The CMSG_ENVELOPED_ENCODE_INFO structure is used for enveloped messages. This structure is passed to CryptMsgOpenToEncode for a value of CMSG_ENVELOPED in dwMsgType.
typedef struct _CMSG_ENVELOPED_ENCODE_INFO {
DWORD cbSize;
HCRYPTPROV hCryptProv;
CRYPT_ALGORITHM_IDENTIFIER ContentEncryptionAlgorithm;
void* pvEncryptionAuxInfo;
DWORD cRecipients;
PCERT_INFO* rgpRecipients;
} CMSG_ENVELOPED_ENCODE_INFO, *PCMSG_ENVELOPED_ENCODE_INFO;
Unless there is a strong reason for passing in a specific cryptographic provider in hCryptProv, zero should be passed in. Passing in zero causes the default RSA or DSS provider to be acquired before doing hash, signature verification or recipient encryption operations.
The following encryption algorithms require that the ContentEncryptionAlgorithm's Parameters contain an encoded 8 byte Initialization Vector (IV) (see CryptSetKeyParam for more information about the KP_IV parameter).
szOID_OIWSEC_desCBC (CALG_DES)
szOID_RSA_DES_EDE3_CBC (CALG_3DES)
szOID_RSA_RC4 (CALG_RC4)
If the ContentEncryptionAlgorithm.Parameters.cbData = 0, then, an ASN.1 encoded OCTET STRING containing the IV is automatically generated. The IV is created using CryptGenRandom.
Note that when a message is decrypted, if it has an Initialization Vector parameter, the cryptographic message functions will call CryptSetKeyParam with the Initialization Vector before doing the decrypt.
The szOID_RSA_RC2CBC(CALG_RC2) algorithm requires the Parameters to be encoded as a CRYPT_RC2_CBC_PARAMETERS data structure. If the ContentEncryptionAlgorithm.Parameters.cbData = 0, then, an ASN.1 encoded CRYPT_RC2_CBC_PARAMETERS containing the IV is automatically generated, where the dwVersion corresponding to the 40 bit length is used for the default. To override the default 40 bit length, the pvEncryptionAuxInfo member can be used to point to a CMSG_RC2_AUX_INFO data structure which contains the bit length.
CERT_INFO, CRYPT_ALGORITHM_IDENTIFIER