Platform SDK: Certificate Enrollment Control

ICEnroll::HashAlgorithm [C++]

CEnroll.HashAlgorithm [Visual Basic]

The HashAlgorithm property refers only to the signature hash algorithm used to sign the PKCS #10. It is not to be confused with the hash algorithm used to sign the certificate. The enrollment control currently supports any OID for hash algorithms, plus the following friendly name values: SHA1 (the default), MD2, and MD5. When retrieving this property, the retrieved value is in OID format (i.e., SHA1 appears as 1.3.14.3.2.29); when setting this property, the corresponding OID format can be used as an alternative to the text shown for the defined friendly values.

The Certificate Enrollment Control considers the HashAlgorithm value as a hint to the hash algorithm to use for signing the PKCS #10. If the CSP supports the algorithm specified in the HashAlgorithm, it will be used; otherwise, the Certificate Enrollment Control will try to use SHA1. If SHA1 is not supported by the CSP, then MD5 will be tried. If neither SHA1 or MD5 is supported, the Certificate Enrollment Control will try to use the first hash algorithm returned from the CSP.

[Visual Basic]
objEnroll.HashAlgorithm [ = HashAlg ]
[C++]
HRESULT put_HashAlgorithm(BSTR HashAlg);
HRESULT get_HashAlgorithm(BSTR * pHashAlg);

Parameters

[Visual Basic] objEnroll

Object expression that resolves to a CEnroll object.

[Visual Basic,C++] HashAlg

The string value assigned to the HashAlgorithm property. It can be one of the following values:

"SHA1" (the default)
"MD2"
"MD5"

Alternatively, it can be any OID for a hash algorithm.

[C++] pHashAlg

Pointer to retrieved property value.

Remarks

HashAlgorithm affects the behavior of the following methods:

If both the ICEnroll3::HashAlgID and HashAlgorithm properties are set, whichever is last updated will specify which hash algorithm will be used to sign the PKCS #10.

Example Code [C++]

BSTR     bstrHashAlg = NULL;
HRESULT  hr;

// get the hash algorithm
hr = pEnroll->get_HashAlgorithm( &bstrHashAlg );
if ( FAILED ( hr ) )
    printf("Failed get_HashAlgorithm - %x\n", hr );
else
    printf( "HashAlgorithm: %ws\n", bstrHashAlg );
// free BSTR
if ( NULL != bstrHashAlg )
    SysFreeString( bstrHashAlg);

BSTR    bstrMyHashAlg = SysAllocString(TEXT("MD5"));
// alternatively, ... = SysAllocString(TEXT("1.2.840.113549.1.1.4"));

// set the hash algorithm
hr = pEnroll->put_HashAlgorithm( bstrMyHashAlg );
if ( FAILED ( hr ) )
    printf("Failed put_HashAlgorithm - %x\n", hr );
else
    printf( "HashAlgorithm was set to %ws\n", bstrMyHashAlg );
// free BSTR
if ( NULL != bstrMyHashAlg )
    SysFreeString( bstrMyHashAlg);

Example Code [Visual Basic]

' declare Certificate Enrollment Control object
Dim objXen As Object

Dim strHashAlg As String

' instantiate the object
Set objXen = CreateObject("CEnroll.CEnroll.1")

' retrieve and display the HashAlgorithm
strHashAlg = objXen.HashAlgorithm
MsgBox strHashAlg, vbOKOnly, "HashAlgorithm"

' set the HashAlgorithm
objXen.HashAlgorithm = "MD5"
' alternatively, objXen.HashAlgorithm = "1.2.840.113549.1.1.4"

Requirements

  Windows NT/2000: Requires Windows 2000 (or Windows NT 4.0 with the Windows NT 4.0 Option Pack).
  Header: Declared in Xenroll.h.
  Library: Use Uuid.lib.