CryptGetMessageCertificates

The CryptGetMessageCertificates function returns the certificate store containing the message's certificates and CRLs. This function calls CertOpenStore using provider type CERT_STORE_PROV_PKCS7 for lpszStoreProvider. See CertOpenStore for additional details.

#include <wincrypt.h>
HCERTSTORE WINAPI CryptGetMessageCertificates(
  DWORD dwMsgAndCertEncodingType,  // in
  HCRYPTPROV hCryptProv,           // in
  DWORD dwFlags,                   // in
  const BYTE *pbSignedBlob,        // in
  DWORD cbSignedBlob               // in
);

Parameters

dwMsgAndCertEncodingType
The type of encoding used. Note that both a certificate and message encoding type is required to be specified by combining them with a bitwise OR operation as shown in the following example: 
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING

Currently defined encoding types are shown in the following table.
Encoding type Value
X509_ASN_ENCODING 0x00000001
PKCS_7_ASN_ENCODING 0x00010000

hCryptProv
Specifies a handle to the cryptographic provider passed to CertOpenStore. See CertOpenStore for additional details.

Unless there is a strong reason for passing in a specific cryptographic provider in hCryptProv, zero should be passed in. Passing in zero causes the default RSA or DSS provider to be acquired before doing hash, signature verification or recipient encryption operations.

dwFlags
The flags passed to CertOpenStore. See CertOpenStore for additional details.
pbSignedBlob
A pointer to the signed message.
cbSignedBlob
The size, in bytes, of the signed message.

Return Values

Returns the certificate store containing the message's certificates and CRLs. For an error, NULL is returned.

Call GetLastError to see the reason for any failures. This function has the following error codes.

Error code Description
E_INVALIDARG Invalid message and certificate encoding types. Currently only PKCS_7_ASN_ENCODING and X509_ASN_ENCODING are supported.
CRYPT_E_OSS_ERROR Message ASN.1 decoding error. Note, to get the OSS error subtract CRYPT_E_OSS_ERROR from the returned error and see asn1code.h for details on the error.

Remarks

Use GetLastError to determine the reason for any errors.

Example

// EXAMPLE CODE FOR USING CryptGetMessageCertificates().
// Gets the certificate store with the message's certificates and CRLs.
// Assume that a pointer to the signed message
// (pbSignedBlob) has already been defined.

// Set up the variables.
DWORD dwMsgAndCertEncodingType =X509_ASN_ENCODING|PKCS_7_ASN_ENCODING;
                            // Type of encoding
HCRYPTPROV hCryptProv = 0;  // Service Provider handle
DWORD dwFlags = CERT_STORE_NO_CRYPT_RELEASE_FLAG;
                            // Flags to CertOpenStore
const BYTE *pbSignedBlob;   // Initialized elsewhere -
                            //   Pointer to the signed message
DWORD cbSignedBlob = 128;   // Size of message
HCERTSTORE hResult;         // Returns a certificate store

// Function call to receive the certificate store
hResult= CryptGetMessageCertificates(
           dwMsgAndCertEncodingType,  // in
           hCryptProv,                // in
           dwFlags,                   // in
           pbSignedBlob,              // in
           cbSignedBlob);             // in

if (hResult == NULL) {                // FALSE
  cout<< "Function failed"<< endl
      << "error code = "<< GetLastError()<< endl;
}
else {                                // TRUE
  cout<< "Function succeeded"<< endl;
}

QuickInfo

  Windows NT: Requires version 4.0 SP3 or later. Available also in IE 3.02 and later.
  Windows: Requires Windows 98 (or Windows 95 with IE 3.02 or later).
  Windows CE: Unsupported.
  Header: Declared in wincrypt.h.
  Import Library: Use crypt32.lib.

See Also

CryptVerifyMessageSignature