The Certificate Context

A certificate context is simply a C structure that contains an encoding type member, a handle to a certificate store, a pointer to the original encoded certificate blob, and a pointer to a CERT_INFO C structure. It is the CERT_INFO structure that contains most of the certificate information.

The first step that must be taken when decoding a certificate blob is to call CertCreateCertificateContext, passing it a pointer to the encoded certificate (blob). When this function is called, it creates a duplicate of the encoded certificate, creates a structure of type CERT_CONTEXT, and creates a structure of type CERT_INFO. As shown in the following illustration, a certificate context includes the original certificate blob, a C structure of type CERT_CONTEXT, and a C structure of type CERT_INFO. One of the members of the CERT_CONTEXT structure points to the CERT_INFO structure and another to the encoded certificate blob.