These are generalized encoding and decoding functions, capable of encoding and decoding certificates, certificate revocation lists (CRL), certificate requests, and certificate extensions.
The function definitions can be found in Wincrypt.h.
| Function | Description |
|---|---|
| CryptDecodeObject | Decodes a structure of type lpszStructType. |
| CryptDecodeObjectEx | Decodes a structure of type lpszStructType. CryptDecodeObjectEx supports the one pass memory allocation option. |
| CryptEncodeObject | Encodes a structure of type lpszStructType. |
| CryptEncodeObjectEx | Encodes a structure of type lpszStructType. CryptEncodeObjectEx supports one pass memory allocation option. |
The following table lists predefined constants that are used with encode and decode operations.
The following table lists the extensions and attributes that are used with encode and decode operations. Note that the predefined constants and the object identifier strings can be used interchangeably.
| Predefined constants for Extensions and attributes for lpszStructType |
Object identifier string |
|---|---|
| PKCS_SMIME_CAPABILITIES szOID_RSA_SMIMECapabilities |
"1.2.840.113549.1.9.15" |
| PKCS_UTC_TIME szOID_RSA_signingTime |
"1.2.840.113549.1.9.5" |
| X509_ALTERNATE_NAME szOID_SUBJECT_ALT_NAME szOID_ISSUER_ALT_NAME szOID_SUBJECT_ALT_NAME2 szOID_ISSUER_ALT_NAME2 |
"2.5.29.7" "2.5.29.8" "2.5.29.17" "2.5.29.18" |
| X509_AUTHORITY_INFO_ACCESS szOID_AUTHORITY_INFO_ACCESS |
"1.3.6.1.5.5.7.1.1" |
| X509_AUTHORITY_KEY_ID szOID_AUTHORITY_KEY_IDENTIFIER |
"2.5.29.1" |
| X509_AUTHORITY_KEY_ID2 szOID_AUTHORITY_KEY_IDENTIFIER2 |
"2.5.29.35" |
| X509_BASIC_CONSTRAINTS szOID_BASIC_CONSTRAINTS |
"2.5.29.10" |
| X509_BASIC_CONSTRAINTS2 szOID_BASIC_CONSTRAINTS2 |
"2.5.29.19" |
| X509_CERT_POLICIES szOID_CERT_POLICIES |
"2.5.29.32" |
| X509_CRL_DIST_POINTS szOID_CRL_DIST_POINTS |
"2.5.29.31" |
| X509_CRL_REASON_CODE szOID_CRL_REASON_CODE |
"2.5.29.21" |
| X509_ENHANCED_KEY_USAGE szOID_ENHANCED_KEY_USAGE |
"2.5.29.37" |
| X509_KEY_ATTRIBUTES szOID_KEY_ATTRIBUTES |
"2.5.29.2" |
| X509_KEY_USAGE szOID_KEY_USAGE |
"2.5.29.15" |
| X509_KEY_USAGE_RESTRICTION szOID_KEY_USAGE_RESTRICTION |
"2.5.29.4" |
| X509_EXTENSIONS szOID_CERT_EXTENSIONS |
"1.3.6.1.4.1.311.2.1.14" |
| szOID_NEXT_UPDATE_LOCATION | "1.3.6.1.4.1.311.10.2" |
| szOID_SUBJECT_KEY_IDENTIFIER |
"2.5.29.14" |
The following table lists the Netscape extensions that are used with encode and decode operations. Note that the Netscape predefined constants and object identifier strings can not be used directly with CryptEncodeObject, CryptEncodeObjectEx, CryptDecodeObject, or CryptDecodeObjectEx. Instead, these extensions require the use of the appropriate constant specified in the section describing each extension.
| Predefined constants for Netscape Extensions |
Object identifier string |
|---|---|
| szOID_NETSCAPE_BASE_URL | "2.16.840.1.113730.1.2" |
| szOID_NETSCAPE_CA_POLICY_URL | "2.16.840.1.113730.1.8" |
| szOID_NETSCAPE_CA_REVOCATION_URL | "2.16.840.1.113730.1.4" |
| szOID_NETSCAPE_CERT_RENEWAL_URL | "2.16.840.1.113730.1.7" |
| szOID_NETSCAPE_CERT_SEQUENCE | "2.16.840.1.113730.2.5" |
| szOID_NETSCAPE_CERT_TYPE | "2.16.840.1.113730.1.1" |
| szOID_NETSCAPE_COMMENT | "2.16.840.1.113730.1.13" |
| szOID_NETSCAPE_REVOCATION_URL | "2.16.840.1.113730.1.3" |
| szOID_NETSCAPE_SSL_SERVER_NAME | "2.16.840.1.113730.1.12" |