CRYPT_SIGN_MESSAGE_PARA
The CRYPT_SIGN_MESSAGE_PARA structure is used for signing messages by using the specified signing certificate context.
typedef struct _CRYPT_SIGN_MESSAGE_PARA {
DWORD cbSize;
DWORD dwMsgEncodingType;
PCCERT_CONTEXT pSigningCert;
CRYPT_ALGORITHM_IDENTIFIER HashAlgorithm;
void *pvHashAuxInfo;
DWORD cMsgCert;
PCCERT_CONTEXT *rgpMsgCert;
DWORD cMsgCrl;
PCCRL_CONTEXT *rgpMsgCrl;
DWORD cAuthAttr;
PCRYPT_ATTRIBUTE rgAuthAttr;
DWORD cUnauthAttr;
PCRYPT_ATTRIBUTE rgUnauthAttr;
DWORD dwFlags;
DWORD dwInnerContentType;
} CRYPT_SIGN_MESSAGE_PARA, *PCRYPT_SIGN_MESSAGE_PARA;
Members
-
cbSize
-
This member must be set to the size of this data structure.
-
dwMsgEncodingType
-
The type of message encoding used. Note that it is always acceptable to specify both the certificate and message encoding types, by combining them with a bitwise OR operation as shown in the following example:
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING
However, it is required only to specify the message encoding here. Currently defined encoding types are shown in the following table.
| Encoding type |
Value |
| X509_ASN_ENCODING |
0x00000001 |
| PKCS_7_ASN_ENCODING |
0x00010000 |
-
pSigningCert
-
A pointer to the certificate context to be used in the signing.
Either the CERT_KEY_PROV_INFO_PROP_ID, or CERT_KEY_CONTEXT_PROP_ID property must be set for the pSigningCert. They specify the private signature key to use.
-
HashAlgorithm
-
The hashing algorithm used to hash the data to be signed, for example, szOID_OIWSEC_sha1 or szOID_RSA_MD5.
-
pvHashAuxInfo
-
Not currently used, and must be set to NULL.
-
cMsgCert
-
The number of elements in the array rgpMsgCert. It may be set to zero, indicating that no certificates are to be included in the signed message.
-
rgpMsgCert
-
An array of pointers to certificate contexts to be included in the signed message. If the pSigningCert is to be included, then it must also be in the rgpMsgCert array.
-
cMsgCrl
-
The number of elements in the array rgpMsgCrl. It may be set to zero, indicating that no CRLs are to be included in the signed message.
-
rgpMsgCrl
-
An array of pointers to CRL contexts to be included in the signed message.
-
cAuthAttr
-
The number of elements in the array rgAuthAttr.
-
rgAuthAttr
-
An array of structures, each holding authenticated attribute information. If no authenticated attributes are present in rgAuthAttr, then cAuthAttr should be zero. If there are authenticated attributes present, then the PKCS #9 standard dictates that there must be at least two attributes present, the content type object identifier, and the hash of the message itself. These attributes are automatically added by the system.
-
cUnauthAttr
-
The number of elements in the array rgUnauthAttr.
-
rgUnauthAttr
-
An array of structures, each holding unauthenticated attribute information. If no unauthenticated attributes are present in rgUnauthAttr, then cUnauthAttr should be zero. Unauthenticated attributes may be used to contain countersignatures, among other uses.
-
dwFlags
-
dwFlags normally is set to zero. However, if the encoded output is to be a CMSG_SIGNED inner content of an outer cryptographic message, such as a CMSG_ENVELOPED message, then the CRYPT_MESSAGE_BARE_CONTENT_OUT_FLAG must be set. If it is not set, then it will be encoded as an inner content type of CMSG_DATA.
-
dwInnerContentType
-
dwInnerContentType is normally set to zero. It needs to be set if the input to be signed is the encoded output of another cryptographic message, such as, an CMSG_ENVELOPED message. When set, it's one of the cryptographic message types, for example, CMSG_ENVELOPED.
See Also
CERT_CONTEXT, CRL_CONTEXT, CRYPT_ALGORITHM_IDENTIFIER, CRYPT_ATTRIBUTE, CryptSignAndEncryptMessage, CryptSignMessage