CryptHashCertificate

The CryptHashCertificate function hashes the entire encoded content, including the signature.

#include <wincrypt.h>
BOOL WINAPI CryptHashCertificate(
  HCRYPTPROV hCryptProv,     // in
  ALG_ID Algid,              // in
  DWORD dwFlags,             // in
  const BYTE *pbEncoded,     // in
  DWORD cbEncoded,           // in
  BYTE *pbComputedHash,      // out
  DWORD *pcbComputedHash     // in, out
);
 

Parameters

hCryptProv
Specifies the Cryptographic Service Provider to use to compute the hash.

Unless there is a strong reason for passing in a specific cryptographic provider in hCryptProv, zero should be passed in. Passing in zero causes the default RSA or DSS provider to be acquired before doing hash, signature verification or recipient encryption operations.

Algid
Specifies the CryptoAPI hash algorithm to use. If Algid is zero, the default hash algorithm, SHA1, is used.
dwFlags
These flags are passed through to CryptCreateHash. See it for details.
pbEncoded
The address of the encoded content that is to be hashed.
cbEncoded
The size, in bytes, of the encoded content.
pbComputedHash
Pointer to a buffer that receives the computed hash.

This parameter can be NULL to set the size of this information for memory allocation purposes. For more information, see Common In/Out Parameter Conventions.

pcbComputedHash
Pointer to a DWORD that contains the size, in bytes, of the buffer pointed to by the pbComputedHash parameter. When the function returns, the variable pointed to by the pcbComputedHash parameter contains the number of bytes stored in the buffer. This parameter can be NULL only if pbComputedHash is NULL.

Note  When processing the data returned in the buffer, applications need to use the actual size of the data returned. The actual size may be slightly smaller than the size of the buffer specified on input. (On input, buffer sizes are usually specified large enough to insure that the largest possible output data will fit in the buffer.) On output, the variable pointed to by this parameter is updated to reflect the actual size of the data copied to the buffer.

Return Values

TRUE if the function succeeded, FALSE if the function failed.

Call GetLastError to see the reason for any failures. Note that errors from the called functions CryptCreateHash, CryptGetHashParam and CryptHashData may be propagated to this function.

Example

// EXAMPLE CODE FOR USING CryptHashCertificate() to 
// hash a certificate for which a certificate context has already
// been obtained (pCertContext).
PCCERT_CONTEXT pCertContext; // Initialized elsewhere

// First, get a cryptographic provider.
HCRYPTPROV hCryptProv = NULL; // Handle returned here
BOOL fReturn = FALSE;

fReturn = CryptAcquireContext(
          &hCryptProv,         // Address for handle to be returned.
          NULL,                // Use the current user's logon name.
          NULL,                // Use the default provider.
          PROV_RSA_FULL,       // Need to do both encrypt & sign.
          NULL);               // No flags needed.
if(TRUE != fReturn)
    printf("Couldn't Get a Cryptographic Provider");

// If the function succeeded, the handle to the cryptographic
// provider resides at hCryptProv.

DWORD  maxSHAhashlen = 20; // The max size hash for SHA is 20 bytes.
BYTE * pbComputedHash;     // Buffer pointer.

// Allocate the memory for the computed hash.
pbComputedHash = (BYTE *)malloc(maxSHAhashlen );

// Hash the certificate using SHA for the hashing algorithm.
fReturn = CryptHashCertificate(hCryptProv, CALG_SHA, 0, 
                               pCertContext->pbCertEncoded,
                               pCertContext->cbCertEncoded,
                               pbComputedHash , &maxSHAhashlen );

// Use the hash as desired…

// Free memory allocated when through.
free(pbComputedHash);

// Note : An alternate way of obtaining the CALG_SHA hash is to 
// make a call to CertGetCertificateContextProperty specifying 
// CERT_SHA1_HASH_PROP_ID which calculates the hash if it has not 
// already been calculated. If it already has been calculated,
// a throughput benefit is realized.
 

QuickInfo

  Windows NT: Requires version 4.0 SP3 or later. Available also in IE 3.02 and later.
  Windows: Requires Windows 98 (or Windows 95 with IE 3.02 or later).
  Windows CE: Unsupported.
  Header: Declared in wincrypt.h.
  Import Library: Use crypt32.lib.

See Also

CryptHashPublicKeyInfo, CryptHashToBeSigned