN_KEY_USAGE = $02;
{$EXTERNALSYM CERT_OFFLINE_CRL_SIGN_KEY_USAGE}
CERT_CRL_SIGN_KEY_USAGE = $02;
{$EXTERNALSYM CERT_CRL_SIGN_KEY_USAGE}
CERT_ENCIPHER_ONLY_KEY_USAGE = $01;
{$EXTERNALSYM CERT_ENCIPHER_ONLY_KEY_USAGE}
// Byte[1]
CERT_DECIPHER_ONLY_KEY_USAGE = $80;
{$EXTERNALSYM CERT_DECIPHER_ONLY_KEY_USAGE}
//+-------------------------------------------------------------------------
// X509_KEY_USAGE_RESTRICTION
// szOID_KEY_USAGE_RESTRICTION
//
// pvStructInfo points to following CERT_KEY_USAGE_RESTRICTION_INFO.
//--------------------------------------------------------------------------
type
PCERT_POLICY_ID = ^CERT_POLICY_ID;
{$EXTERNALSYM PCERT_POLICY_ID}
_CERT_POLICY_ID = record
cCertPolicyElementId: DWORD;
rgpszCertPolicyElementId: LPSTR; // pszObjId
end;
{$EXTERNALSYM _CERT_POLICY_ID}
CERT_POLICY_ID = _CERT_POLICY_ID;
{$EXTERNALSYM CERT_POLICY_ID}
TCertPolicyId = CERT_POLICY_ID;
PCertPolicyId = PCERT_POLICY_ID;
PCERT_KEY_USAGE_RESTRICTION_INFO = ^CERT_KEY_USAGE_RESTRICTION_INFO;
{$EXTERNALSYM PCERT_KEY_USAGE_RESTRICTION_INFO}
_CERT_KEY_USAGE_RESTRICTION_INFO = record
cCertPolicyId: DWORD;
rgCertPolicyId: PCERT_POLICY_ID;
RestrictedKeyUsage: CRYPT_BIT_BLOB;
end;
{$EXTERNALSYM _CERT_KEY_USAGE_RESTRICTION_INFO}
CERT_KEY_USAGE_RESTRICTION_INFO = _CERT_KEY_USAGE_RESTRICTION_INFO;
{$EXTERNALSYM CERT_KEY_USAGE_RESTRICTION_INFO}
TCertKeyUsageRestrictionInfo = CERT_KEY_USAGE_RESTRICTION_INFO;
PCertKeyUsageRestrictionInfo = PCERT_KEY_USAGE_RESTRICTION_INFO;
// See CERT_KEY_ATTRIBUTES_INFO for definition of the RestrictedKeyUsage bits
//+-------------------------------------------------------------------------
// X509_ALTERNATE_NAME
// szOID_SUBJECT_ALT_NAME
// szOID_ISSUER_ALT_NAME
// szOID_SUBJECT_ALT_NAME2
// szOID_ISSUER_ALT_NAME2
//
// pvStructInfo points to following CERT_ALT_NAME_INFO.
//--------------------------------------------------------------------------
PCERT_OTHER_NAME = ^CERT_OTHER_NAME;
{$EXTERNALSYM PCERT_OTHER_NAME}
_CERT_OTHER_NAME = record
pszObjId: LPSTR;
Value: CRYPT_OBJID_BLOB;
end;
{$EXTERNALSYM _CERT_OTHER_NAME}
CERT_OTHER_NAME = _CERT_OTHER_NAME;
{$EXTERNALSYM CERT_OTHER_NAME}
TCertOtherName = CERT_OTHER_NAME;
PCertOtherName = PCERT_OTHER_NAME;
PCERT_ALT_NAME_ENTRY = ^CERT_ALT_NAME_ENTRY;
{$EXTERNALSYM PCERT_ALT_NAME_ENTRY}
_CERT_ALT_NAME_ENTRY = record
dwAltNameChoice: DWORD;
//union {
case Integer of
0: (pOtherName: PCERT_OTHER_NAME); // 1
1: (pwszRfc822Name: LPWSTR); // 2 (encoded IA5)
2: (pwszDNSName: LPWSTR); // 3 (encoded IA5)
3: ();// Not implemented x400Address; // 4
4: (DirectoryName: CERT_NAME_BLOB); // 5
5: ();// Not implemented pEdiPartyName; // 6
6: (pwszURL: LPWSTR); // 7 (encoded IA5)
7: (IPAddress: CRYPT_DATA_BLOB); // 8 (Octet String)
8: (pszRegisteredID: LPSTR); // 9 (Object Identifer)
end;
{$EXTERNALSYM _CERT_ALT_NAME_ENTRY}
CERT_ALT_NAME_ENTRY = _CERT_ALT_NAME_ENTRY;
{$EXTERNALSYM CERT_ALT_NAME_ENTRY}
TCertAltNameEntry = CERT_ALT_NAME_ENTRY;
PCertAltNameEntry = PCERT_ALT_NAME_ENTRY;
const
CERT_ALT_NAME_OTHER_NAME = 1;
{$EXTERNALSYM CERT_ALT_NAME_OTHER_NAME}
CERT_ALT_NAME_RFC822_NAME = 2;
{$EXTERNALSYM CERT_ALT_NAME_RFC822_NAME}
CERT_ALT_NAME_DNS_NAME = 3;
{$EXTERNALSYM CERT_ALT_NAME_DNS_NAME}
CERT_ALT_NAME_X400_ADDRESS = 4;
{$EXTERNALSYM CERT_ALT_NAME_X400_ADDRESS}
CERT_ALT_NAME_DIRECTORY_NAME = 5;
{$EXTERNALSYM CERT_ALT_NAME_DIRECTORY_NAME}
CERT_ALT_NAME_EDI_PARTY_NAME = 6;
{$EXTERNALSYM CERT_ALT_NAME_EDI_PARTY_NAME}
CERT_ALT_NAME_URL = 7;
{$EXTERNALSYM CERT_ALT_NAME_URL}
CERT_ALT_NAME_IP_ADDRESS = 8;
{$EXTERNALSYM CERT_ALT_NAME_IP_ADDRESS}
CERT_ALT_NAME_REGISTERED_ID = 9;
{$EXTERNALSYM CERT_ALT_NAME_REGISTERED_ID}
type
PCERT_ALT_NAME_INFO = ^CERT_ALT_NAME_INFO;
{$EXTERNALSYM PCERT_ALT_NAME_INFO}
_CERT_ALT_NAME_INFO = record
cAltEntry: DWORD;
rgAltEntry: PCERT_ALT_NAME_ENTRY;
end;
{$EXTERNALSYM _CERT_ALT_NAME_INFO}
CERT_ALT_NAME_INFO = _CERT_ALT_NAME_INFO;
{$EXTERNALSYM CERT_ALT_NAME_INFO}
TCertAltNameInfo = CERT_ALT_NAME_INFO;
PCertAltNameInfo = PCERT_ALT_NAME_INFO;
//+-------------------------------------------------------------------------
// Alternate name IA5 Error Location Definitions for
// CRYPT_E_INVALID_IA5_STRING.
//
// Error location is returned in *pcbEncoded by
// CryptEncodeObject(X509_ALTERNATE_NAME)
//
// Error location consists of:
// ENTRY_INDEX - 8 bits << 16
// VALUE_INDEX - 16 bits (unicode character index)
//--------------------------------------------------------------------------
const
CERT_ALT_NAME_ENTRY_ERR_INDEX_MASK = $FF;
{$EXTERNALSYM CERT_ALT_NAME_ENTRY_ERR_INDEX_MASK}
CERT_ALT_NAME_ENTRY_ERR_INDEX_SHIFT = 16;
{$EXTERNALSYM CERT_ALT_NAME_ENTRY_ERR_INDEX_SHIFT}
CERT_ALT_NAME_VALUE_ERR_INDEX_MASK = $0000FFFF;
{$EXTERNALSYM CERT_ALT_NAME_VALUE_ERR_INDEX_MASK}
CERT_ALT_NAME_VALUE_ERR_INDEX_SHIFT = 0;
{$EXTERNALSYM CERT_ALT_NAME_VALUE_ERR_INDEX_SHIFT}
function GET_CERT_ALT_NAME_ENTRY_ERR_INDEX(X: DWORD): DWORD;
{$EXTERNALSYM GET_CERT_ALT_NAME_ENTRY_ERR_INDEX}
function GET_CERT_ALT_NAME_VALUE_ERR_INDEX(X: DWORD): DWORD;
{$EXTERNALSYM GET_CERT_ALT_NAME_VALUE_ERR_INDEX}
//+-------------------------------------------------------------------------
// X509_BASIC_CONSTRAINTS
// szOID_BASIC_CONSTRAINTS
//
// pvStructInfo points to following CERT_BASIC_CONSTRAINTS_INFO.
//--------------------------------------------------------------------------
type
PCERT_BASIC_CONSTRAINTS_INFO = ^CERT_BASIC_CONSTRAINTS_INFO;
{$EXTERNALSYM PCERT_BASIC_CONSTRAINTS_INFO}
_CERT_BASIC_CONSTRAINTS_INFO = record
SubjectType: CRYPT_BIT_BLOB;
fPathLenConstraint: BOOL;
dwPathLenConstraint: DWORD;
cSubtreesConstraint: DWORD;
rgSubtreesConstraint: PCERT_NAME_BLOB;
end;
{$EXTERNALSYM _CERT_BASIC_CONSTRAINTS_INFO}
CERT_BASIC_CONSTRAINTS_INFO = _CERT_BASIC_CONSTRAINTS_INFO;
{$EXTERNALSYM CERT_BASIC_CONSTRAINTS_INFO}
TCertBasicConstraintsInfo = CERT_BASIC_CONSTRAINTS_INFO;
PCertBasicConstraintsInfo = PCERT_BASIC_CONSTRAINTS_INFO;
const
CERT_CA_SUBJECT_FLAG = $80;
{$EXTERNALSYM CERT_CA_SUBJECT_FLAG}
CERT_END_ENTITY_SUBJECT_FLAG = $40;
{$EXTERNALSYM CERT_END_ENTITY_SUBJECT_FLAG}
//+-------------------------------------------------------------------------
// X509_BASIC_CONSTRAINTS2
// szOID_BASIC_CONSTRAINTS2
//
// pvStructInfo points to following CERT_BASIC_CONSTRAINTS2_INFO.
//--------------------------------------------------------------------------
type
PCERT_BASIC_CONSTRAINTS2_INFO = ^CERT_BASIC_CONSTRAINTS2_INFO;
{$EXTERNALSYM PCERT_BASIC_CONSTRAINTS2_INFO}
_CERT_BASIC_CONSTRAINTS2_INFO = record
fCA: BOOL;
fPathLenConstraint: BOOL;
dwPathLenConstraint: DWORD;
end;
{$EXTERNALSYM _CERT_BASIC_CONSTRAINTS2_INFO}
CERT_BASIC_CONSTRAINTS2_INFO = _CERT_BASIC_CONSTRAINTS2_INFO;
{$EXTERNALSYM CERT_BASIC_CONSTRAINTS2_INFO}
TCertBasicConstraints2Info = CERT_BASIC_CONSTRAINTS2_INFO;
PCertBasicConstraints2Info = PCERT_BASIC_CONSTRAINTS2_INFO;
//+-------------------------------------------------------------------------
// X509_KEY_USAGE
// szOID_KEY_USAGE
//
// pvStructInfo points to a CRYPT_BIT_BLOB. Has same bit definitions as
// CERT_KEY_ATTRIBUTES_INFO's IntendedKeyUsage.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_CERT_POLICIES
// szOID_CERT_POLICIES
// szOID_CERT_POLICIES_95 NOTE--Only allowed for decoding!!!
//
// pvStructInfo points to following CERT_POLICIES_INFO.
//
// NOTE: when decoding using szOID_CERT_POLICIES_95 the pszPolicyIdentifier
// may contain an empty string
//--------------------------------------------------------------------------
PCERT_POLICY_QUALIFIER_INFO = ^CERT_POLICY_QUALIFIER_INFO;
{$EXTERNALSYM PCERT_POLICY_QUALIFIER_INFO}
_CERT_POLICY_QUALIFIER_INFO = record
pszPolicyQualifierId: LPSTR; // pszObjId
Qualifier: CRYPT_OBJID_BLOB; // optional
end;
{$EXTERNALSYM _CERT_POLICY_QUALIFIER_INFO}
CERT_POLICY_QUALIFIER_INFO = _CERT_POLICY_QUALIFIER_INFO;
{$EXTERNALSYM CERT_POLICY_QUALIFIER_INFO}
TCertPolicyQualifierInfo = CERT_POLICY_QUALIFIER_INFO;
PCertPolicyQualifierInfo = PCERT_POLICY_QUALIFIER_INFO;
PCERT_POLICY_INFO = ^CERT_POLICY_INFO;
{$EXTERNALSYM PCERT_POLICY_INFO}
_CERT_POLICY_INFO = record
pszPolicyIdentifier: LPSTR; // pszObjId
cPolicyQualifier: DWORD; // optional
rgPolicyQualifier: PCERT_POLICY_QUALIFIER_INFO;
end;
{$EXTERNALSYM _CERT_POLICY_INFO}
CERT_POLICY_INFO = _CERT_POLICY_INFO;
{$EXTERNALSYM CERT_POLICY_INFO}
TCertPolicyInfo = CERT_POLICY_INFO;
PCertPolicyInfo = PCERT_POLICY_INFO;
PCERT_POLICIES_INFO = ^CERT_POLICIES_INFO;
{$EXTERNALSYM PCERT_POLICIES_INFO}
_CERT_POLICIES_INFO = record
cPolicyInfo: DWORD;
rgPolicyInfo: PCERT_POLICY_INFO;
end;
{$EXTERNALSYM _CERT_POLICIES_INFO}
CERT_POLICIES_INFO = _CERT_POLICIES_INFO;
{$EXTERNALSYM CERT_POLICIES_INFO}
TCertPoliciesInfo = CERT_POLICIES_INFO;
PCertPoliciesInfo = PCERT_POLICIES_INFO;
//+-------------------------------------------------------------------------
// X509_PKIX_POLICY_QUALIFIER_USERNOTICE
// szOID_PKIX_POLICY_QUALIFIER_USERNOTICE
//
// pvStructInfo points to following CERT_POLICY_QUALIFIER_USER_NOTICE.
//
//--------------------------------------------------------------------------
PCERT_POLICY_QUALIFIER_NOTICE_REFERENCE = ^CERT_POLICY_QUALIFIER_NOTICE_REFERENCE;
{$EXTERNALSYM PCERT_POLICY_QUALIFIER_NOTICE_REFERENCE}
_CERT_POLICY_QUALIFIER_NOTICE_REFERENCE = record
pszOrganization: LPSTR;
cNoticeNumbers: DWORD;
rgNoticeNumbers: LPINT;
end;
{$EXTERNALSYM _CERT_POLICY_QUALIFIER_NOTICE_REFERENCE}
CERT_POLICY_QUALIFIER_NOTICE_REFERENCE = _CERT_POLICY_QUALIFIER_NOTICE_REFERENCE;
{$EXTERNALSYM CERT_POLICY_QUALIFIER_NOTICE_REFERENCE}
TCertPolicyQualifierNoticeReference = CERT_POLICY_QUALIFIER_NOTICE_REFERENCE;
PCertPolicyQualifierNoticeReference = PCERT_POLICY_QUALIFIER_NOTICE_REFERENCE;
PCERT_POLICY_QUALIFIER_USER_NOTICE = ^CERT_POLICY_QUALIFIER_USER_NOTICE;
{$EXTERNALSYM PCERT_POLICY_QUALIFIER_USER_NOTICE}
_CERT_POLICY_QUALIFIER_USER_NOTICE = record
pNoticeReference: PCERT_POLICY_QUALIFIER_NOTICE_REFERENCE; // optional
pszDisplayText: LPWSTR; // optional
end;
{$EXTERNALSYM _CERT_POLICY_QUALIFIER_USER_NOTICE}
CERT_POLICY_QUALIFIER_USER_NOTICE = _CERT_POLICY_QUALIFIER_USER_NOTICE;
{$EXTERNALSYM CERT_POLICY_QUALIFIER_USER_NOTICE}
TCertPolicyQualifierUserNotice = CERT_POLICY_QUALIFIER_USER_NOTICE;
PCertPolicyQualifierUserNotice = PCERT_POLICY_QUALIFIER_USER_NOTICE;
//+-------------------------------------------------------------------------
// szOID_CERT_POLICIES_95_QUALIFIER1 - Decode Only!!!!
//
// pvStructInfo points to following CERT_POLICY95_QUALIFIER1.
//
//--------------------------------------------------------------------------
PCPS_URLS = ^CPS_URLS;
{$EXTERNALSYM PCPS_URLS}
_CPS_URLS = record
pszURL: LPWSTR;
pAlgorithm: PCRYPT_ALGORITHM_IDENTIFIER; // optional
pDigest: PCRYPT_DATA_BLOB; // optional
end;
{$EXTERNALSYM _CPS_URLS}
CPS_URLS = _CPS_URLS;
{$EXTERNALSYM CPS_URLS}
TCpsUrls = CPS_URLS;
PCpsUrls = PCPS_URLS;
PCERT_POLICY95_QUALIFIER1 = ^CERT_POLICY95_QUALIFIER1;
{$EXTERNALSYM PCERT_POLICY95_QUALIFIER1}
_CERT_POLICY95_QUALIFIER1 = record
pszPracticesReference: LPWSTR; // optional
pszNoticeIdentifier: LPSTR; // optional
pszNSINoticeIdentifier: LPSTR; // optional
cCPSURLs: DWORD;
rgCPSURLs: PCPS_URLS; // optional
end;
{$EXTERNALSYM _CERT_POLICY95_QUALIFIER1}
CERT_POLICY95_QUALIFIER1 = _CERT_POLICY95_QUALIFIER1;
{$EXTERNALSYM CERT_POLICY95_QUALIFIER1}
TCertPolicy95Qualifier1 = CERT_POLICY95_QUALIFIER1;
PCertPolicy95Qualifier1 = PCERT_POLICY95_QUALIFIER1;
//+-------------------------------------------------------------------------
// RSA_CSP_PUBLICKEYBLOB
//
// pvStructInfo points to a PUBLICKEYSTRUC immediately followed by a
// RSAPUBKEY and the modulus bytes.
//
// CryptExportKey outputs the above StructInfo for a dwBlobType of
// PUBLICKEYBLOB. CryptImportKey expects the above StructInfo when
// importing a public key.
//
// For dwCertEncodingType = X509_ASN_ENCODING, the RSA_CSP_PUBLICKEYBLOB is
// encoded as a PKCS #1 RSAPublicKey consisting of a SEQUENCE of a
// modulus INTEGER and a publicExponent INTEGER. The modulus is encoded
// as being a unsigned integer. When decoded, if the modulus was encoded
// as unsigned integer with a leading 0 byte, the 0 byte is removed before
// converting to the CSP modulus bytes.
//
// For decode, the aiKeyAlg field of PUBLICKEYSTRUC is always set to
// CALG_RSA_KEYX.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_KEYGEN_REQUEST_TO_BE_SIGNED
//
// pvStructInfo points to CERT_KEYGEN_REQUEST_INFO.
//
// For CryptDecodeObject(), the pbEncoded is the "to be signed" plus its
// signature (output of a X509_CERT CryptEncodeObject()).
//
// For CryptEncodeObject(), the pbEncoded is just the "to be signed".
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// PKCS_ATTRIBUTE data structure
//
// pvStructInfo points to a CRYPT_ATTRIBUTE.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// PKCS_ATTRIBUTES data structure
//
// pvStructInfo points to a CRYPT_ATTRIBUTES.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// PKCS_CONTENT_INFO_SEQUENCE_OF_ANY data structure
//
// pvStructInfo points to following CRYPT_CONTENT_INFO_SEQUENCE_OF_ANY.
//
// For X509_ASN_ENCODING: encoded as a PKCS#7 ContentInfo structure wrapping
// a sequence of ANY. The value of the contentType field is pszObjId,
// while the content field is the following structure:
// SequenceOfAny ::= SEQUENCE OF ANY
//
// The CRYPT_DER_BLOBs point to the already encoded ANY content.
//--------------------------------------------------------------------------
PCRYPT_CONTENT_INFO_SEQUENCE_OF_ANY = ^CRYPT_CONTENT_INFO_SEQUENCE_OF_ANY;
{$EXTERNALSYM PCRYPT_CONTENT_INFO_SEQUENCE_OF_ANY}
_CRYPT_CONTENT_INFO_SEQUENCE_OF_ANY = record
pszObjId: LPSTR;
cValue: DWORD;
rgValue: PCRYPT_DER_BLOB;
end;
{$EXTERNALSYM _CRYPT_CONTENT_INFO_SEQUENCE_OF_ANY}
CRYPT_CONTENT_INFO_SEQUENCE_OF_ANY = _CRYPT_CONTENT_INFO_SEQUENCE_OF_ANY;
{$EXTERNALSYM CRYPT_CONTENT_INFO_SEQUENCE_OF_ANY}
TCryptContentInfoSequenceOfAny = CRYPT_CONTENT_INFO_SEQUENCE_OF_ANY;
PCryptContentInfoSequenceOfAny = PCRYPT_CONTENT_INFO_SEQUENCE_OF_ANY;
//+-------------------------------------------------------------------------
// PKCS_CONTENT_INFO data structure
//
// pvStructInfo points to following CRYPT_CONTENT_INFO.
//
// For X509_ASN_ENCODING: encoded as a PKCS#7 ContentInfo structure.
// The CRYPT_DER_BLOB points to the already encoded ANY content.
//--------------------------------------------------------------------------
PCRYPT_CONTENT_INFO = ^CRYPT_CONTENT_INFO;
{$EXTERNALSYM PCRYPT_CONTENT_INFO}
_CRYPT_CONTENT_INFO = record
pszObjId: LPSTR;
Content: CRYPT_DER_BLOB;
end;
{$EXTERNALSYM _CRYPT_CONTENT_INFO}
CRYPT_CONTENT_INFO = _CRYPT_CONTENT_INFO;
{$EXTERNALSYM CRYPT_CONTENT_INFO}
TCryptContentInfo = CRYPT_CONTENT_INFO;
PCryptContentInfo = PCRYPT_CONTENT_INFO;
//+-------------------------------------------------------------------------
// X509_OCTET_STRING data structure
//
// pvStructInfo points to a CRYPT_DATA_BLOB.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_BITS data structure
//
// pvStructInfo points to a CRYPT_BIT_BLOB.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_BITS_WITHOUT_TRAILING_ZEROES data structure
//
// pvStructInfo points to a CRYPT_BIT_BLOB.
//
// The same as X509_BITS, except before encoding, the bit length is
// decremented to exclude trailing zero bits.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_INTEGER data structure
//
// pvStructInfo points to an int.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_MULTI_BYTE_INTEGER data structure
//
// pvStructInfo points to a CRYPT_INTEGER_BLOB.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_ENUMERATED data structure
//
// pvStructInfo points to an int containing the enumerated value
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_CHOICE_OF_TIME data structure
//
// pvStructInfo points to a FILETIME.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_SEQUENCE_OF_ANY data structure
//
// pvStructInfo points to following CRYPT_SEQUENCE_OF_ANY.
//
// The CRYPT_DER_BLOBs point to the already encoded ANY content.
//--------------------------------------------------------------------------
PCRYPT_SEQUENCE_OF_ANY = ^CRYPT_SEQUENCE_OF_ANY;
{$EXTERNALSYM PCRYPT_SEQUENCE_OF_ANY}
_CRYPT_SEQUENCE_OF_ANY = record
cValue: DWORD;
rgValue: PCRYPT_DER_BLOB;
end;
{$EXTERNALSYM _CRYPT_SEQUENCE_OF_ANY}
CRYPT_SEQUENCE_OF_ANY = _CRYPT_SEQUENCE_OF_ANY;
{$EXTERNALSYM CRYPT_SEQUENCE_OF_ANY}
TCryptSequenceOfAny = CRYPT_SEQUENCE_OF_ANY;
PCryptSequenceOfAny = PCRYPT_SEQUENCE_OF_ANY;
//+-------------------------------------------------------------------------
// X509_AUTHORITY_KEY_ID2
// szOID_AUTHORITY_KEY_IDENTIFIER2
//
// pvStructInfo points to following CERT_AUTHORITY_KEY_ID2_INFO.
//
// For CRYPT_E_INVALID_IA5_STRING, the error location is returned in
// *pcbEncoded by CryptEncodeObject(X509_AUTHORITY_KEY_ID2)
//
// See X509_ALTERNATE_NAME for error location defines.
//--------------------------------------------------------------------------
PCERT_AUTHORITY_KEY_ID2_INFO = ^CERT_AUTHORITY_KEY_ID2_INFO;
{$EXTERNALSYM PCERT_AUTHORITY_KEY_ID2_INFO}
_CERT_AUTHORITY_KEY_ID2_INFO = record
KeyId: CRYPT_DATA_BLOB;
AuthorityCertIssuer: CERT_ALT_NAME_INFO; // Optional, set cAltEntry
// to 0 to omit.
AuthorityCertSerialNumber: CRYPT_INTEGER_BLOB;
end;
{$EXTERNALSYM _CERT_AUTHORITY_KEY_ID2_INFO}
CERT_AUTHORITY_KEY_ID2_INFO = _CERT_AUTHORITY_KEY_ID2_INFO;
{$EXTERNALSYM CERT_AUTHORITY_KEY_ID2_INFO}
TCertAuthorityKeyId2Info = CERT_AUTHORITY_KEY_ID2_INFO;
PCertAuthorityKeyId2Info = PCERT_AUTHORITY_KEY_ID2_INFO;
//+-------------------------------------------------------------------------
// szOID_SUBJECT_KEY_IDENTIFIER
//
// pvStructInfo points to a CRYPT_DATA_BLOB.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_AUTHORITY_INFO_ACCESS
// szOID_AUTHORITY_INFO_ACCESS
//
// pvStructInfo points to following CERT_AUTHORITY_INFO_ACCESS.
//
// For CRYPT_E_INVALID_IA5_STRING, the error location is returned in
// *pcbEncoded by CryptEncodeObject(X509_AUTHORITY_INFO_ACCESS)
//
// Error location consists of:
// ENTRY_INDEX - 8 bits << 16
// VALUE_INDEX - 16 bits (unicode character index)
//
// See X509_ALTERNATE_NAME for ENTRY_INDEX and VALUE_INDEX error location
// defines.
//--------------------------------------------------------------------------
PCERT_ACCESS_DESCRIPTION = ^CERT_ACCESS_DESCRIPTION;
{$EXTERNALSYM PCERT_ACCESS_DESCRIPTION}
_CERT_ACCESS_DESCRIPTION = record
pszAccessMethod: LPSTR; // pszObjId
AccessLocation: CERT_ALT_NAME_ENTRY;
end;
{$EXTERNALSYM _CERT_ACCESS_DESCRIPTION}
CERT_ACCESS_DESCRIPTION = _CERT_ACCESS_DESCRIPTION;
{$EXTERNALSYM CERT_ACCESS_DESCRIPTION}
TCertAccessDescription = CERT_ACCESS_DESCRIPTION;
PCertAccessDescription = PCERT_ACCESS_DESCRIPTION;
PCERT_AUTHORITY_INFO_ACCESS = ^CERT_AUTHORITY_INFO_ACCESS;
{$EXTERNALSYM PCERT_AUTHORITY_INFO_ACCESS}
_CERT_AUTHORITY_INFO_ACCESS = record
cAccDescr: DWORD;
rgAccDescr: PCERT_ACCESS_DESCRIPTION;
end;
{$EXTERNALSYM _CERT_AUTHORITY_INFO_ACCESS}
CERT_AUTHORITY_INFO_ACCESS = _CERT_AUTHORITY_INFO_ACCESS;
{$EXTERNALSYM CERT_AUTHORITY_INFO_ACCESS}
TCertAuthorityInfoAccess = CERT_AUTHORITY_INFO_ACCESS;
PCertAuthorityInfoAccess = PCERT_AUTHORITY_INFO_ACCESS;
//+-------------------------------------------------------------------------
// PKIX Access Description: Access Method Object Identifiers
//--------------------------------------------------------------------------
const
szOID_PKIX_ACC_DESCR = '1.3.6.1.5.5.7.48';
{$EXTERNALSYM szOID_PKIX_ACC_DESCR}
szOID_PKIX_OCSP = '1.3.6.1.5.5.7.48.1';
{$EXTERNALSYM szOID_PKIX_OCSP}
szOID_PKIX_CA_ISSUERS = '1.3.6.1.5.5.7.48.2';
{$EXTERNALSYM szOID_PKIX_CA_ISSUERS}
//+-------------------------------------------------------------------------
// X509_CRL_REASON_CODE
// szOID_CRL_REASON_CODE
//
// pvStructInfo points to an int which can be set to one of the following
// enumerated values:
//--------------------------------------------------------------------------
CRL_REASON_UNSPECIFIED = 0;
{$EXTERNALSYM CRL_REASON_UNSPECIFIED}
CRL_REASON_KEY_COMPROMISE = 1;
{$EXTERNALSYM CRL_REASON_KEY_COMPROMISE}
CRL_REASON_CA_COMPROMISE = 2;
{$EXTERNALSYM CRL_REASON_CA_COMPROMISE}
CRL_REASON_AFFILIATION_CHANGED = 3;
{$EXTERNALSYM CRL_REASON_AFFILIATION_CHANGED}
CRL_REASON_SUPERSEDED = 4;
{$EXTERNALSYM CRL_REASON_SUPERSEDED}
CRL_REASON_CESSATION_OF_OPERATION = 5;
{$EXTERNALSYM CRL_REASON_CESSATION_OF_OPERATION}
CRL_REASON_CERTIFICATE_HOLD = 6;
{$EXTERNALSYM CRL_REASON_CERTIFICATE_HOLD}
CRL_REASON_REMOVE_FROM_CRL = 8;
{$EXTERNALSYM CRL_REASON_REMOVE_FROM_CRL}
//+-------------------------------------------------------------------------
// X509_CRL_DIST_POINTS
// szOID_CRL_DIST_POINTS
//
// pvStructInfo points to following CRL_DIST_POINTS_INFO.
//
// For CRYPT_E_INVALID_IA5_STRING, the error location is returned in
// *pcbEncoded by CryptEncodeObject(X509_CRL_DIST_POINTS)
//
// Error location consists of:
// CRL_ISSUER_BIT - 1 bit << 31 (0 for FullName, 1 for CRLIssuer)
// POINT_INDEX - 7 bits << 24
// ENTRY_INDEX - 8 bits << 16
// VALUE_INDEX - 16 bits (unicode character index)
//
// See X509_ALTERNATE_NAME for ENTRY_INDEX and VALUE_INDEX error location
// defines.
//--------------------------------------------------------------------------
type
PCRL_DIST_POINT_NAME = ^CRL_DIST_POINT_NAME;
{$EXTERNALSYM PCRL_DIST_POINT_NAME}
_CRL_DIST_POINT_NAME = record
dwDistPointNameChoice: DWORD;
case Integer of
0: (FullName: CERT_ALT_NAME_INFO); // 1
1: ();// Not implemented IssuerRDN; // 2
end;
{$EXTERNALSYM _CRL_DIST_POINT_NAME}
CRL_DIST_POINT_NAME = _CRL_DIST_POINT_NAME;
{$EXTERNALSYM CRL_DIST_POINT_NAME}
TCrlDistPointName = CRL_DIST_POINT_NAME;
PCrlDistPointName = PCRL_DIST_POINT_NAME;
const
CRL_DIST_POINT_NO_NAME = 0;
{$EXTERNALSYM CRL_DIST_POINT_NO_NAME}
CRL_DIST_POINT_FULL_NAME = 1;
{$EXTERNALSYM CRL_DIST_POINT_FULL_NAME}
CRL_DIST_POINT_ISSUER_RDN_NAME = 2;
{$EXTERNALSYM CRL_DIST_POINT_ISSUER_RDN_NAME}
type
PCRL_DIST_POINT = ^CRL_DIST_POINT;
{$EXTERNALSYM PCRL_DIST_POINT}
_CRL_DIST_POINT = record
DistPointName: CRL_DIST_POINT_NAME; // OPTIONAL
ReasonFlags: CRYPT_BIT_BLOB; // OPTIONAL
CRLIssuer: CERT_ALT_NAME_INFO; // OPTIONAL
end;
{$EXTERNALSYM _CRL_DIST_POINT}
CRL_DIST_POINT = _CRL_DIST_POINT;
{$EXTERNALSYM CRL_DIST_POINT}
TCrlDistPoint = CRL_DIST_POINT;
PCrlDistPoint = PCRL_DIST_POINT;
const
CRL_REASON_UNUSED_FLAG = $80;
{$EXTERNALSYM CRL_REASON_UNUSED_FLAG}
CRL_REASON_KEY_COMPROMISE_FLAG = $40;
{$EXTERNALSYM CRL_REASON_KEY_COMPROMISE_FLAG}
CRL_REASON_CA_COMPROMISE_FLAG = $20;
{$EXTERNALSYM CRL_REASON_CA_COMPROMISE_FLAG}
CRL_REASON_AFFILIATION_CHANGED_FLAG = $10;
{$EXTERNALSYM CRL_REASON_AFFILIATION_CHANGED_FLAG}
CRL_REASON_SUPERSEDED_FLAG = $08;
{$EXTERNALSYM CRL_REASON_SUPERSEDED_FLAG}
CRL_REASON_CESSATION_OF_OPERATION_FLAG = $04;
{$EXTERNALSYM CRL_REASON_CESSATION_OF_OPERATION_FLAG}
CRL_REASON_CERTIFICATE_HOLD_FLAG = $02;
{$EXTERNALSYM CRL_REASON_CERTIFICATE_HOLD_FLAG}
type
PCRL_DIST_POINTS_INFO = ^CRL_DIST_POINTS_INFO;
{$EXTERNALSYM PCRL_DIST_POINTS_INFO}
_CRL_DIST_POINTS_INFO = record
cDistPoint: DWORD;
rgDistPoint: PCRL_DIST_POINT;
end;
{$EXTERNALSYM _CRL_DIST_POINTS_INFO}
CRL_DIST_POINTS_INFO = _CRL_DIST_POINTS_INFO;
{$EXTERNALSYM CRL_DIST_POINTS_INFO}
TCrlDistPointsInfo = CRL_DIST_POINTS_INFO;
PCrlDistPointsInfo = PCRL_DIST_POINTS_INFO;
const
CRL_DIST_POINT_ERR_INDEX_MASK = $7F;
{$EXTERNALSYM CRL_DIST_POINT_ERR_INDEX_MASK}
CRL_DIST_POINT_ERR_INDEX_SHIFT = 24;
{$EXTERNALSYM CRL_DIST_POINT_ERR_INDEX_SHIFT}
function GET_CRL_DIST_POINT_ERR_INDEX(X: DWORD): DWORD;
{$EXTERNALSYM GET_CRL_DIST_POINT_ERR_INDEX}
const
CRL_DIST_POINT_ERR_CRL_ISSUER_BIT = DWORD($80000000);
{$EXTERNALSYM CRL_DIST_POINT_ERR_CRL_ISSUER_BIT}
function IS_CRL_DIST_POINT_ERR_CRL_ISSUER(X: DWORD): Boolean;
{$EXTERNALSYM IS_CRL_DIST_POINT_ERR_CRL_ISSUER}
//+-------------------------------------------------------------------------
// X509_ENHANCED_KEY_USAGE
// szOID_ENHANCED_KEY_USAGE
//
// pvStructInfo points to a CERT_ENHKEY_USAGE, CTL_USAGE.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// szOID_NEXT_UPDATE_LOCATION
//
// pvStructInfo points to a CERT_ALT_NAME_INFO.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// PKCS_CTL
// szOID_CTL
//
// pvStructInfo points to a CTL_INFO.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// PKCS_SORTED_CTL
//
// pvStructInfo points to a CTL_INFO.
//
// Same as for PKCS_CTL, except, the CTL entries are sorted. The following
// extension containing the sort information is inserted as the first
// extension in the encoded CTL.
//
// Only supported for Encoding. CRYPT_ENCODE_ALLOC_FLAG flag must be
// set.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// Sorted CTL TrustedSubjects extension
//
// Array of little endian DWORDs:
// [0] - Flags
// [1] - Count of HashBucket entry offsets
// [2] - Maximum HashBucket entry collision count
// [3 ..] (Count + 1) HashBucket entry offsets
//
// When this extension is present in the CTL,
// the ASN.1 encoded sequence of TrustedSubjects are HashBucket ordered.
//
// The entry offsets point to the start of the first encoded TrustedSubject
// sequence for the HashBucket. The encoded TrustedSubjects for a HashBucket
// continue until the encoded offset of the next HashBucket. A HashBucket has
// no entries if HashBucket[N] == HashBucket[N + 1].
//
// The HashBucket offsets are from the start of the ASN.1 encoded CTL_INFO.
//--------------------------------------------------------------------------
const
SORTED_CTL_EXT_FLAGS_OFFSET = (0*4);
{$EXTERNALSYM SORTED_CTL_EXT_FLAGS_OFFSET}
SORTED_CTL_EXT_COUNT_OFFSET = (1*4);
{$EXTERNALSYM SORTED_CTL_EXT_COUNT_OFFSET}
SORTED_CTL_EXT_MAX_COLLISION_OFFSET = (2*4);
{$EXTERNALSYM SORTED_CTL_EXT_MAX_COLLISION_OFFSET}
SORTED_CTL_EXT_HASH_BUCKET_OFFSET = (3*4);
{$EXTERNALSYM SORTED_CTL_EXT_HASH_BUCKET_OFFSET}
// If the SubjectIdentifiers are a MD5 or SHA1 hash, the following flag is
// set. When set, the first 4 bytes of the SubjectIdentifier are used as
// the dwhash. Otherwise, the SubjectIdentifier bytes are hashed into dwHash.
// In either case the HashBucket index = dwHash % cHashBucket.
SORTED_CTL_EXT_HASHED_SUBJECT_IDENTIFIER_FLAG = $1;
{$EXTERNALSYM SORTED_CTL_EXT_HASHED_SUBJECT_IDENTIFIER_FLAG}
//+-------------------------------------------------------------------------
// X509_MULTI_BYTE_UINT
//
// pvStructInfo points to a CRYPT_UINT_BLOB. Before encoding, inserts a
// leading 0x00. After decoding, removes a leading 0x00.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_DSS_PUBLICKEY
//
// pvStructInfo points to a CRYPT_UINT_BLOB.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_DSS_PARAMETERS
//
// pvStructInfo points to following CERT_DSS_PARAMETERS data structure.
//--------------------------------------------------------------------------
type
PCERT_DSS_PARAMETERS = ^CERT_DSS_PARAMETERS;
{$EXTERNALSYM PCERT_DSS_PARAMETERS}
_CERT_DSS_PARAMETERS = record
p: CRYPT_UINT_BLOB;
q: CRYPT_UINT_BLOB;
g: CRYPT_UINT_BLOB;
end;
{$EXTERNALSYM _CERT_DSS_PARAMETERS}
CERT_DSS_PARAMETERS = _CERT_DSS_PARAMETERS;
{$EXTERNALSYM CERT_DSS_PARAMETERS}
TCertDssParameters = CERT_DSS_PARAMETERS;
PCertDssParameters = PCERT_DSS_PARAMETERS;
//+-------------------------------------------------------------------------
// X509_DSS_SIGNATURE
//
// pvStructInfo is a BYTE rgbSignature[CERT_DSS_SIGNATURE_LEN]. The
// bytes are ordered as output by the DSS CSP's CryptSignHash().
//--------------------------------------------------------------------------
const
CERT_DSS_R_LEN = 20;
{$EXTERNALSYM CERT_DSS_R_LEN}
CERT_DSS_S_LEN = 20;
{$EXTERNALSYM CERT_DSS_S_LEN}
CERT_DSS_SIGNATURE_LEN = (CERT_DSS_R_LEN + CERT_DSS_S_LEN);
{$EXTERNALSYM CERT_DSS_SIGNATURE_LEN}
// Sequence of 2 unsigned integers (the extra +1 is for a potential leading
// 0x00 to make the integer unsigned)
CERT_MAX_ASN_ENCODED_DSS_SIGNATURE_LEN = (2 + 2 * (2 + 20 + 1));
{$EXTERNALSYM CERT_MAX_ASN_ENCODED_DSS_SIGNATURE_LEN}
//+-------------------------------------------------------------------------
// X509_DH_PUBLICKEY
//
// pvStructInfo points to a CRYPT_UINT_BLOB.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// X509_DH_PARAMETERS
//
// pvStructInfo points to following CERT_DH_PARAMETERS data structure.
//--------------------------------------------------------------------------
type
PCERT_DH_PARAMETERS = ^CERT_DH_PARAMETERS;
{$EXTERNALSYM PCERT_DH_PARAMETERS}
_CERT_DH_PARAMETERS = record
p: CRYPT_UINT_BLOB;
g: CRYPT_UINT_BLOB;
end;
{$EXTERNALSYM _CERT_DH_PARAMETERS}
CERT_DH_PARAMETERS = _CERT_DH_PARAMETERS;
{$EXTERNALSYM CERT_DH_PARAMETERS}
TCertDhParameters = CERT_DH_PARAMETERS;
PCertDhParameters = PCERT_DH_PARAMETERS;
//+-------------------------------------------------------------------------
// X942_DH_PARAMETERS
//
// pvStructInfo points to following CERT_X942_DH_PARAMETERS data structure.
//
// If q.cbData == 0, then, the following fields are zero'ed.
//--------------------------------------------------------------------------
PCERT_X942_DH_VALIDATION_PARAMS = ^CERT_X942_DH_VALIDATION_PARAMS;
{$EXTERNALSYM PCERT_X942_DH_VALIDATION_PARAMS}
_CERT_X942_DH_VALIDATION_PARAMS = record
seed: CRYPT_BIT_BLOB;
pgenCounter: DWORD;
end;
{$EXTERNALSYM _CERT_X942_DH_VALIDATION_PARAMS}
CERT_X942_DH_VALIDATION_PARAMS = _CERT_X942_DH_VALIDATION_PARAMS;
{$EXTERNALSYM CERT_X942_DH_VALIDATION_PARAMS}
TCertX942DhValidationParams = CERT_X942_DH_VALIDATION_PARAMS;
PCertX942DhValidationParams = PCERT_X942_DH_VALIDATION_PARAMS;
PCERT_X942_DH_PARAMETERS = ^CERT_X942_DH_PARAMETERS;
{$EXTERNALSYM PCERT_X942_DH_PARAMETERS}
_CERT_X942_DH_PARAMETERS = record
p: CRYPT_UINT_BLOB; // odd prime, p = jq + 1
g: CRYPT_UINT_BLOB; // generator, g
q: CRYPT_UINT_BLOB; // factor of p - 1, OPTIONAL
j: CRYPT_UINT_BLOB; // subgroup factor, OPTIONAL
pValidationParams: PCERT_X942_DH_VALIDATION_PARAMS; // OPTIONAL
end;
{$EXTERNALSYM _CERT_X942_DH_PARAMETERS}
CERT_X942_DH_PARAMETERS = _CERT_X942_DH_PARAMETERS;
{$EXTERNALSYM CERT_X942_DH_PARAMETERS}
TCertX942DhParameters = CERT_X942_DH_PARAMETERS;
PCertX942DhParameters = PCERT_X942_DH_PARAMETERS;
//+-------------------------------------------------------------------------
// X942_OTHER_INFO
//
// pvStructInfo points to following CRYPT_X942_OTHER_INFO data structure.
//
// rgbCounter and rgbKeyLength are in Little Endian order.
//--------------------------------------------------------------------------
const
CRYPT_X942_COUNTER_BYTE_LENGTH = 4;
{$EXTERNALSYM CRYPT_X942_COUNTER_BYTE_LENGTH}
CRYPT_X942_KEY_LENGTH_BYTE_LENGTH = 4;
{$EXTERNALSYM CRYPT_X942_KEY_LENGTH_BYTE_LENGTH}
CRYPT_X942_PUB_INFO_BYTE_LENGTH = (512 div 8);
{$EXTERNALSYM CRYPT_X942_PUB_INFO_BYTE_LENGTH}
type
PCRYPT_X942_OTHER_INFO = ^CRYPT_X942_OTHER_INFO;
{$EXTERNALSYM PCRYPT_X942_OTHER_INFO}
_CRYPT_X942_OTHER_INFO = record
pszContentEncryptionObjId: LPSTR;
rgbCounter: array [0..CRYPT_X942_COUNTER_BYTE_LENGTH - 1] of BYTE;
rgbKeyLength: array [0..CRYPT_X942_KEY_LENGTH_BYTE_LENGTH - 1] of BYTE;
PubInfo: CRYPT_DATA_BLOB; // OPTIONAL
end;
{$EXTERNALSYM _CRYPT_X942_OTHER_INFO}
CRYPT_X942_OTHER_INFO = _CRYPT_X942_OTHER_INFO;
{$EXTERNALSYM CRYPT_X942_OTHER_INFO}
TCryptX942OtherInfo = CRYPT_X942_OTHER_INFO;
PCryptX942OtherInfo = PCRYPT_X942_OTHER_INFO;
//+-------------------------------------------------------------------------
// PKCS_RC2_CBC_PARAMETERS
// szOID_RSA_RC2CBC
//
// pvStructInfo points to following CRYPT_RC2_CBC_PARAMETERS data structure.
//--------------------------------------------------------------------------
PCRYPT_RC2_CBC_PARAMETERS = ^CRYPT_RC2_CBC_PARAMETERS;
{$EXTERNALSYM PCRYPT_RC2_CBC_PARAMETERS}
_CRYPT_RC2_CBC_PARAMETERS = record
dwVersion: DWORD;
fIV: BOOL; // set if has following IV
rgbIV: array [0..7] of BYTE;
end;
{$EXTERNALSYM _CRYPT_RC2_CBC_PARAMETERS}
CRYPT_RC2_CBC_PARAMETERS = _CRYPT_RC2_CBC_PARAMETERS;
{$EXTERNALSYM CRYPT_RC2_CBC_PARAMETERS}
TCryptRc2CbcParameters = CRYPT_RC2_CBC_PARAMETERS;
PCryptRc2CbcParameters = PCRYPT_RC2_CBC_PARAMETERS;
const
CRYPT_RC2_40BIT_VERSION = 160;
{$EXTERNALSYM CRYPT_RC2_40BIT_VERSION}
CRYPT_RC2_56BIT_VERSION = 52;
{$EXTERNALSYM CRYPT_RC2_56BIT_VERSION}
CRYPT_RC2_64BIT_VERSION = 120;
{$EXTERNALSYM CRYPT_RC2_64BIT_VERSION}
CRYPT_RC2_128BIT_VERSION = 58;
{$EXTERNALSYM CRYPT_RC2_128BIT_VERSION}
//+-------------------------------------------------------------------------
// PKCS_SMIME_CAPABILITIES
// szOID_RSA_SMIMECapabilities
//
// pvStructInfo points to following CRYPT_SMIME_CAPABILITIES data structure.
//
// Note, for CryptEncodeObject(X509_ASN_ENCODING), Parameters.cbData == 0
// causes the encoded parameters to be omitted and not encoded as a NULL
// (05 00) as is done when encoding a CRYPT_ALGORITHM_IDENTIFIER. This
// is per the SMIME specification for encoding capabilities.
//--------------------------------------------------------------------------
type
PCRYPT_SMIME_CAPABILITY = ^CRYPT_SMIME_CAPABILITY;
{$EXTERNALSYM PCRYPT_SMIME_CAPABILITY}
_CRYPT_SMIME_CAPABILITY = record
pszObjId: LPSTR;
Parameters: CRYPT_OBJID_BLOB;
end;
{$EXTERNALSYM _CRYPT_SMIME_CAPABILITY}
CRYPT_SMIME_CAPABILITY = _CRYPT_SMIME_CAPABILITY;
{$EXTERNALSYM CRYPT_SMIME_CAPABILITY}
TCryptSmimeCapability = CRYPT_SMIME_CAPABILITY;
PCryptSmimeCapability = PCRYPT_SMIME_CAPABILITY;
PCRYPT_SMIME_CAPABILITIES = ^CRYPT_SMIME_CAPABILITIES;
{$EXTERNALSYM PCRYPT_SMIME_CAPABILITIES}
_CRYPT_SMIME_CAPABILITIES = record
cCapability: DWORD;
rgCapability: PCRYPT_SMIME_CAPABILITY;
end;
{$EXTERNALSYM _CRYPT_SMIME_CAPABILITIES}
CRYPT_SMIME_CAPABILITIES = _CRYPT_SMIME_CAPABILITIES;
{$EXTERNALSYM CRYPT_SMIME_CAPABILITIES}
TCryptSmimeCapabilities = CRYPT_SMIME_CAPABILITIES;
PCryptSmimeCapabilities = PCRYPT_SMIME_CAPABILITIES;
//+-------------------------------------------------------------------------
// PKCS7_SIGNER_INFO
//
// pvStructInfo points to CMSG_SIGNER_INFO.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMS_SIGNER_INFO
//
// pvStructInfo points to CMSG_CMS_SIGNER_INFO.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// Netscape Certificate Extension Object Identifiers
//--------------------------------------------------------------------------
const
szOID_NETSCAPE = '2.16.840.1.113730';
{$EXTERNALSYM szOID_NETSCAPE}
szOID_NETSCAPE_CERT_EXTENSION = '2.16.840.1.113730.1';
{$EXTERNALSYM szOID_NETSCAPE_CERT_EXTENSION}
szOID_NETSCAPE_CERT_TYPE = '2.16.840.1.113730.1.1';
{$EXTERNALSYM szOID_NETSCAPE_CERT_TYPE}
szOID_NETSCAPE_BASE_URL = '2.16.840.1.113730.1.2';
{$EXTERNALSYM szOID_NETSCAPE_BASE_URL}
szOID_NETSCAPE_REVOCATION_URL = '2.16.840.1.113730.1.3';
{$EXTERNALSYM szOID_NETSCAPE_REVOCATION_URL}
szOID_NETSCAPE_CA_REVOCATION_URL = '2.16.840.1.113730.1.4';
{$EXTERNALSYM szOID_NETSCAPE_CA_REVOCATION_URL}
szOID_NETSCAPE_CERT_RENEWAL_URL = '2.16.840.1.113730.1.7';
{$EXTERNALSYM szOID_NETSCAPE_CERT_RENEWAL_URL}
szOID_NETSCAPE_CA_POLICY_URL = '2.16.840.1.113730.1.8';
{$EXTERNALSYM szOID_NETSCAPE_CA_POLICY_URL}
szOID_NETSCAPE_SSL_SERVER_NAME = '2.16.840.1.113730.1.12';
{$EXTERNALSYM szOID_NETSCAPE_SSL_SERVER_NAME}
szOID_NETSCAPE_COMMENT = '2.16.840.1.113730.1.13';
{$EXTERNALSYM szOID_NETSCAPE_COMMENT}
//+-------------------------------------------------------------------------
// Netscape Certificate Data Type Object Identifiers
//--------------------------------------------------------------------------
szOID_NETSCAPE_DATA_TYPE = '2.16.840.1.113730.2';
{$EXTERNALSYM szOID_NETSCAPE_DATA_TYPE}
szOID_NETSCAPE_CERT_SEQUENCE = '2.16.840.1.113730.2.5';
{$EXTERNALSYM szOID_NETSCAPE_CERT_SEQUENCE}
//+-------------------------------------------------------------------------
// szOID_NETSCAPE_CERT_TYPE extension
//
// Its value is a bit string. CryptDecodeObject/CryptEncodeObject using
// X509_BITS or X509_BITS_WITHOUT_TRAILING_ZEROES.
//
// The following bits are defined:
//--------------------------------------------------------------------------
NETSCAPE_SSL_CLIENT_AUTH_CERT_TYPE = $80;
{$EXTERNALSYM NETSCAPE_SSL_CLIENT_AUTH_CERT_TYPE}
NETSCAPE_SSL_SERVER_AUTH_CERT_TYPE = $40;
{$EXTERNALSYM NETSCAPE_SSL_SERVER_AUTH_CERT_TYPE}
NETSCAPE_SMIME_CERT_TYPE = $20;
{$EXTERNALSYM NETSCAPE_SMIME_CERT_TYPE}
NETSCAPE_SIGN_CERT_TYPE = $10;
{$EXTERNALSYM NETSCAPE_SIGN_CERT_TYPE}
NETSCAPE_SSL_CA_CERT_TYPE = $04;
{$EXTERNALSYM NETSCAPE_SSL_CA_CERT_TYPE}
NETSCAPE_SMIME_CA_CERT_TYPE = $02;
{$EXTERNALSYM NETSCAPE_SMIME_CA_CERT_TYPE}
NETSCAPE_SIGN_CA_CERT_TYPE = $01;
{$EXTERNALSYM NETSCAPE_SIGN_CA_CERT_TYPE}
//+-------------------------------------------------------------------------
// szOID_NETSCAPE_BASE_URL extension
//
// Its value is an IA5_STRING. CryptDecodeObject/CryptEncodeObject using
// X509_ANY_STRING or X509_UNICODE_ANY_STRING, where,
// dwValueType = CERT_RDN_IA5_STRING.
//
// When present this string is added to the beginning of all relative URLs
// in the certificate. This extension can be considered an optimization
// to reduce the size of the URL extensions.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// szOID_NETSCAPE_REVOCATION_URL extension
//
// Its value is an IA5_STRING. CryptDecodeObject/CryptEncodeObject using
// X509_ANY_STRING or X509_UNICODE_ANY_STRING, where,
// dwValueType = CERT_RDN_IA5_STRING.
//
// It is a relative or absolute URL that can be used to check the
// revocation status of a certificate. The revocation check will be
// performed as an HTTP GET method using a url that is the concatenation of
// revocation-url and certificate-serial-number.
// Where the certificate-serial-number is encoded as a string of
// ascii hexadecimal digits. For example, if the netscape-base-url is
// https://www.certs-r-us.com/, the netscape-revocation-url is
// cgi-bin/check-rev.cgi?, and the certificate serial number is 173420,
// the resulting URL would be:
// https://www.certs-r-us.com/cgi-bin/check-rev.cgi?02a56c
//
// The server should return a document with a Content-Type of
// application/x-netscape-revocation. The document should contain
// a single ascii digit, '1' if the certificate is not curently valid,
// and '0' if it is curently valid.
//
// Note: for all of the URLs that include the certificate serial number,
// the serial number will be encoded as a string which consists of an even
// number of hexadecimal digits. If the number of significant digits is odd,
// the string will have a single leading zero to ensure an even number of
// digits is generated.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// szOID_NETSCAPE_CA_REVOCATION_URL extension
//
// Its value is an IA5_STRING. CryptDecodeObject/CryptEncodeObject using
// X509_ANY_STRING or X509_UNICODE_ANY_STRING, where,
// dwValueType = CERT_RDN_IA5_STRING.
//
// It is a relative or absolute URL that can be used to check the
// revocation status of any certificates that are signed by the CA that
// this certificate belongs to. This extension is only valid in CA
// certificates. The use of this extension is the same as the above
// szOID_NETSCAPE_REVOCATION_URL extension.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// szOID_NETSCAPE_CERT_RENEWAL_URL extension
//
// Its value is an IA5_STRING. CryptDecodeObject/CryptEncodeObject using
// X509_ANY_STRING or X509_UNICODE_ANY_STRING, where,
// dwValueType = CERT_RDN_IA5_STRING.
//
// It is a relative or absolute URL that points to a certificate renewal
// form. The renewal form will be accessed with an HTTP GET method using a
// url that is the concatenation of renewal-url and
// certificate-serial-number. Where the certificate-serial-number is
// encoded as a string of ascii hexadecimal digits. For example, if the
// netscape-base-url is https://www.certs-r-us.com/, the
// netscape-cert-renewal-url is cgi-bin/check-renew.cgi?, and the
// certificate serial number is 173420, the resulting URL would be:
// https://www.certs-r-us.com/cgi-bin/check-renew.cgi?02a56c
// The document returned should be an HTML form that will allow the user
// to request a renewal of their certificate.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// szOID_NETSCAPE_CA_POLICY_URL extension
//
// Its value is an IA5_STRING. CryptDecodeObject/CryptEncodeObject using
// X509_ANY_STRING or X509_UNICODE_ANY_STRING, where,
// dwValueType = CERT_RDN_IA5_STRING.
//
// It is a relative or absolute URL that points to a web page that
// describes the policies under which the certificate was issued.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// szOID_NETSCAPE_SSL_SERVER_NAME extension
//
// Its value is an IA5_STRING. CryptDecodeObject/CryptEncodeObject using
// X509_ANY_STRING or X509_UNICODE_ANY_STRING, where,
// dwValueType = CERT_RDN_IA5_STRING.
//
// It is a "shell expression" that can be used to match the hostname of the
// SSL server that is using this certificate. It is recommended that if
// the server's hostname does not match this pattern the user be notified
// and given the option to terminate the SSL connection. If this extension
// is not present then the CommonName in the certificate subject's
// distinguished name is used for the same purpose.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// szOID_NETSCAPE_COMMENT extension
//
// Its value is an IA5_STRING. CryptDecodeObject/CryptEncodeObject using
// X509_ANY_STRING or X509_UNICODE_ANY_STRING, where,
// dwValueType = CERT_RDN_IA5_STRING.
//
// It is a comment that may be displayed to the user when the certificate
// is viewed.
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// szOID_NETSCAPE_CERT_SEQUENCE
//
// Its value is a PKCS#7 ContentInfo structure wrapping a sequence of
// certificates. The value of the contentType field is
// szOID_NETSCAPE_CERT_SEQUENCE, while the content field is the following
// structure:
// CertificateSequence ::= SEQUENCE OF Certificate.
//
// CryptDecodeObject/CryptEncodeObject using
// PKCS_CONTENT_INFO_SEQUENCE_OF_ANY, where,
// pszObjId = szOID_NETSCAPE_CERT_SEQUENCE and the CRYPT_DER_BLOBs point
// to encoded X509 certificates.
//--------------------------------------------------------------------------
//+=========================================================================
// Object IDentifier (OID) Installable Functions: Data Structures and APIs
//==========================================================================
type
HCRYPTOIDFUNCSET = Pointer;
{$EXTERNALSYM HCRYPTOIDFUNCSET}
HCRYPTOIDFUNCADDR = Pointer;
{$EXTERNALSYM HCRYPTOIDFUNCADDR}
// Predefined OID Function Names
const
CRYPT_OID_ENCODE_OBJECT_FUNC = 'CryptDllEncodeObject';
{$EXTERNALSYM CRYPT_OID_ENCODE_OBJECT_FUNC}
CRYPT_OID_DECODE_OBJECT_FUNC = 'CryptDllDecodeObject';
{$EXTERNALSYM CRYPT_OID_DECODE_OBJECT_FUNC}
CRYPT_OID_ENCODE_OBJECT_EX_FUNC = 'CryptDllEncodeObjectEx';
{$EXTERNALSYM CRYPT_OID_ENCODE_OBJECT_EX_FUNC}
CRYPT_OID_DECODE_OBJECT_EX_FUNC = 'CryptDllDecodeObjectEx';
{$EXTERNALSYM CRYPT_OID_DECODE_OBJECT_EX_FUNC}
CRYPT_OID_CREATE_COM_OBJECT_FUNC = 'CryptDllCreateCOMObject';
{$EXTERNALSYM CRYPT_OID_CREATE_COM_OBJECT_FUNC}
CRYPT_OID_VERIFY_REVOCATION_FUNC = 'CertDllVerifyRevocation';
{$EXTERNALSYM CRYPT_OID_VERIFY_REVOCATION_FUNC}
CRYPT_OID_VERIFY_CTL_USAGE_FUNC = 'CertDllVerifyCTLUsage';
{$EXTERNALSYM CRYPT_OID_VERIFY_CTL_USAGE_FUNC}
CRYPT_OID_FORMAT_OBJECT_FUNC = 'CryptDllFormatObject';
{$EXTERNALSYM CRYPT_OID_FORMAT_OBJECT_FUNC}
CRYPT_OID_FIND_OID_INFO_FUNC = 'CryptDllFindOIDInfo';
{$EXTERNALSYM CRYPT_OID_FIND_OID_INFO_FUNC}
CRYPT_OID_FIND_LOCALIZED_NAME_FUNC = 'CryptDllFindLocalizedName';
{$EXTERNALSYM CRYPT_OID_FIND_LOCALIZED_NAME_FUNC}
// CryptDllEncodeObject has same function signature as CryptEncodeObject.
// CryptDllDecodeObject has same function signature as CryptDecodeObject.
// CryptDllEncodeObjectEx has same function signature as CryptEncodeObjectEx.
// The Ex version MUST support the CRYPT_ENCODE_ALLOC_FLAG option.
//
// If an Ex function isn't installed or registered, then, attempts to find
// a non-EX version. If the ALLOC flag is set, then, CryptEncodeObjectEx,
// does the allocation and calls the non-EX version twice.
// CryptDllDecodeObjectEx has same function signature as CryptDecodeObjectEx.
// The Ex version MUST support the CRYPT_DECODE_ALLOC_FLAG option.
//
// If an Ex function isn't installed or registered, then, attempts to find
// a non-EX version. If the ALLOC flag is set, then, CryptDecodeObjectEx,
// does the allocation and calls the non-EX version twice.
// CryptDllCreateCOMObject has the following signature:
// BOOL WINAPI CryptDllCreateCOMObject(
// IN DWORD dwEncodingType,
// IN LPCSTR pszOID,
// IN PCRYPT_DATA_BLOB pEncodedContent,
// IN DWORD dwFlags,
// IN REFIID riid,
// OUT void **ppvObj);
// CertDllVerifyRevocation has the same signature as CertVerifyRevocation
// (See CertVerifyRevocation for details on when called)
// CertDllVerifyCTLUsage has the same signature as CertVerifyCTLUsage
// CryptDllFindOIDInfo currently is only used to store values used by
// CryptFindOIDInfo. See CryptFindOIDInfo() for more details.
// CryptDllFindLocalizedName is only used to store localized string
// values used by CryptFindLocalizedName. See CryptFindLocalizedName() for
// more details.
// Example of a complete OID Function Registry Name:
// HKEY_LOCAL_MACHINESoftwareMicrosoftCryptographyOID
// Encoding Type 1CryptDllEncodeObject1.2.3
//
// The key's L"Dll" value contains the name of the Dll.
// The key's L"FuncName" value overrides the default function name
CRYPT_OID_REGPATH = 'SoftwareMicrosoftCryptographyOID';
{$EXTERNALSYM CRYPT_OID_REGPATH}
CRYPT_OID_REG_ENCODING_TYPE_PREFIX = 'EncodingType ';
{$EXTERNALSYM CRYPT_OID_REG_ENCODING_TYPE_PREFIX}
CRYPT_OID_REG_DLL_VALUE_NAME = 'Dll';
{$EXTERNALSYM CRYPT_OID_REG_DLL_VALUE_NAME}
CRYPT_OID_REG_FUNC_NAME_VALUE_NAME = 'FuncName';
{$EXTERNALSYM CRYPT_OID_REG_FUNC_NAME_VALUE_NAME}
CRYPT_OID_REG_FUNC_NAME_VALUE_NAME_A = 'FuncName';
{$EXTERNALSYM CRYPT_OID_REG_FUNC_NAME_VALUE_NAME_A}
// CRYPT_INSTALL_OID_FUNC_BEFORE_FLAG can be set in the key's L"CryptFlags"
// value to register the functions before the installed functions.
//
// CryptSetOIDFunctionValue must be called to set this value. L"CryptFlags"
// must be set using a dwValueType of REG_DWORD.
CRYPT_OID_REG_FLAGS_VALUE_NAME = 'CryptFlags';
{$EXTERNALSYM CRYPT_OID_REG_FLAGS_VALUE_NAME}
// OID used for Default OID functions
CRYPT_DEFAULT_OID = 'DEFAULT';
{$EXTERNALSYM CRYPT_DEFAULT_OID}
type
PCRYPT_OID_FUNC_ENTRY = ^CRYPT_OID_FUNC_ENTRY;
{$EXTERNALSYM PCRYPT_OID_FUNC_ENTRY}
_CRYPT_OID_FUNC_ENTRY = record
pszOID: LPCSTR;
pvFuncAddr: Pointer;
end;
{$EXTERNALSYM _CRYPT_OID_FUNC_ENTRY}
CRYPT_OID_FUNC_ENTRY = _CRYPT_OID_FUNC_ENTRY;
{$EXTERNALSYM CRYPT_OID_FUNC_ENTRY}
TCryptOidFuncEntry = CRYPT_OID_FUNC_ENTRY;
PCryptOidFuncEntry = PCRYPT_OID_FUNC_ENTRY;
const
CRYPT_INSTALL_OID_FUNC_BEFORE_FLAG = 1;
{$EXTERNALSYM CRYPT_INSTALL_OID_FUNC_BEFORE_FLAG}
//+-------------------------------------------------------------------------
// Install a set of callable OID function addresses.
//
// By default the functions are installed at end of the list.
// Set CRYPT_INSTALL_OID_FUNC_BEFORE_FLAG to install at beginning of list.
//
// hModule should be updated with the hModule passed to DllMain to prevent
// the Dll containing the function addresses from being unloaded by
// CryptGetOIDFuncAddress/CryptFreeOIDFunctionAddress. This would be the
// case when the Dll has also regsvr32'ed OID functions via
// CryptRegisterOIDFunction.
//
// DEFAULT functions are installed by setting rgFuncEntry[].pszOID =
// CRYPT_DEFAULT_OID.
//--------------------------------------------------------------------------
function CryptInstallOIDFunctionAddress(hModule: HMODULE; dwEncodingType: DWORD;
pszFuncName: LPCSTR; cFuncEntry: DWORD; rgFuncEntry: PCRYPT_OID_FUNC_ENTRY;
dwFlags: DWORD): BOOL; stdcall;
{$EXTERNALSYM CryptInstallOIDFunctionAddress}
//+-------------------------------------------------------------------------
// Initialize and return handle to the OID function set identified by its
// function name.
//
// If the set already exists, a handle to the existing set is returned.
//--------------------------------------------------------------------------
function CryptInitOIDFunctionSet(pszFuncName: LPCSTR; dwFlags: DWORD): HCRYPTOIDFUNCSET; stdcall;
{$EXTERNALSYM CryptInitOIDFunctionSet}
//+-------------------------------------------------------------------------
// Search the list of installed functions for an encoding type and OID match.
// If not found, search the registry.
//
// For success, returns TRUE with *ppvFuncAddr updated with the function's
// address and *phFuncAddr updated with the function address's handle.
// The function's handle is AddRef'ed. CryptFreeOIDFunctionAddress needs to
// be called to release it.
//
// For a registry match, the Dll containing the function is loaded.
//
// By default, both the registered and installed function lists are searched.
// Set CRYPT_GET_INSTALLED_OID_FUNC_FLAG to only search the installed list
// of functions. This flag would be set by a registered function to get
// the address of a pre-installed function it was replacing. For example,
// the registered function might handle a new special case and call the
// pre-installed function to handle the remaining cases.
//--------------------------------------------------------------------------
function CryptGetOIDFunctionAddress(hFuncSet: HCRYPTOIDFUNCSET;
dwEncodingType: DWORD; pszOID: LPCSTR; dwFlags: DWORD;
var ppvFuncAddr: Pointer; var phFuncAddr: HCRYPTOIDFUNCADDR): BOOL; stdcall;
{$EXTERNALSYM CryptGetOIDFunctionAddress}
const
CRYPT_GET_INSTALLED_OID_FUNC_FLAG = $1;
{$EXTERNALSYM CRYPT_GET_INSTALLED_OID_FUNC_FLAG}
//+-------------------------------------------------------------------------
// Get the list of registered default Dll entries for the specified
// function set and encoding type.
//
// The returned list consists of none, one or more null terminated Dll file
// names. The list is terminated with an empty (L"") Dll file name.
// For example: L"first.dll" L"" L"second.dll" L"" L""
//--------------------------------------------------------------------------
function CryptGetDefaultOIDDllList(hFuncSet: HCRYPTOIDFUNCSET; dwEncodingType: DWORD;
pwszDllList: LPWSTR; pcchDllList: DWORD): BOOL; stdcall;
{$EXTERNALSYM CryptGetDefaultOIDDllList}
//+-------------------------------------------------------------------------
// Either: get the first or next installed DEFAULT function OR
// load the Dll containing the DEFAULT function.
//
// If pwszDll is NULL, search the list of installed DEFAULT functions.
// *phFuncAddr must be set to NULL to get the first installed function.
// Successive installed functions are returned by setting *phFuncAddr
// to the hFuncAddr returned by the previous call.
//
// If pwszDll is NULL, the input *phFuncAddr
// is always CryptFreeOIDFunctionAddress'ed by this function, even for
// an error.
//
// If pwszDll isn't NULL, then, attempts to load the Dll and the DEFAULT
// function. *phFuncAddr is ignored upon entry and isn't
// CryptFreeOIDFunctionAddress'ed.
//
// For success, returns TRUE with *ppvFuncAddr updated with the function's
// address and *phFuncAddr updated with the function address's handle.
// The function's handle is AddRef'ed. CryptFreeOIDFunctionAddress needs to
// be called to release it or CryptGetDefaultOIDFunctionAddress can also
// be called for a NULL pwszDll.
//--------------------------------------------------------------------------
function CryptGetDefaultOIDFunctionAddress(hFuncSet: HCRYPTOIDFUNCSET;
dwEncodingType: DWORD; pwszDll: LPCWSTR; dwFlags: DWORD;
var ppvFuncAddr: Pointer; phFuncAddr: HCRYPTOIDFUNCADDR): BOOL; stdcall;
{$EXTERNALSYM CryptGetDefaultOIDFunctionAddress}
//+-------------------------------------------------------------------------
// Releases the handle AddRef'ed and returned by CryptGetOIDFunctionAddress
// or CryptGetDefaultOIDFunctionAddress.
//
// If a Dll was loaded for the function its unloaded. However, before doing
// the unload, the DllCanUnloadNow function exported by the loaded Dll is
// called. It should return S_FALSE to inhibit the unload or S_TRUE to enable
// the unload. If the Dll doesn't export DllCanUnloadNow, the Dll is unloaded.
//
// DllCanUnloadNow has the following signature:
// STDAPI DllCanUnloadNow(void);
//--------------------------------------------------------------------------
function CryptFreeOIDFunctionAddress(hFuncAddr: HCRYPTOIDFUNCADDR; dwFlags: DWORD): BOOL; stdcall;
{$EXTERNALSYM CryptFreeOIDFunctionAddress}
//+-------------------------------------------------------------------------
// Register the Dll containing the function to be called for the specified
// encoding type, function name and OID.
//
// pwszDll may contain environment-variable strings
// which are ExpandEnvironmentStrings()'ed before loading the Dll.
//
// In addition to registering the DLL, you may override the
// name of the function to be called. For example,
// pszFuncName = "CryptDllEncodeObject",
// pszOverrideFuncName = "MyEncodeXyz".
// This allows a Dll to export multiple OID functions for the same
// function name without needing to interpose its own OID dispatcher function.
//--------------------------------------------------------------------------
function CryptRegisterOIDFunction(dwEncodingType: DWORD; pszFuncName: LPCSTR;
pszOID: LPCSTR; pwszDll: LPCWSTR; pszOverrideFuncName: LPCSTR): BOOL; stdcall;
{$EXTERNALSYM CryptRegisterOIDFunction}
//+-------------------------------------------------------------------------
// Unregister the Dll containing the function to be called for the specified
// encoding type, function name and OID.
//--------------------------------------------------------------------------
function CryptUnregisterOIDFunction(dwEncodingType: DWORD; pszFuncName: LPCSTR;
pszOID: LPCSTR): BOOL; stdcall;
{$EXTERNALSYM CryptUnregisterOIDFunction}
//+-------------------------------------------------------------------------
// Register the Dll containing the default function to be called for the
// specified encoding type and function name.
//
// Unlike CryptRegisterOIDFunction, you can't override the function name
// needing to be exported by the Dll.
//
// The Dll is inserted before the entry specified by dwIndex.
// dwIndex == 0, inserts at the beginning.
// dwIndex == CRYPT_REGISTER_LAST_INDEX, appends at the end.
//
// pwszDll may contain environment-variable strings
// which are ExpandEnvironmentStrings()'ed before loading the Dll.
//--------------------------------------------------------------------------
function CryptRegisterDefaultOIDFunction(dwEncodingType: DWORD; pszFuncName: LPCSTR;
dwIndex: DWORD; pwszDll: LPCWSTR): BOOL; stdcall;
{$EXTERNALSYM CryptRegisterDefaultOIDFunction}
const
CRYPT_REGISTER_FIRST_INDEX = 0;
{$EXTERNALSYM CRYPT_REGISTER_FIRST_INDEX}
CRYPT_REGISTER_LAST_INDEX = DWORD($FFFFFFFF);
{$EXTERNALSYM CRYPT_REGISTER_LAST_INDEX}
//+-------------------------------------------------------------------------
// Unregister the Dll containing the default function to be called for
// the specified encoding type and function name.
//--------------------------------------------------------------------------
function CryptUnregisterDefaultOIDFunction(dwEncodingType: DWORD;
pszFuncName: LPCSTR; pwszDll: LPCWSTR): BOOL; stdcall;
{$EXTERNALSYM CryptUnregisterDefaultOIDFunction}
//+-------------------------------------------------------------------------
// Set the value for the specified encoding type, function name, OID and
// value name.
//
// See RegSetValueEx for the possible value types.
//
// String types are UNICODE.
//--------------------------------------------------------------------------
function CryptSetOIDFunctionValue(dwEncodingType: DWORD; pszFuncName: LPCSTR;
pszOID: LPCSTR; pwszValueName: LPCWSTR; dwValueType: DWORD; pbValueData: LPBYTE;
cbValueData: DWORD): BOOL; stdcall;
{$EXTERNALSYM CryptSetOIDFunctionValue}
//+-------------------------------------------------------------------------
// Get the value for the specified encoding type, function name, OID and
// value name.
//
// See RegEnumValue for the possible value types.
//
// String types are UNICODE.
//--------------------------------------------------------------------------
function CryptGetOIDFunctionValue(dwEncodingType: DWORD; pszFuncName: LPCSTR;
pszOID: LPCSTR; pwszValueName: LPCWSTR; var pdwValueType: DWORD;
pbValueData: LPBYTE; var pcbValueData: DWORD): BOOL; stdcall;
{$EXTERNALSYM CryptGetOIDFunctionValue}
type
PFN_CRYPT_ENUM_OID_FUNC = function (dwEncodingType: DWORD; pszFuncName,
pszOID: LPCSTR; cValue: DWORD; rgdwValueType: LPDWORD;
rgpwszValueName: LPCWSTR; rgpbValueData: LPBYTE; rgcbValueData: LPDWORD;
pvArg: Pointer): BOOL; stdcall;
{$EXTERNALSYM PFN_CRYPT_ENUM_OID_FUNC}
PFnCryptEnumOidFunc = PFN_CRYPT_ENUM_OID_FUNC;
//+-------------------------------------------------------------------------
// Enumerate the OID functions identified by their encoding type,
// function name and OID.
//
// pfnEnumOIDFunc is called for each registry key matching the input
// parameters. Setting dwEncodingType to CRYPT_MATCH_ANY_ENCODING_TYPE matches
// any. Setting pszFuncName or pszOID to NULL matches any.
//
// Set pszOID == CRYPT_DEFAULT_OID to restrict the enumeration to only the
// DEFAULT functions
//
// String types are UNICODE.
//--------------------------------------------------------------------------
function CryptEnumOIDFunction(dwEncodingType: DWORD; pszFuncName, pszOID: LPCSTR;
dwFlags: DWORD; pvArg: Pointer; pfnEnumOIDFunc: PFN_CRYPT_ENUM_OID_FUNC): BOOL; stdcall;
{$EXTERNALSYM CryptEnumOIDFunction}
const
CRYPT_MATCH_ANY_ENCODING_TYPE = DWORD($FFFFFFFF);
{$EXTERNALSYM CRYPT_MATCH_ANY_ENCODING_TYPE}
//+=========================================================================
// Object IDentifier (OID) Information: Data Structures and APIs
//==========================================================================
//+-------------------------------------------------------------------------
// OID Information
//--------------------------------------------------------------------------
type
PCRYPT_OID_INFO = ^CRYPT_OID_INFO;
{$EXTERNALSYM PCRYPT_OID_INFO}
_CRYPT_OID_INFO = record
cbSize: DWORD;
pszOID: LPCSTR;
pwszName: LPCWSTR;
dwGroupId: DWORD;
Union: record
case Integer of
0: (dwValue: DWORD);
1: (Algid: ALG_ID);
2: (dwLength: DWORD);
end;
ExtraInfo: CRYPT_DATA_BLOB;
end;
{$EXTERNALSYM _CRYPT_OID_INFO}
CRYPT_OID_INFO = _CRYPT_OID_INFO;
{$EXTERNALSYM CRYPT_OID_INFO}
TCryptOidInfo = CRYPT_OID_INFO;
PCryptOidInfo = PCRYPT_OID_INFO;
CCRYPT_OID_INFO = CRYPT_OID_INFO;
{$EXTERNALSYM CCRYPT_OID_INFO}
PCCRYPT_OID_INFO = PCRYPT_OID_INFO;
{$EXTERNALSYM PCCRYPT_OID_INFO}
//+-------------------------------------------------------------------------
// OID Group IDs
//--------------------------------------------------------------------------
const
CRYPT_HASH_ALG_OID_GROUP_ID = 1;
{$EXTERNALSYM CRYPT_HASH_ALG_OID_GROUP_ID}
CRYPT_ENCRYPT_ALG_OID_GROUP_ID = 2;
{$EXTERNALSYM CRYPT_ENCRYPT_ALG_OID_GROUP_ID}
CRYPT_PUBKEY_ALG_OID_GROUP_ID = 3;
{$EXTERNALSYM CRYPT_PUBKEY_ALG_OID_GROUP_ID}
CRYPT_SIGN_ALG_OID_GROUP_ID = 4;
{$EXTERNALSYM CRYPT_SIGN_ALG_OID_GROUP_ID}
CRYPT_RDN_ATTR_OID_GROUP_ID = 5;
{$EXTERNALSYM CRYPT_RDN_ATTR_OID_GROUP_ID}
CRYPT_EXT_OR_ATTR_OID_GROUP_ID = 6;
{$EXTERNALSYM CRYPT_EXT_OR_ATTR_OID_GROUP_ID}
CRYPT_ENHKEY_USAGE_OID_GROUP_ID = 7;
{$EXTERNALSYM CRYPT_ENHKEY_USAGE_OID_GROUP_ID}
CRYPT_POLICY_OID_GROUP_ID = 8;
{$EXTERNALSYM CRYPT_POLICY_OID_GROUP_ID}
CRYPT_LAST_OID_GROUP_ID = 8;
{$EXTERNALSYM CRYPT_LAST_OID_GROUP_ID}
CRYPT_FIRST_ALG_OID_GROUP_ID = CRYPT_HASH_ALG_OID_GROUP_ID;
{$EXTERNALSYM CRYPT_FIRST_ALG_OID_GROUP_ID}
CRYPT_LAST_ALG_OID_GROUP_ID = CRYPT_SIGN_ALG_OID_GROUP_ID;
{$EXTERNALSYM CRYPT_LAST_ALG_OID_GROUP_ID}
// The CRYPT_*_ALG_OID_GROUP_ID's have an Algid. The CRYPT_RDN_ATTR_OID_GROUP_ID
// has a dwLength. The CRYPT_EXT_OR_ATTR_OID_GROUP_ID,
// CRYPT_ENHKEY_USAGE_OID_GROUP_ID or CRYPT_POLICY_OID_GROUP_ID don't have a
// dwValue.
//
// CRYPT_PUBKEY_ALG_OID_GROUP_ID has the following optional ExtraInfo:
// DWORD[0] - Flags. CRYPT_OID_INHIBIT_SIGNATURE_FORMAT_FLAG can be set to
// inhibit the reformatting of the signature before
// CryptVerifySignature is called or after CryptSignHash
// is called. CRYPT_OID_USE_PUBKEY_PARA_FOR_PKCS7_FLAG can
// be set to include the public key algorithm's parameters
// in the PKCS7's digestEncryptionAlgorithm's parameters.
// CRYPT_OID_NO_NULL_ALGORITHM_PARA_FLAG can be set to omit
// NULL parameters when encoding.
CRYPT_OID_INHIBIT_SIGNATURE_FORMAT_FLAG = $1;
{$EXTERNALSYM CRYPT_OID_INHIBIT_SIGNATURE_FORMAT_FLAG}
CRYPT_OID_USE_PUBKEY_PARA_FOR_PKCS7_FLAG = $2;
{$EXTERNALSYM CRYPT_OID_USE_PUBKEY_PARA_FOR_PKCS7_FLAG}
CRYPT_OID_NO_NULL_ALGORITHM_PARA_FLAG = $4;
{$EXTERNALSYM CRYPT_OID_NO_NULL_ALGORITHM_PARA_FLAG}
// CRYPT_SIGN_ALG_OID_GROUP_ID has the following optional ExtraInfo:
// DWORD[0] - Public Key Algid.
// DWORD[1] - Flags. Same as above for CRYPT_PUBKEY_ALG_OID_GROUP_ID.
// DWORD[2] - Optional CryptAcquireContext(CRYPT_VERIFYCONTEXT)'s dwProvType.
// If omitted or 0, uses Public Key Algid to select
// appropriate dwProvType for signature verification.
// CRYPT_RDN_ATTR_OID_GROUP_ID has the following optional ExtraInfo:
// Array of DWORDs:
// [0 ..] - Null terminated list of acceptable RDN attribute
// value types. An empty list implies CERT_RDN_PRINTABLE_STRING,
// CERT_RDN_UNICODE_STRING, 0.
//+-------------------------------------------------------------------------
// Find OID information. Returns NULL if unable to find any information
// for the specified key and group. Note, returns a pointer to a constant
// data structure. The returned pointer MUST NOT be freed.
//
// dwKeyType's:
// CRYPT_OID_INFO_OID_KEY, pvKey points to a szOID
// CRYPT_OID_INFO_NAME_KEY, pvKey points to a wszName
// CRYPT_OID_INFO_ALGID_KEY, pvKey points to an ALG_ID
// CRYPT_OID_INFO_SIGN_KEY, pvKey points to an array of two ALG_ID's:
// ALG_ID[0] - Hash Algid
// ALG_ID[1] - PubKey Algid
//
// Setting dwGroupId to 0, searches all groups according to the dwKeyType.
// Otherwise, only the dwGroupId is searched.
//--------------------------------------------------------------------------
function CryptFindOIDInfo(dwKeyType: DWORD; pvKey: Pointer; dwGroupId: DWORD): PCCRYPT_OID_INFO; stdcall;
{$EXTERNALSYM CryptFindOIDInfo}
const
CRYPT_OID_INFO_OID_KEY = 1;
{$EXTERNALSYM CRYPT_OID_INFO_OID_KEY}
CRYPT_OID_INFO_NAME_KEY = 2;
{$EXTERNALSYM CRYPT_OID_INFO_NAME_KEY}
CRYPT_OID_INFO_ALGID_KEY = 3;
{$EXTERNALSYM CRYPT_OID_INFO_ALGID_KEY}
CRYPT_OID_INFO_SIGN_KEY = 4;
{$EXTERNALSYM CRYPT_OID_INFO_SIGN_KEY}
//+-------------------------------------------------------------------------
// Register OID information. The OID information specified in the
// CCRYPT_OID_INFO structure is persisted to the registry.
//
// crypt32.dll contains information for the commonly known OIDs. This function
// allows applications to augment crypt32.dll's OID information. During
// CryptFindOIDInfo's first call, the registered OID information is installed.
//
// By default the registered OID information is installed after crypt32.dll's
// OID entries. Set CRYPT_INSTALL_OID_INFO_BEFORE_FLAG to install before.
//--------------------------------------------------------------------------
function CryptRegisterOIDInfo(pInfo: PCCRYPT_OID_INFO; dwFlags: DWORD): BOOL; stdcall;
{$EXTERNALSYM CryptRegisterOIDInfo}
const
CRYPT_INSTALL_OID_INFO_BEFORE_FLAG = 1;
{$EXTERNALSYM CRYPT_INSTALL_OID_INFO_BEFORE_FLAG}
//+-------------------------------------------------------------------------
// Unregister OID information. Only the pszOID and dwGroupId fields are
// used to identify the OID information to be unregistered.
//--------------------------------------------------------------------------
function CryptUnregisterOIDInfo(pInfo: PCCRYPT_OID_INFO): BOOL; stdcall;
{$EXTERNALSYM CryptUnregisterOIDInfo}
// If the callback returns FALSE, stops the enumeration.
type
PFN_CRYPT_ENUM_OID_INFO = function (pInfo: PCCRYPT_OID_INFO; pvArg: Pointer): BOOL; stdcall;
{$EXTERNALSYM PFN_CRYPT_ENUM_OID_INFO}
PFnCryptEnumOidInfo = PFN_CRYPT_ENUM_OID_INFO;
//+-------------------------------------------------------------------------
// Enumerate the OID information.
//
// pfnEnumOIDInfo is called for each OID information entry.
//
// Setting dwGroupId to 0 matches all groups. Otherwise, only enumerates
// entries in the specified group.
//
// dwFlags currently isn't used and must be set to 0.
//--------------------------------------------------------------------------
function CryptEnumOIDInfo(dwGroupId: DWORD; dwFlags: DWORD; pvArg: Pointer;
pfnEnumOIDInfo: PFN_CRYPT_ENUM_OID_INFO): BOOL; stdcall;
{$EXTERNALSYM CryptEnumOIDInfo}
//+-------------------------------------------------------------------------
// Find the localized name for the specified name. For example, find the
// localized name for the "Root" system store name. A case insensitive
// string comparison is done.
//
// Returns NULL if unable to find the the specified name.
//
// Localized names for the predefined system stores ("Root", "My") and
// predefined physical stores (".Default", ".LocalMachine") are pre-installed
// as resource strings in crypt32.dll. CryptSetOIDFunctionValue can be called
// as follows to register additional localized strings:
// dwEncodingType = CRYPT_LOCALIZED_NAME_ENCODING_TYPE
// pszFuncName = CRYPT_OID_FIND_LOCALIZED_NAME_FUNC
// pszOID = CRYPT_LOCALIZED_NAME_OID
// pwszValueName = Name to be localized, for example, L"ApplicationStore"
// dwValueType = REG_SZ
// pbValueData = pointer to the UNICODE localized string
// cbValueData = (wcslen(UNICODE localized string) + 1) * sizeof(WCHAR)
//
// To unregister, set pbValueData to NULL and cbValueData to 0.
//
// The registered names are searched before the pre-installed names.
//--------------------------------------------------------------------------
function CryptFindLocalizedName(pwszCryptName: LPCWSTR): LPCWSTR; stdcall;
{$EXTERNALSYM CryptFindLocalizedName}
const
CRYPT_LOCALIZED_NAME_ENCODING_TYPE = 0;
{$EXTERNALSYM CRYPT_LOCALIZED_NAME_ENCODING_TYPE}
CRYPT_LOCALIZED_NAME_OID = 'LocalizedNames';
{$EXTERNALSYM CRYPT_LOCALIZED_NAME_OID}
//+=========================================================================
// Low Level Cryptographic Message Data Structures and APIs
//==========================================================================
type
HCRYPTMSG = Pointer;
{$EXTERNALSYM HCRYPTMSG}
PHCRYPTMSG = ^HCRYPTMSG;
{$NODEFINE PHCRYPTMSG}
const
szOID_PKCS_7_DATA = '1.2.840.113549.1.7.1';
{$EXTERNALSYM szOID_PKCS_7_DATA}
szOID_PKCS_7_SIGNED = '1.2.840.113549.1.7.2';
{$EXTERNALSYM szOID_PKCS_7_SIGNED}
szOID_PKCS_7_ENVELOPED = '1.2.840.113549.1.7.3';
{$EXTERNALSYM szOID_PKCS_7_ENVELOPED}
szOID_PKCS_7_SIGNEDANDENVELOPED = '1.2.840.113549.1.7.4';
{$EXTERNALSYM szOID_PKCS_7_SIGNEDANDENVELOPED}
szOID_PKCS_7_DIGESTED = '1.2.840.113549.1.7.5';
{$EXTERNALSYM szOID_PKCS_7_DIGESTED}
szOID_PKCS_7_ENCRYPTED = '1.2.840.113549.1.7.6';
{$EXTERNALSYM szOID_PKCS_7_ENCRYPTED}
szOID_PKCS_9_CONTENT_TYPE = '1.2.840.113549.1.9.3';
{$EXTERNALSYM szOID_PKCS_9_CONTENT_TYPE}
szOID_PKCS_9_MESSAGE_DIGEST = '1.2.840.113549.1.9.4';
{$EXTERNALSYM szOID_PKCS_9_MESSAGE_DIGEST}
//+-------------------------------------------------------------------------
// Message types
//--------------------------------------------------------------------------
CMSG_DATA = 1;
{$EXTERNALSYM CMSG_DATA}
CMSG_SIGNED = 2;
{$EXTERNALSYM CMSG_SIGNED}
CMSG_ENVELOPED = 3;
{$EXTERNALSYM CMSG_ENVELOPED}
CMSG_SIGNED_AND_ENVELOPED = 4;
{$EXTERNALSYM CMSG_SIGNED_AND_ENVELOPED}
CMSG_HASHED = 5;
{$EXTERNALSYM CMSG_HASHED}
CMSG_ENCRYPTED = 6;
{$EXTERNALSYM CMSG_ENCRYPTED}
//+-------------------------------------------------------------------------
// Message Type Bit Flags
//--------------------------------------------------------------------------
CMSG_ALL_FLAGS = (not 0);
{$EXTERNALSYM CMSG_ALL_FLAGS}
CMSG_DATA_FLAG = (1 shl CMSG_DATA);
{$EXTERNALSYM CMSG_DATA_FLAG}
CMSG_SIGNED_FLAG = (1 shl CMSG_SIGNED);
{$EXTERNALSYM CMSG_SIGNED_FLAG}
CMSG_ENVELOPED_FLAG = (1 shl CMSG_ENVELOPED);
{$EXTERNALSYM CMSG_ENVELOPED_FLAG}
CMSG_SIGNED_AND_ENVELOPED_FLAG = (1 shl CMSG_SIGNED_AND_ENVELOPED);
{$EXTERNALSYM CMSG_SIGNED_AND_ENVELOPED_FLAG}
CMSG_HASHED_FLAG = (1 shl CMSG_HASHED);
{$EXTERNALSYM CMSG_HASHED_FLAG}
CMSG_ENCRYPTED_FLAG = (1 shl CMSG_ENCRYPTED);
{$EXTERNALSYM CMSG_ENCRYPTED_FLAG}
//+-------------------------------------------------------------------------
// Certificate Issuer and SerialNumber
//--------------------------------------------------------------------------
type
PCERT_ISSUER_SERIAL_NUMBER = ^CERT_ISSUER_SERIAL_NUMBER;
{$EXTERNALSYM PCERT_ISSUER_SERIAL_NUMBER}
_CERT_ISSUER_SERIAL_NUMBER = record
Issuer: CERT_NAME_BLOB;
SerialNumber: CRYPT_INTEGER_BLOB;
end;
{$EXTERNALSYM _CERT_ISSUER_SERIAL_NUMBER}
CERT_ISSUER_SERIAL_NUMBER = _CERT_ISSUER_SERIAL_NUMBER;
{$EXTERNALSYM CERT_ISSUER_SERIAL_NUMBER}
TCertIssuerSerialNumber = CERT_ISSUER_SERIAL_NUMBER;
PCertIssuerSerialNumber = PCERT_ISSUER_SERIAL_NUMBER;
//+-------------------------------------------------------------------------
// Certificate Identifier
//--------------------------------------------------------------------------
PCERT_ID = ^CERT_ID;
{$EXTERNALSYM PCERT_ID}
_CERT_ID = record
dwIdChoice: DWORD;
case Integer of
// CERT_ID_ISSUER_SERIAL_NUMBER
0: (IssuerSerialNumber: CERT_ISSUER_SERIAL_NUMBER);
// CERT_ID_KEY_IDENTIFIER
1: (KeyId: CRYPT_HASH_BLOB);
// CERT_ID_SHA1_HASH
2: (HashId: CRYPT_HASH_BLOB);
end;
{$EXTERNALSYM _CERT_ID}
CERT_ID = _CERT_ID;
{$EXTERNALSYM CERT_ID}
TCertId = CERT_ID;
PCertId = PCERT_ID;
const
CERT_ID_ISSUER_SERIAL_NUMBER = 1;
{$EXTERNALSYM CERT_ID_ISSUER_SERIAL_NUMBER}
CERT_ID_KEY_IDENTIFIER = 2;
{$EXTERNALSYM CERT_ID_KEY_IDENTIFIER}
CERT_ID_SHA1_HASH = 3;
{$EXTERNALSYM CERT_ID_SHA1_HASH}
//+-------------------------------------------------------------------------
// The message encode information (pvMsgEncodeInfo) is message type dependent
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_DATA: pvMsgEncodeInfo = NULL
//--------------------------------------------------------------------------
//+-------------------------------------------------------------------------
// CMSG_SIGNED
//
// The pCertInfo in the CMSG_SIGNER_ENCODE_INFO provides the Issuer, SerialNumber
// and PublicKeyInfo.Algorithm. The PublicKeyInfo.Algorithm implicitly
// specifies the HashEncryptionAlgorithm to be used.
//
// If the SignerId is present with a nonzero dwIdChoice its used instead
// of the Issuer and SerialNumber in pCertInfo.
//
// CMS supports the KEY_IDENTIFIER and ISSUER_SERIAL_NUMBER CERT_IDs. PKCS #7
// version 1.5 only supports the ISSUER_SERIAL_NUMBER CERT_ID choice.
//
// If HashEncryptionAlgorithm is present and not NULL its used instead of
// the PublicKeyInfo.Algorithm.
//
// Note, for RSA, the hash encryption algorithm is normally the same as
// the public key algorithm. For DSA, the hash encryption algorithm is
// normally a DSS signature algorithm.
//
// pvHashEncryptionAuxInfo currently isn't used and must be set to NULL if
// present in the data structure.
//
// The hCryptProv and dwKeySpec specify the private key to use. If dwKeySpec
// == 0, then, defaults to AT_SIGNATURE.
//
// If CMSG_CRYPT_RELEASE_CONTEXT_FLAG is set in the dwFlags
// passed to CryptMsgOpenToEncode(), the signer hCryptProv's are released.
//
// pvHashAuxInfo currently isn't used and must be set to NULL.
//
// CMS signed messages allow the inclusion of Attribute Certs.
//--------------------------------------------------------------------------
type
PCMSG_SIGNER_ENCODE_INFO = ^CMSG_SIGNER_ENCODE_INFO;
{$EXTERNALSYM PCMSG_SIGNER_ENCODE_INFO}
_CMSG_SIGNER_ENCODE_INFO = record
cbSize: DWORD;
pCertInfo: PCERT_INFO;
hCryptProv: HCRYPTPROV;
dwKeySpec: DWORD;
HashAlgorithm: CRYPT_ALGORITHM_IDENTIFIER;
pvHashAuxInfo: Pointer;
cAuthAttr: DWORD;
rgAuthAttr: PCRYPT_ATTRIBUTE;
cUnauthAttr: DWORD;
rgUnauthAttr: PCRYPT_ATTRIBUTE;
{$IFDEF CMSG_SIGNER_ENCODE_INFO_HAS_CMS_FIELDS}
SignerId: CERT_ID;
HashEncryptionAlgorithm: CRYPT_ALGORITHM_IDENTIFIER;
pvHashEncryptionAuxInfo: Pointer;
{$ENDIF}
end;
{$EXTERNALSYM _CMSG_SIGNER_ENCODE_INFO}
CMSG_SIGNER_ENCODE_INFO = _CMSG_SIGNER_ENCODE_INFO;
{$EXTERNALSYM CMSG_SIGNER_ENCODE_INFO}
TCmsgSignerEncodeInfo = CMSG_SIGNER_ENCODE_INFO;
PCmsgSignerEncodeInfo = PCMSG_SIGNER_ENCODE_INFO;
PCMSG_SIGNED_ENCODE_INFO = ^CMSG_SIGNED_ENCODE_INFO;
{$EXTERNALSYM PCMSG_SIGNED_ENCODE_INFO}
_CMSG_SIGNED_ENCODE_INFO = record
cbSize: DWORD;
cSigners: DWORD;
rgSigners: PCMSG_SIGNER_ENCODE_INFO;
cCertEncoded: DWORD;
rgCertEncoded: PCERT_BLOB;
cCrlEncoded: DWORD;
rgCrlEncoded: PCRL_BLOB;
{$IFDEF CMSG_SIGNED_ENCODE_INFO_HAS_CMS_FIELDS}
cAttrCertEncoded: DWORD;
rgAttrCertEncoded: PCERT_BLOB;
{$ENDIF}
end;
{$EXTERNALSYM _CMSG_SIGNED_ENCODE_INFO}
CMSG_SIGNED_ENCODE_INFO = _CMSG_SIGNED_ENCODE_INFO;
{$EXTERNALSYM CMSG_SIGNED_ENCODE_INFO}
TCmsgSignedEncodeInfo = CMSG_SIGNED_ENCODE_INFO;
PCmsgSignedEncodeInfo = PCMSG_SIGNED_ENCODE_INFO;
//+-------------------------------------------------------------------------
// CMSG_ENVELOPED
//
// The PCERT_INFO for the rgRecipients provides the Issuer, SerialNumber
// and PublicKeyInfo. The PublicKeyInfo.Algorithm implicitly
// specifies the KeyEncryptionAlgorithm to be used.
//
// The PublicKeyInfo.PublicKey in PCERT_INFO is used to encrypt the content
// encryption key for the recipient.
//
// hCryptProv is used to do the content encryption, recipient key encryption
// and export. The hCryptProv's private keys aren't used. If hCryptProv
// is NULL, a default hCryptProv is chosen according to the
// ContentEncryptionAlgorithm and the first recipient KeyEncryptionAlgorithm.
//
// If CMSG_CRYPT_RELEASE_CONTEXT_FLAG is set in the dwFlags
// passed to CryptMsgOpenToEncode(), the envelope's hCryptProv is released.
//
// Note: CAPI currently doesn't support more than one KeyEncryptionAlgorithm
// per provider. This will need to be fixed.
//
// Currently, pvEncryptionAuxInfo is only defined for RC2 or RC4 encryption
// algorithms. Otherwise, its not used and must be set to NULL.
// See CMSG_RC2_AUX_INFO for the RC2 encryption algorithms.
// See CMSG_RC4_AUX_INFO for the RC4 encryption algorithms.
//
// To enable SP3 compatible encryption, pvEncryptionAuxInfo should point to
// a CMSG_SP3_COMPATIBLE_AUX_INFO data structure.
//
// To enable the CMS envelope enhancements, rgpRecipients must be set to
// NULL, and rgCmsRecipients updated to point to an array of
// CMSG_RECIPIENT_ENCODE_INFO's.
//
// Also, CMS envelope enhancements support the inclusion of a bag of
// Certs, CRLs, Attribute Certs and/or Unprotected Attributes.
//--------------------------------------------------------------------------
type
PCMSG_ENVELOPED_ENCODE_INFO = ^CMSG_ENVELOPED_ENCODE_INFO;
{$EXTERNALSYM PCMSG_ENVELOPED_ENCODE_INFO}
_CMSG_ENVELOPED_ENCODE_INFO = record
cbSize: DWORD;
hCryptProv: HCRYPTPROV;
ContentEncryptionAlgorithm: CRYPT_ALGORITHM_IDENTIFIER;
pvEncryptionAuxInfo: Pointer;
cRecipients: DWORD;
// The following array may only be used for transport recipients identified
// by their IssuereAndSerialNumber. If rgpRecipients != NULL, then,
// the rgCmsRecipients must be NULL.
rgpRecipients: PCERT_INFO;
{$IFDEF CMSG_ENVELOPED_ENCODE_INFO_HAS_CMS_FIELDS}
// If rgCmsRecipients != NULL, then, the above rgpRecipients must be
// NULL.
rgCmsRecipients: PCMSG_RECIPIENT_ENCODE_INFO;
cCertEncoded: DWORD;
rgCertEncoded: PCERT_BLOB;
cCrlEncoded: DWORD;
rgCrlEncoded: PCRL_BLOB;
cAttrCertEncoded: DWORD;
rgAttrCertEncoded: PCERT_BLOB;
cUnprotectedAttr: DWORD;
rgUnprotectedAttr: PCRYPT_ATTRIBUTE;
{$ENDIF}
end;
{$EXTERNALSYM _CMSG_ENVELOPED_ENCODE_INFO}
CMSG_ENVELOPED_ENCODE_INFO = _CMSG_ENVELOPED_ENCODE_INFO;
{$EXTERNALSYM CMSG_ENVELOPED_ENCODE_INFO}
TCmsgEnvelopedEncodeInfo = CMSG_ENVELOPED_ENCODE_INFO;
PCmsgEnvelopedEncodeInfo = PCMSG_ENVELOPED_ENCODE_INFO;
//+-------------------------------------------------------------------------
// Key Transport Recipient Encode Info
//
// hCryptProv is used to do the recipient key encryption
// and export. The hCryptProv's private keys aren't used.
//
// If hCryptProv is NULL, then, the hCryptProv specified in
// CMSG_ENVELOPED_ENCODE_INFO is used.
//
// Note, even if CMSG_CRYPT_RELEASE_CONTEXT_FLAG is set in the dwFlags
// passed to CryptMsgOpenToEncode(), this hCryptProv isn't released.
//
// CMS supports the KEY_IDENTIFIER and ISSUER_SERIAL_NUMBER CERT_IDs. PKCS #7
// version 1.5 only supports the ISSUER_SERIAL_NUMBER CERT_ID choice.
//--------------------------------------------------------------------------
PCMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO = ^CMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO;
{$EXTERNALSYM PCMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO}
_CMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO = record
cbSize: DWORD;
KeyEncryptionAlgorithm: CRYPT_ALGORITHM_IDENTIFIER;
pvKeyEncryptionAuxInfo: Pointer;
hCryptProv: HCRYPTPROV;
RecipientPublicKey: CRYPT_BIT_BLOB;
RecipientId: CERT_ID;
end;
{$EXTERNALSYM _CMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO}
CMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO = _CMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO;
{$EXTERNALSYM CMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO}
TCmsgKeyTransRecipientEncodeInfo = CMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO;
PCmsgKeyTransRecipientEncodeInfo = PCMSG_KEY_TRANS_RECIPIENT_ENCODE_INFO;
//+-------------------------------------------------------------------------
// Key Agreement Recipient Encode Info
//
// If hCryptProv is NULL, then, the hCryptProv specified in
// CMSG_ENVELOPED_ENCODE_INFO is used.
//
// For the CMSG_KEY_AGREE_STATIC_KEY_CHOICE, both the hCryptProv and
// dwKeySpec must be specified to select the sender's private key.
//
// Note, even if CMSG_CRYPT_RELEASE_CONTEXT_FLAG is set in the dwFlags
// passed to CryptMsgOpenToEncode(), this hCryptProv isn't released.
//
// CMS supports the KEY_IDENTIFIER and ISSUER_SERIAL_NUMBER CERT_IDs.
//
// There is 1 key choice, ephemeral originator. The originator's ephemeral
// key is generated using the public key algorithm parameters shared
// amongst all the recipients.
//
// There are 2 key choices: ephemeral originator or static sender. The
// originator's ephemeral key is generated using the public key algorithm
// parameters shared amongst all the recipients. For the static sender its
// private key is used. The hCryptProv and dwKeySpec specify the private key.
// The pSenderId identifies the certificate containing the sender's public key.
//
// Currently, pvKeyEncryptionAuxInfo isn't used and must be set to NULL.
//
// If KeyEncryptionAlgorithm.Parameters.cbData == 0, then, its Parameters
// are updated with the encoded KeyWrapAlgorithm.
//
// Currently, pvKeyWrapAuxInfo is only defined for algorithms with
// RC2. Otherwise, its not used and must be set to NULL.
// When set for RC2 algorithms, points to a CMSG_RC2_AUX_INFO containing
// the RC2 effective key length.
//
// Note, key agreement recipients are not supported in PKCS #7 version 1.5.
//--------------------------------------------------------------------------
PCMSG_RECIPIENT_ENCRYPTED_KEY_ENCODE_INFO = ^CMSG_RECIPIENT_ENCRYPTED_KEY_ENCODE_INFO;
{$EXTERNALSYM PCMSG_RECIPIENT_ENCRYPTED_KEY_ENCODE_INFO}
_CMSG_RECIPIENT_ENCRYPTED_KEY_ENCODE_INFO = record
cbSize: DWORD;
RecipientPublicKey: CRYPT_BIT_BLOB;
RecipientId: CERT_ID;
// Following fields are optional and only applicable to KEY_IDENTIFIER
// CERT_IDs.
Date: FILETIME;
pOtherAttr: PCRYPT_ATTRIBUTE_TYPE_VALUE;
end;
{$EXTERNALSYM _CMSG_RECIPIENT_ENCRYPTED_KEY_ENCODE_INFO}