Creating, Signing, and Storing a CTL
The following procedures describe how to create a signed CTL and save it to a certificate store.
To create and sign a CTL
-
Create an array of items to be stored in the CTL. In the case of trusted certificates, this must be the SHA1 or MD5 hashes of the trusted certificates.
-
Initialize a CTL_INFO structure that includes the array of items just created.
-
Initialize a CMSG_SIGNED_ENCODE_INFO structure.
-
Call CryptMsgEncodeAndSignCTL. This function call returns a pointer to a signed, encoded CTL (in a PKCS #7 format) that contains the list of items created in step 1.
To add a CTL to a certificate store
-
Get a pointer to a signed and encoded CTL.
-
Open the target certificate store with a call to CertOpenStore.
-
Call CertAddEncodedCTLToStore.