请问如何使用delphi调用cryptoapi？我想要使用哈希算法加密(100分)

kaiery · 2006-06-18

请问如何使用delphi调用cryptoapi？我想要使用哈希算法加密 能给出具体例子或者代码吗？小弟在此感谢了

xianguo · 2006-06-18

//wcrypt2.pas {******************************************************************} {                                                                  } { Borland Delphi Runtime Library                                   } { Cryptographic API interface unit                                 } {                                                                  } { Portions created by Microsoft are                                } { Copyright (C) 1993-1998 Microsoft Corporation.                   } { All Rights Reserved.                                             } {                                                                  } { The original file is: wincrypt.h, 1992 - 1997                    } { The original Pascal code is: wcrypt2.pas, released 01 Jan 1998   } { The initial developer of the Pascal code is                      } {  Massimo Maria Ghisalberti  (nissl@dada.it)                      } {                                                                  } { Portions created by Massimo Maria Ghisalberti are                } { Copyright (C) 1997-1998 Massimo Maria Ghisalberti                } {                                                                  } { Contributor(s):                                                  } {     Peter Tang (peter.tang@citicorp.com)                         } {     Phil Shrimpton (phil@shrimpton.co.uk)                        } {                                                                  } { Obtained through:                                                } {                                                                  } { Joint Endeavour of Delphi Innovators (Project JEDI)              } {                                                                  } { You may retrieve the latest version of this file at the Project  } { JEDI home page, located at http://delphi-jedi.org                } {                                                                  } { The contents of this file are used with permission, subject to   } { the Mozilla Public License Version 1.1 (the "License&quot

; you may  } { not use this file except in compliance with the License. You may } { obtain a copy of the License at                                  } { http://www.mozilla.org/MPL/MPL-1.1.html                          } {                                                                  } { Software distributed under the License is distributed on an      } { "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or   } { implied. See the License for the specific language governing     } { rights and limitations under the License.                        } {                                                                  } {******************************************************************} unit wcrypt2; {.DEFINE NT5} {$ALIGN ON} {$IFNDEF VER90}  {$WEAKPACKAGEUNIT} {$ENDIF} interface uses  Windows  {$IFDEF VER90}  ,Ole2  {$ENDIF}; const  ADVAPI32    = 'advapi32.dll';  CRYPT32     = 'crypt32.dll';  SOFTPUB     = 'softpub.dll'; {$IFDEF NT5}  ADVAPI32NT5 = 'advapi32.dll'; {$ENDIF} {Support Type} type    PVOID = Pointer;    LONG  = DWORD;    {$IFDEF UNICODE}      LPAWSTR = PWideChar;    {$ELSE}      LPAWSTR = PAnsiChar;    {$ENDIF} //-----------------------------------------------------------------------------    // Type support for a pointer to an array of pointer (type **name)    PLPSTR          = Pointer; // type for a pointer to Array of pointer a type    PPCERT_INFO     = Pointer; // type for a pointer to Array of pointer a type    PPVOID          = Pointer; // type for a pointer to Array of pointer a type    PPCCERT_CONTEXT = Pointer; // type for a pointer to Array of pointer a type    PPCCTL_CONTEXT  = Pointer; // type for a pointer to Array of pointer a type    PPCCRL_CONTEXT  = Pointer; // type for a pointer to Array of pointer a type //----------------------------------------------------------------------------- //+--------------------------------------------------------------------------- // //  Microsoft Windows //  Copyright (C) Microsoft Corporation, 1992 - 1997. // //  File:       wincrypt.h // //  Contents:   Cryptographic API Prototypes and Definitions // //---------------------------------------------------------------------------- // // Algorithm IDs and Flags // // ALG_ID crackers function GET_ALG_CLASS(x:integer) :integer; function GET_ALG_TYPE(x:integer) :integer; function GET_ALG_SID(x:integer) :integer; Const  // Algorithm classes  ALG_CLASS_ANY          = 0;  ALG_CLASS_SIGNATURE    = (1 shl 13);  ALG_CLASS_MSG_ENCRYPT  = (2 shl 13);  ALG_CLASS_DATA_ENCRYPT = (3 shl 13);  ALG_CLASS_HASH         = (4 shl 13);  ALG_CLASS_KEY_EXCHANGE = (5 shl 13);  // Algorithm types  ALG_TYPE_ANY           = 0;  ALG_TYPE_DSS           = (1 shl 9);  ALG_TYPE_RSA           = (2 shl 9);  ALG_TYPE_BLOCK         = (3 shl 9);  ALG_TYPE_STREAM        = (4 shl 9);  ALG_TYPE_DH            = (5 shl 9);  ALG_TYPE_SECURECHANNEL = (6 shl 9);  // Generic sub-ids  ALG_SID_ANY = 0;  // Some RSA sub-ids  ALG_SID_RSA_ANY        = 0;  ALG_SID_RSA_PKCS       = 1;  ALG_SID_RSA_MSATWORK   = 2;  ALG_SID_RSA_ENTRUST    = 3;  ALG_SID_RSA_PGP        = 4;  // Some DSS sub-ids  ALG_SID_DSS_ANY        = 0;  ALG_SID_DSS_PKCS       = 1;  ALG_SID_DSS_DMS        = 2;  // Block cipher sub ids  // DES sub_ids  ALG_SID_DES            = 1;  ALG_SID_3DES           = 3;  ALG_SID_DESX           = 4;  ALG_SID_IDEA           = 5;  ALG_SID_CAST           = 6;  ALG_SID_SAFERSK64      = 7;  ALD_SID_SAFERSK128     = 8;  ALG_SID_SAFERSK128     = 8;  ALG_SID_3DES_112       = 9;  ALG_SID_CYLINK_MEK     = 12;  ALG_SID_RC5            = 13;  // Fortezza sub-ids  ALG_SID_SKIPJACK       = 10;  ALG_SID_TEK            = 11;  // KP_MODE  CRYPT_MODE_CBCI        = 6;  {ANSI CBC Interleaved}  CRYPT_MODE_CFBP        = 7;  {ANSI CFB Pipelined}  CRYPT_MODE_OFBP        = 8;  {ANSI OFB Pipelined}  CRYPT_MODE_CBCOFM      = 9;  {ANSI CBC + OF Masking}  CRYPT_MODE_CBCOFMI     = 10; {ANSI CBC + OFM Interleaved}  // RC2 sub-ids  ALG_SID_RC2            = 2;  // Stream cipher sub-ids  ALG_SID_RC4            = 1;  ALG_SID_SEAL           = 2;  // Diffie-Hellman sub-ids  ALG_SID_DH_SANDF       = 1;  ALG_SID_DH_EPHEM       = 2;  ALG_SID_AGREED_KEY_ANY = 3;  ALG_SID_KEA            = 4;  // Hash sub ids  ALG_SID_MD2            = 1;  ALG_SID_MD4            = 2;  ALG_SID_MD5            = 3;  ALG_SID_SHA            = 4;  ALG_SID_SHA1           = 4;  ALG_SID_MAC            = 5;  ALG_SID_RIPEMD         = 6;  ALG_SID_RIPEMD160      = 7;  ALG_SID_SSL3SHAMD5     = 8;  ALG_SID_HMAC           = 9;  // secure channel sub ids  ALG_SID_SSL3_MASTER          = 1;  ALG_SID_SCHANNEL_MASTER_HASH = 2;  ALG_SID_SCHANNEL_MAC_KEY     = 3;  ALG_SID_PCT1_MASTER          = 4;  ALG_SID_SSL2_MASTER          = 5;  ALG_SID_TLS1_MASTER          = 6;  ALG_SID_SCHANNEL_ENC_KEY     = 7;  // Our silly example sub-id  ALG_SID_EXAMPLE              = 80; {$IFNDEF ALGIDDEF}  {$DEFINE ALGIDDEF} Type ALG_ID = ULONG; {$ENDIF} // algorithm identifier definitions Const  CALG_MD2              = (ALG_CLASS_HASH or ALG_TYPE_ANY or ALG_SID_MD2);  CALG_MD4              = (ALG_CLASS_HASH or ALG_TYPE_ANY or ALG_SID_MD4);  CALG_MD5              = (ALG_CLASS_HASH or ALG_TYPE_ANY or ALG_SID_MD5);  CALG_SHA              = (ALG_CLASS_HASH or ALG_TYPE_ANY or ALG_SID_SHA);  CALG_SHA1             = (ALG_CLASS_HASH or ALG_TYPE_ANY or ALG_SID_SHA1);  CALG_MAC              = (ALG_CLASS_HASH or ALG_TYPE_ANY or ALG_SID_MAC);  CALG_RSA_SIGN         = (ALG_CLASS_SIGNATURE or ALG_TYPE_RSA or ALG_SID_RSA_ANY);  CALG_DSS_SIGN         = (ALG_CLASS_SIGNATURE or ALG_TYPE_DSS or ALG_SID_DSS_ANY);  CALG_RSA_KEYX         = (ALG_CLASS_KEY_EXCHANGE or ALG_TYPE_RSA or ALG_SID_RSA_ANY);  CALG_DES              = (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_DES);  CALG_3DES_112         = (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_3DES_112);  CALG_3DES             = (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_3DES);  CALG_RC2              = (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_RC2);  CALG_RC4              = (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_STREAM or ALG_SID_RC4);  CALG_SEAL             = (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_STREAM or ALG_SID_SEAL);  CALG_DH_SF            = (ALG_CLASS_KEY_EXCHANGE or ALG_TYPE_DH or ALG_SID_DH_SANDF);  CALG_DH_EPHEM         = (ALG_CLASS_KEY_EXCHANGE  or  ALG_TYPE_DH  or  ALG_SID_DH_EPHEM);  CALG_AGREEDKEY_ANY    = (ALG_CLASS_KEY_EXCHANGE  or ALG_TYPE_DH or ALG_SID_AGREED_KEY_ANY);  CALG_KEA_KEYX         = (ALG_CLASS_KEY_EXCHANGE or ALG_TYPE_DH or ALG_SID_KEA);  CALG_HUGHES_MD5       = (ALG_CLASS_KEY_EXCHANGE or ALG_TYPE_ANY or ALG_SID_MD5);  CALG_SKIPJACK         = (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_SKIPJACK);  CALG_TEK              = (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_TEK);  CALG_CYLINK_MEK       = (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_CYLINK_MEK);  CALG_SSL3_SHAMD5      = (ALG_CLASS_HASH  or  ALG_TYPE_ANY  or  ALG_SID_SSL3SHAMD5);  CALG_SSL3_MASTER      = (ALG_CLASS_MSG_ENCRYPT or ALG_TYPE_SECURECHANNEL or ALG_SID_SSL3_MASTER);  CALG_SCHANNEL_MASTER_HASH = (ALG_CLASS_MSG_ENCRYPT or ALG_TYPE_SECURECHANNEL or ALG_SID_SCHANNEL_MASTER_HASH);  CALG_SCHANNEL_MAC_KEY = (ALG_CLASS_MSG_ENCRYPT or ALG_TYPE_SECURECHANNEL or ALG_SID_SCHANNEL_MAC_KEY);  CALG_SCHANNEL_ENC_KEY = (ALG_CLASS_MSG_ENCRYPT or ALG_TYPE_SECURECHANNEL or ALG_SID_SCHANNEL_ENC_KEY);  CALG_PCT1_MASTER      = (ALG_CLASS_MSG_ENCRYPT or ALG_TYPE_SECURECHANNEL or ALG_SID_PCT1_MASTER);  CALG_SSL2_MASTER      = (ALG_CLASS_MSG_ENCRYPT or ALG_TYPE_SECURECHANNEL or ALG_SID_SSL2_MASTER);  CALG_TLS1_MASTER      = (ALG_CLASS_MSG_ENCRYPT or ALG_TYPE_SECURECHANNEL or ALG_SID_TLS1_MASTER);  CALG_RC5              = (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_RC5);  CALG_HMAC             = (ALG_CLASS_HASH  or  ALG_TYPE_ANY  or  ALG_SID_HMAC); type  PVTableProvStruc = ^VTableProvStruc;  VTableProvStruc = record    Version

WORD;    FuncVerifyImage :TFarProc;    FuncReturnhWnd  :TFarProc;    dwProvType

WORD;    pbContextInfo

BYTE;    cbContextInfo

WORD; end; //type HCRYPTPROV = ULONG; //type HCRYPTKEY  = ULONG; //type HCRYPTHASH = ULONG; const  // dwFlags definitions for CryptAcquireContext  CRYPT_VERIFYCONTEXT  = $F0000000;  CRYPT_NEWKEYSET      = $00000008;  CRYPT_DELETEKEYSET   = $00000010;  CRYPT_MACHINE_KEYSET = $00000020;  // dwFlag definitions for CryptGenKey  CRYPT_EXPORTABLE     = $00000001;  CRYPT_USER_PROTECTED = $00000002;  CRYPT_CREATE_SALT    = $00000004;  CRYPT_UPDATE_KEY     = $00000008;  CRYPT_NO_SALT        = $00000010;  CRYPT_PREGEN         = $00000040;  CRYPT_RECIPIENT      = $00000010;  CRYPT_INITIATOR      = $00000040;  CRYPT_ONLINE         = $00000080;  CRYPT_SF             = $00000100;  CRYPT_CREATE_IV      = $00000200;  CRYPT_KEK            = $00000400;  CRYPT_DATA_KEY       = $00000800;  // dwFlags definitions for CryptDeriveKey  CRYPT_SERVER         = $00000400;  KEY_LENGTH_MASK      = $FFFF0000;  // dwFlag definitions for CryptExportKey  CRYPT_Y_ONLY        = $00000001;  CRYPT_SSL2_SLUMMING = $00000002;  // dwFlags definitions for CryptHashSessionKey  CRYPT_LITTLE_ENDIAN = $00000001;  // dwFlag definitions for CryptSetProviderEx and CryptGetDefaultProvider  CRYPT_MACHINE_DEFAULT = $00000001;  CRYPT_USER_DEFAULT    = $00000002;  CRYPT_DELETE_DEFAULT  = $00000004;  // exported key blob definitions  SIMPLEBLOB        = $1;  PUBLICKEYBLOB     = $6;  PRIVATEKEYBLOB    = $7;  PLAINTEXTKEYBLOB  = $8;  AT_KEYEXCHANGE    = 1;  AT_SIGNATURE      = 2;  CRYPT_USERDATA    = 1;  // dwParam  KP_IV                 = 1;  // Initialization vector  KP_SALT               = 2;  // Salt value  KP_PADDING            = 3;  // Padding values  KP_MODE               = 4;  // Mode of the cipher  KP_MODE_BITS          = 5;  // Number of bits to feedback  KP_PERMISSIONS        = 6;  // Key permissions DWORD  KP_ALGID              = 7;  // Key algorithm  KP_BLOCKLEN           = 8;  // Block size of the cipher  KP_KEYLEN             = 9;  // Length of key in bits  KP_SALT_EX            = 10; // Length of salt in bytes  KP_P                  = 11; // DSS/Diffie-Hellman P value  KP_G                  = 12; // DSS/Diffie-Hellman G value  KP_Q                  = 13; // DSS Q value  KP_X                  = 14; // Diffie-Hellman X value  KP_Y                  = 15; // Y value  KP_RA                 = 16; // Fortezza RA value  KP_RB                 = 17; // Fortezza RB value  KP_INFO               = 18; // for putting information into an RSA envelope  KP_EFFECTIVE_KEYLEN   = 19; // setting and getting RC2 effective key length  KP_SCHANNEL_ALG = 20; // for setting the Secure Channel algorithms  KP_CLIENT_RANDOM      = 21; // for setting the Secure Channel client random data  KP_SERVER_RANDOM      = 22; // for setting the Secure Channel server random data  KP_RP                 = 23;  KP_PRECOMP_MD5        = 24;  KP_PRECOMP_SHA        = 25;  KP_CERTIFICATE        = 26; // for setting Secure Channel certificate data (PCT1)  KP_CLEAR_KEY          = 27; // for setting Secure Channel clear key data (PCT1)  KP_PUB_EX_LEN         = 28;  KP_PUB_EX_VAL         = 29;  // KP_PADDING  PKCS5_PADDING         = 1; {PKCS 5 (sec 6.2) padding method}  RANDOM_PADDING        = 2;  ZERO_PADDING          = 3;  // KP_MODE  CRYPT_MODE_CBC    = 1; // Cipher block chaining  CRYPT_MODE_ECB    = 2; // Electronic code book  CRYPT_MODE_OFB    = 3; // Output feedback mode  CRYPT_MODE_CFB    = 4; // Cipher feedback mode  CRYPT_MODE_CTS    = 5; // Ciphertext stealing mode  // KP_PERMISSIONS  CRYPT_ENCRYPT     = $0001; // Allow encryption  CRYPT_DECRYPT     = $0002; // Allow decryption  CRYPT_EXPORT      = $0004; // Allow key to be exported  CRYPT_READ        = $0008; // Allow parameters to be read  CRYPT_WRITE       = $0010; // Allow parameters to be set  CRYPT_MAC         = $0020; // Allow MACs to be used with key  CRYPT_EXPORT_KEY  = $0040; // Allow key to be used for exporting keys  CRYPT_IMPORT_KEY  = $0080; // Allow key to be used for importing keys  HP_ALGID          = $0001; // Hash algorithm  HP_HASHVAL        = $0002; // Hash value  HP_HASHSIZE       = $0004; // Hash value size  HP_HMAC_INFO      = $0005; // information for creating an HMAC  CRYPT_FAILED      = FALSE;  CRYPT_SUCCEED     = TRUE; function RCRYPT_SUCCEEDED(rt:BOOL):BOOL; function RCRYPT_FAILED(rt:BOOL):BOOL; const  // CryptGetProvParam  PP_ENUMALGS            = 1;  PP_ENUMCONTAINERS      = 2;  PP_IMPTYPE             = 3;  PP_NAME                = 4;  PP_VERSION             = 5;  PP_CONTAINER           = 6;  PP_CHANGE_PASSWORD     = 7;  PP_KEYSET_SEC_DESCR    = 8;  // get/set security descriptor of keyset  PP_CERTCHAIN           = 9;  // for retrieving certificates from tokens  PP_KEY_TYPE_SUBTYPE    = 10;  PP_PROVTYPE            = 16;  PP_KEYSTORAGE          = 17;  PP_APPLI_CERT          = 18;  PP_SYM_KEYSIZE         = 19;  PP_SESSION_KEYSIZE     = 20;  PP_UI_PROMPT           = 21;  PP_ENUMALGS_EX         = 22;  CRYPT_FIRST            = 1;  CRYPT_NEXT             = 2;  CRYPT_IMPL_HARDWARE    = 1;  CRYPT_IMPL_SOFTWARE    = 2;  CRYPT_IMPL_MIXED       = 3;  CRYPT_IMPL_UNKNOWN     = 4;  // key storage flags  CRYPT_SEC_DESCR        = $00000001;  CRYPT_PSTORE           = $00000002;  CRYPT_UI_PROMPT        = $00000004;  // protocol flags  CRYPT_FLAG_PCT1        = $0001;  CRYPT_FLAG_SSL2        = $0002;  CRYPT_FLAG_SSL3        = $0004;  CRYPT_FLAG_TLS1        = $0008;  // CryptSetProvParam  PP_CLIENT_HWND         = 1;  PP_CONTEXT_INFO        = 11;  PP_KEYEXCHANGE_KEYSIZE = 12;  PP_SIGNATURE_KEYSIZE   = 13;  PP_KEYEXCHANGE_ALG     = 14;  PP_SIGNATURE_ALG       = 15;  PP_DELETEKEY           = 24;  PROV_RSA_FULL          = 1;  PROV_RSA_SIG           = 2;  PROV_DSS               = 3;  PROV_FORTEZZA          = 4;  PROV_MS_EXCHANGE       = 5;  PROV_SSL               = 6; PROV_RSA_SCHANNEL        = 12; PROV_DSS_DH              = 13; PROV_EC_ECDSA_SIG        = 14; PROV_EC_ECNRA_SIG        = 15; PROV_EC_ECDSA_FULL       = 16; PROV_EC_ECNRA_FULL       = 17; PROV_SPYRUS_LYNKS        = 20;  // STT defined Providers  PROV_STT_MER           = 7;  PROV_STT_ACQ           = 8;  PROV_STT_BRND          = 9;  PROV_STT_ROOT          = 10;  PROV_STT_ISS           = 11;  // Provider friendly names  MS_DEF_PROV_A          = 'Microsoft Base Cryptographic Provider v1.0';  {$IFNDEF VER90}    MS_DEF_PROV_W        = WideString( 'Microsoft Base Cryptographic Provider v1.0');  {$ELSE}    MS_DEF_PROV_W        = ( 'Microsoft Base Cryptographic Provider v1.0');  {$ENDIF} {$IFDEF UNICODE}  MS_DEF_PROV            = MS_DEF_PROV_W; {$ELSE}  MS_DEF_PROV            = MS_DEF_PROV_A; {$ENDIF}  MS_ENHANCED_PROV_A   = 'Microsoft Enhanced Cryptographic Provider v1.0';  {$IFNDEF VER90}    MS_ENHANCED_PROV_W = WideString('Microsoft Enhanced Cryptographic Provider v1.0');  {$ELSE}    MS_ENHANCED_PROV_W = ('Microsoft Enhanced Cryptographic Provider v1.0');  {$ENDIF} {$IFDEF UNICODE}  MS_ENHANCED_PROV = MS_ENHANCED_PROV_W; {$ELSE}  MS_ENHANCED_PROV = MS_ENHANCED_PROV_A; {$ENDIF}  MS_DEF_RSA_SIG_PROV_A    = 'Microsoft RSA Signature Cryptographic Provider';  {$IFNDEF VER90}    MS_DEF_RSA_SIG_PROV_W  = WideString('Microsoft RSA Signature Cryptographic Provider');  {$ELSE}    MS_DEF_RSA_SIG_PROV_W  = ('Microsoft RSA Signature Cryptographic Provider');  {$ENDIF} {$IFDEF UNICODE}  MS_DEF_RSA_SIG_PROV = MS_DEF_RSA_SIG_PROV_W; {$ELSE}  MS_DEF_RSA_SIG_PROV = MS_DEF_RSA_SIG_PROV_A; {$ENDIF}  MS_DEF_RSA_SCHANNEL_PROV_A    = 'Microsoft Base RSA SChannel Cryptographic Provider';  {$IFNDEF VER90}    MS_DEF_RSA_SCHANNEL_PROV_W  = WideString('Microsoft Base RSA SChannel Cryptographic Provider');  {$ELSE}    MS_DEF_RSA_SCHANNEL_PROV_W  = ('Microsoft Base RSA SChannel Cryptographic Provider');  {$ENDIF} {$IFDEF UNICODE}  MS_DEF_RSA_SCHANNEL_PROV = MS_DEF_RSA_SCHANNEL_PROV_W; {$ELSE}  MS_DEF_RSA_SCHANNEL_PROV = MS_DEF_RSA_SCHANNEL_PROV_A; {$ENDIF}  MS_ENHANCED_RSA_SCHANNEL_PROV_A    = 'Microsoft Enhanced RSA SChannel Cryptographic Provider';  {$IFNDEF VER90}    MS_ENHANCED_RSA_SCHANNEL_PROV_W  = WideString('Microsoft Enhanced RSA SChannel Cryptographic Provider');  {$ELSE}    MS_ENHANCED_RSA_SCHANNEL_PROV_W  = ('Microsoft Enhanced RSA SChannel Cryptographic Provider');  {$ENDIF} {$IFDEF UNICODE}  MS_ENHANCED_RSA_SCHANNEL_PROV = MS_ENHANCED_RSA_SCHANNEL_PROV_W; {$ELSE}  MS_ENHANCED_RSA_SCHANNEL_PROV = MS_ENHANCED_RSA_SCHANNEL_PROV_A; {$ENDIF}  MS_DEF_DSS_PROV_A    =  'Microsoft Base DSS Cryptographic Provider';  {$IFNDEF VER90}    MS_DEF_DSS_PROV_W  = WideString('Microsoft Base DSS Cryptographic Provider');  {$ELSE}    MS_DEF_DSS_PROV_W  = ('Microsoft Base DSS Cryptographic Provider');  {$ENDIF} {$IFDEF UNICODE}  MS_DEF_DSS_PROV = MS_DEF_DSS_PROV_W; {$ELSE}  MS_DEF_DSS_PROV = MS_DEF_DSS_PROV_A; {$ENDIF}  MS_DEF_DSS_DH_PROV_A    = 'Microsoft Base DSS and Diffie-Hellman Cryptographic Provider';  {$IFNDEF VER90}    MS_DEF_DSS_DH_PROV_W  = WideString('Microsoft Base DSS and Diffie-Hellman Cryptographic Provider');  {$ELSE}    MS_DEF_DSS_DH_PROV_W  = ('Microsoft Base DSS and Diffie-Hellman Cryptographic Provider');  {$ENDIF} {$IFDEF UNICODE}  MS_DEF_DSS_DH_PROV = MS_DEF_DSS_DH_PROV_W; {$ELSE}  MS_DEF_DSS_DH_PROV = MS_DEF_DSS_DH_PROV_A; {$ENDIF}  MAXUIDLEN              = 64;  CUR_BLOB_VERSION       = 2; {structure for use with CryptSetHashParam with CALG_HMAC} type  PHMAC_INFO = ^HMAC_INFO;  HMAC_INFO = record    HashAlgid     :ALG_ID;    pbInnerString

BYTE;    cbInnerString

WORD;    pbOuterString

BYTE;    cbOuterString

WORD;  end; // structure for use with CryptSetHashParam with CALG_HMAC type  PSCHANNEL_ALG = ^SCHANNEL_ALG;  SCHANNEL_ALG  = record    dwUse

WORD;    Algid :ALG_ID;    cBits

WORD;  end; // uses of algortihms for SCHANNEL_ALG structure const  SCHANNEL_MAC_KEY = $00000000;  SCHANNEL_ENC_KEY = $00000001; type  PPROV_ENUMALGS = ^PROV_ENUMALGS;  PROV_ENUMALGS = record    aiAlgid   :ALG_ID;    dwBitLen

WORD;    dwNameLen

WORD;    szName    :array[0..20-1] of Char;  end ; type  PPROV_ENUMALGS_EX = ^PROV_ENUMALGS_EX;  PROV_ENUMALGS_EX = record    aiAlgid       :ALG_ID;    dwDefaultLen

WORD;    dwMinLen

WORD;    dwMaxLen

WORD;    dwProtocols

WORD;    dwNameLen

WORD;    szName        :array[0..20-1] of Char;    dwLongNameLen

WORD;    szLongName    :array[0..40-1] of Char;    end; type  PPUBLICKEYSTRUC = ^PUBLICKEYSTRUC;  PUBLICKEYSTRUC = record    bType    :BYTE;    bVersion :BYTE;    reserved :Word;    aiKeyAlg :ALG_ID;  end; type  BLOBHEADER  = PUBLICKEYSTRUC;  PBLOBHEADER = ^BLOBHEADER; type  PRSAPUBKEY = ^RSAPUBKEY;  RSAPUBKEY = record    magic

WORD;  // Has to be RSA1    bitlen

WORD;  // # of bits in modulus    pubexp

WORD;  // public exponent                    // Modulus data follows    end; type  PPUBKEY = ^PUBKEY;  PUBKEY = record    magic

WORD;    bitlen

WORD; // # of bits in modulus  end; type  DHPUBKEY  = PUBKEY;  DSSPUBKEY = PUBKEY;  KEAPUBKEY = PUBKEY;  TEKPUBKEY = PUBKEY; type  PDSSSEED = ^DSSSEED;  DSSSEED = record    counter

WORD;    seed    :array[0..20-1] of BYTE;  end; type  PKEY_TYPE_SUBTYPE = ^KEY_TYPE_SUBTYPE;  KEY_TYPE_SUBTYPE = record    dwKeySpec

WORD;    Type_     :TGUID; {conflict with base Delphi type: original name 'Type'}    Subtype   :TGUID;  end; type  HCRYPTPROV  = ULONG;  PHCRYPTPROV = ^HCRYPTPROV;  HCRYPTKEY   = ULONG;  PHCRYPTKEY  = ^HCRYPTKEY;  HCRYPTHASH  = ULONG;  PHCRYPTHASH = ^HCRYPTHASH; function CryptAcquireContextA(phProv

HCRYPTPROV;                              pszContainer

AnsiChar;                              pszProvider

AnsiChar;                              dwProvType

WORD;                              dwFlags

WORD) :BOOL;stdcall; function CryptAcquireContext(phProv

HCRYPTPROV;                              pszContainer :LPAWSTR;                              pszProvider  :LPAWSTR;                              dwProvType

WORD;                              dwFlags

WORD) :BOOL;stdcall; function CryptAcquireContextW(phProv

HCRYPTPROV;                              pszContainer

WideChar;                              pszProvider

WideChar;                              dwProvType

WORD;                              dwFlags

WORD) :BOOL ;stdcall; function CryptReleaseContext(hProv   :HCRYPTPROV;                             dwFlags

WORD) :BOOL;stdcall; function CryptGenKey(hProv   :HCRYPTPROV;                     Algid   :ALG_ID;                     dwFlags

WORD;                     phKey

HCRYPTKEY) :BOOL;stdcall ; function CryptDeriveKey(hProv     :HCRYPTPROV;                        Algid     :ALG_ID;                        hBaseData :HCRYPTHASH;                        dwFlags

WORD;                        phKey

HCRYPTKEY) :BOOL;stdcall ; function CryptDestroyKey(hKey  :HCRYPTKEY) :BOOL;stdcall ; function CryptSetKeyParam(hKey    :HCRYPTKEY;                          dwParam

WORD;                          pbData

BYTE;                          dwFlags

WORD) :BOOL;stdcall; function CryptGetKeyParam(hKey       :HCRYPTKEY;                          dwParam

WORD;                          pbData

BYTE;                          pdwDataLen

DWORD;                          dwFlags

WORD) :BOOL;stdcall; function CryptSetHashParam(hHash   :HCRYPTHASH;                           dwParam

WORD;                           pbData

BYTE;                           dwFlags

WORD) :BOOL;stdcall; function CryptGetHashParam(hHash      :HCRYPTHASH;                           dwParam

WORD;                           pbData

BYTE;                           pdwDataLen

DWORD;                           dwFlags

WORD) :BOOL;stdcall; function CryptSetProvParam(hProv   :HCRYPTPROV;                           dwParam

WORD;                           pbData

BYTE;                           dwFlags

WORD) :BOOL;stdcall; function CryptGetProvParam(hProv      :HCRYPTPROV;                           dwParam

WORD;                           pbData

BYTE;                           pdwDataLen

DWORD;                           dwFlags

WORD) :BOOL;stdcall; function CryptGenRandom(hProv    :HCRYPTPROV;                        dwLen

WORD;                        pbBuffer

BYTE) :BOOL;stdcall; function CryptGetUserKey(hProv     :HCRYPTPROV;                         dwKeySpec

WORD;                         phUserKey

HCRYPTKEY) :BOOL;stdcall; function CryptExportKey(hKey       :HCRYPTKEY;                        hExpKey    :HCRYPTKEY;                        dwBlobType

WORD;                        dwFlags

WORD;                        pbData

BYTE;                        pdwDataLen

DWORD) :BOOL;stdcall; function CryptImportKey(hProv     :HCRYPTPROV;                        pbData

BYTE;                        dwDataLen

WORD;                        hPubKey   :HCRYPTKEY;                        dwFlags

WORD;                        phKey

HCRYPTKEY) :BOOL;stdcall; function CryptEncrypt(hKey       :HCRYPTKEY;                      hHash      :HCRYPTHASH;                      Final      :BOOL;                      dwFlags

WORD;                      pbData

BYTE;                      pdwDataLen

DWORD;                      dwBufLen

WORD) :BOOL;stdcall; function CryptDecrypt(hKey       :HCRYPTKEY;                      hHash      :HCRYPTHASH;                      Final      :BOOL;                      dwFlags

WORD;                      pbData

BYTE;                      pdwDataLen

DWORD) :BOOL;stdcall; function CryptCreateHash(hProv   :HCRYPTPROV;                         Algid   :ALG_ID;                         hKey    :HCRYPTKEY;                         dwFlags

WORD;                         phHash

HCRYPTHASH) :BOOL;stdcall; function CryptHashData(hHash       :HCRYPTHASH;                 const pbData

BYTE;                       dwDataLen

WORD;                       dwFlags

WORD) :BOOL;stdcall; function CryptHashSessionKey(hHash   :HCRYPTHASH;                             hKey    :HCRYPTKEY;                             dwFlags

WORD) :BOOL;stdcall; function CryptDestroyHash(hHash :HCRYPTHASH) :BOOL;stdcall; function CryptSignHashA(hHash        :HCRYPTHASH;                        dwKeySpec

WORD;                        sDescription

AnsiChar;                        dwFlags

WORD;                        pbSignature

BYTE;                        pdwSigLen

DWORD) :BOOL;stdcall; function CryptSignHash(hHash         :HCRYPTHASH;                        dwKeySpec

WORD;                        sDescription :LPAWSTR;                        dwFlags

WORD;                        pbSignature

BYTE;                        pdwSigLen

DWORD) :BOOL;stdcall; function CryptSignHashW(hHash        :HCRYPTHASH;                        dwKeySpec

WORD;                        sDescription

WideChar;                        dwFlags

WORD;                        pbSignature

BYTE;                        pdwSigLen

DWORD) :BOOL;stdcall; function CryptSignHashU(hHash        :HCRYPTHASH;                        dwKeySpec

WORD;                        sDescription

WideChar;                        dwFlags

WORD;                        pbSignature

BYTE;                        pdwSigLen

DWORD) :BOOL;stdcall; function CryptVerifySignatureA(hHash        :HCRYPTHASH;                         const pbSignature

BYTE;                               dwSigLen

WORD;                               hPubKey      :HCRYPTKEY;                               sDescription

AnsiChar;                               dwFlags

WORD) :BOOL;stdcall; function CryptVerifySignature(hHash         :HCRYPTHASH;                        const pbSignature

BYTE;                              dwSigLen

WORD;                              hPubKey      :HCRYPTKEY;                              sDescription :LPAWSTR;                               dwFlags

WORD) :BOOL;stdcall; function CryptVerifySignatureW(hHash        :HCRYPTHASH;                         const pbSignature

BYTE;                               dwSigLen

WORD;                               hPubKey      :HCRYPTKEY;                               sDescription

WideChar;                               dwFlags

WORD) :BOOL;stdcall; function CryptSetProviderA(pszProvName

AnsiChar;                           dwProvType

WORD) :BOOL;stdcall; function CryptSetProvider(pszProvName :LPAWSTR;                           dwProvType

WORD) :BOOL;stdcall; function CryptSetProviderW(pszProvName

WideChar;                           dwProvType

WORD) :BOOL;stdcall; function CryptSetProviderU(pszProvName

WideChar;                           dwProvType

WORD) :BOOL;stdcall; {$IFDEF NT5} function CryptSetProviderExA(pszProvName :LPCSTR;                             dwProvType

WORD;                             pdwReserved

DWORD;                             dwFlags

WORD):BOOL;stdcall; function CryptSetProviderExW(pszProvName :LPCWSTR;                             dwProvType

WORD;                             pdwReserved

DWORD;                             dwFlags

WORD):BOOL;stdcall; function CryptSetProviderEx(pszProvName :LPAWSTR;                            dwProvType

WORD;                            pdwReserved

DWORD;                            dwFlags

WORD):BOOL;stdcall; function CryptGetDefaultProviderA(dwProvType

WORD;                                  pdwReserved

WORD;                                  dwFlags

WORD;                                  pszProvName :LPSTR;                                  pcbProvName

DWORD):BOOL ; stdcall; function CryptGetDefaultProviderW(dwProvType

WORD;                                  pdwReserved

WORD;                                  dwFlags

WORD;                                  pszProvName :LPWSTR;                                  pcbProvName

DWORD):BOOL ; stdcall; function CryptGetDefaultProvider(dwProvType

WORD;                                 pdwReserved

WORD;                                 dwFlags

WORD;                                 pszProvName :LPAWSTR;                                 pcbProvName

DWORD):BOOL ; stdcall; function CryptEnumProviderTypesA(dwIndex

WORD;                                 pdwReserved

DWORD;                                 dwFlags

WORD;                                 pdwProvType

DWORD;                                 pszTypeName :LPSTR;                                 pcbTypeName

DWORD):BOOL ; stdcall; function CryptEnumProviderTypesW(dwIndex

WORD;                                 pdwReserved

DWORD;                                 dwFlags

WORD;                                 pdwProvType

DWORD;                                 pszTypeName :LPWSTR;                                 pcbTypeName

DWORD):BOOL ; stdcall; function CryptEnumProviderTypes(dwIndex

WORD;                                pdwReserved

DWORD;                                dwFlags

WORD;                                pdwProvType

DWORD;                                pszTypeName :LPAWSTR;                                pcbTypeName

DWORD):BOOL ; stdcall; function CryptEnumProvidersA(dwIndex

WORD;                             pdwReserved

DWORD;                             dwFlags

WORD;                             pdwProvType

DWORD;                             pszProvName :LPSTR;                             pcbProvName

DWORD):BOOL ; stdcall; function CryptEnumProvidersW(dwIndex

WORD;                             pdwReserved

DWORD;                             dwFlags

WORD;                             pdwProvType

DWORD;                             pszProvName :LPWSTR;                             pcbProvName

DWORD):BOOL ; stdcall; function CryptEnumProviders(dwIndex

WORD;                             pdwReserved

DWORD;                             dwFlags

WORD;                             pdwProvType

DWORD;                             pszProvName :LPAWSTR;                             pcbProvName

DWORD):BOOL ; stdcall; function CryptContextAddRef(hProv       :HCRYPTPROV;                            pdwReserved

DWORD;                            dwFlags

WORD):BOOL ; stdcall; function CryptDuplicateKey(hKey        :HCRYPTKEY;                           pdwReserved

DWORD;                           dwFlags

WORD;                           phKey

HCRYPTKEY):BOOL ; stdcall; function CryptDuplicateHash(hHash       :HCRYPTHASH;                            pdwReserved

DWORD;                            dwFlags

WORD;                            phHash

HCRYPTHASH):BOOL ; stdcall; {$ENDIF NT5} function CryptEnumProvidersU(dwIndex

WORD;                             pdwReserved

DWORD;                             dwFlags

WORD;                             pdwProvType

DWORD;                             pszProvName :LPWSTR;                             pcbProvName

DWORD):BOOL ; stdcall; //+------------------------------------------------------------------------- //  CRYPTOAPI BLOB definitions //-------------------------------------------------------------------------- type  PCRYPTOAPI_BLOB = ^CRYPTOAPI_BLOB;  CRYPTOAPI_BLOB = record    cbData

WORD;    pbData

BYTE;  end; type  CRYPT_INTEGER_BLOB            = CRYPTOAPI_BLOB;  PCRYPT_INTEGER_BLOB           = ^CRYPT_INTEGER_BLOB;  CRYPT_UINT_BLOB               = CRYPTOAPI_BLOB;  PCRYPT_UINT_BLOB              = ^CRYPT_UINT_BLOB;  CRYPT_OBJID_BLOB              = CRYPTOAPI_BLOB;  PCRYPT_OBJID_BLOB             = ^CRYPT_OBJID_BLOB;  CERT_NAME_BLOB                = CRYPTOAPI_BLOB;  PCERT_NAME_BLOB               = ^CERT_NAME_BLOB;  CERT_RDN_VALUE_BLOB           = CRYPTOAPI_BLOB;  PCERT_RDN_VALUE_BLOB          = ^CERT_RDN_VALUE_BLOB;  CERT_BLOB                     = CRYPTOAPI_BLOB;  PCERT_BLOB                    = ^CERT_BLOB;  CRL_BLOB                      = CRYPTOAPI_BLOB;  PCRL_BLOB                     = ^CRL_BLOB;  DATA_BLOB                     = CRYPTOAPI_BLOB;  PDATA_BLOB                    = ^DATA_BLOB;     // JEFFJEFF temporary (too generic)  CRYPT_DATA_BLOB               = CRYPTOAPI_BLOB;  PCRYPT_DATA_BLOB              = ^CRYPT_DATA_BLOB;  CRYPT_HASH_BLOB               = CRYPTOAPI_BLOB;  PCRYPT_HASH_BLOB              = ^CRYPT_HASH_BLOB;  CRYPT_DIGEST_BLOB             = CRYPTOAPI_BLOB;  PCRYPT_DIGEST_BLOB            = ^CRYPT_DIGEST_BLOB;  CRYPT_DER_BLOB                = CRYPTOAPI_BLOB;  PCRYPT_DER_BLOB               = ^CRYPT_DER_BLOB;  CRYPT_ATTR_BLOB               = CRYPTOAPI_BLOB;  PCRYPT_ATTR_BLOB              = ^CRYPT_ATTR_BLOB; //+------------------------------------------------------------------------- //  In a CRYPT_BIT_BLOB the last byte may contain 0-7 unused bits. Therefore, the //  overall bit length is cbData * 8 - cUnusedBits. //-------------------------------------------------------------------------- type  PCRYPT_BIT_BLOB = ^CRYPT_BIT_BLOB;  CRYPT_BIT_BLOB = record    cbData

WORD;    pbData

BYTE;    cUnusedBits

WORD;  end; //+------------------------------------------------------------------------- //  Type used for any algorithm // //  Where the Parameters CRYPT_OBJID_BLOB is in its encoded representation. For most //  algorithm types, the Parameters CRYPT_OBJID_BLOB is NULL (Parameters.cbData = 0). //-------------------------------------------------------------------------- type  PCRYPT_ALGORITHM_IDENTIFIER = ^CRYPT_ALGORITHM_IDENTIFIER;  CRYPT_ALGORITHM_IDENTIFIER = record    pszObjId   :LPSTR;    Parameters :CRYPT_OBJID_BLOB;  end; // Following are the definitions of various algorithm object identifiers // RSA const  szOID_RSA         = '1.2.840.113549';  szOID_PKCS        = '1.2.840.113549.1';  szOID_RSA_HASH    = '1.2.840.113549.2';  szOID_RSA_ENCRYPT = '1.2.840.113549.3';  szOID_PKCS_1      = '1.2.840.113549.1.1';  szOID_PKCS_2      = '1.2.840.113549.1.2';  szOID_PKCS_3      = '1.2.840.113549.1.3';  szOID_PKCS_4      = '1.2.840.113549.1.4';  szOID_PKCS_5      = '1.2.840.113549.1.5';  szOID_PKCS_6      = '1.2.840.113549.1.6';  szOID_PKCS_7      = '1.2.840.113549.1.7';  szOID_PKCS_8      = '1.2.840.113549.1.8';  szOID_PKCS_9      = '1.2.840.113549.1.9';  szOID_PKCS_10     = '1.2.840.113549.1.10';  szOID_RSA_RSA     = '1.2.840.113549.1.1.1';  szOID_RSA_MD2RSA  = '1.2.840.113549.1.1.2';  szOID_RSA_MD4RSA  = '1.2.840.113549.1.1.3';  szOID_RSA_MD5RSA  = '1.2.840.113549.1.1.4';  szOID_RSA_SHA1RSA = '1.2.840.113549.1.1.5';  szOID_RSA_SETOAEP_RSA  = '1.2.840.113549.1.1.6';    szOID_RSA_data             = '1.2.840.113549.1.7.1';  szOID_RSA_signedData       = '1.2.840.113549.1.7.2';  szOID_RSA_envelopedData    = '1.2.840.113549.1.7.3';  szOID_RSA_signEnvData      = '1.2.840.113549.1.7.4';  szOID_RSA_digestedData     = '1.2.840.113549.1.7.5';  szOID_RSA_hashedData       = '1.2.840.113549.1.7.5';  szOID_RSA_encryptedData    = '1.2.840.113549.1.7.6';  szOID_RSA_emailAddr           = '1.2.840.113549.1.9.1';  szOID_RSA_unstructName        = '1.2.840.113549.1.9.2';  szOID_RSA_contentType         = '1.2.840.113549.1.9.3';  szOID_RSA_messageDigest       = '1.2.840.113549.1.9.4';  szOID_RSA_signingTime         = '1.2.840.113549.1.9.5';  szOID_RSA_counterSign         = '1.2.840.113549.1.9.6';  szOID_RSA_challengePwd        = '1.2.840.113549.1.9.7';  szOID_RSA_unstructAddr        = '1.2.840.113549.1.9.8';  szOID_RSA_extCertAttrs        = '1.2.840.113549.1.9.9';  szOID_RSA_SMIMECapabilities   = '1.2.840.113549.1.9.15';  szOID_RSA_preferSignedData    = '1.2.840.113549.1.9.15.1';  szOID_RSA_MD2 = '1.2.840.113549.2.2';  szOID_RSA_MD4 = '1.2.840.113549.2.4';  szOID_RSA_MD5 = '1.2.840.113549.2.5';  szOID_RSA_RC2CBC        = '1.2.840.113549.3.2';  szOID_RSA_RC4           = '1.2.840.113549.3.4';  szOID_RSA_DES_EDE3_CBC  = '1.2.840.113549.3.7';  szOID_RSA_RC5_CBCPad    = '1.2.840.113549.3.9'; // ITU-T UsefulDefinitions  szOID_DS          = '2.5';  szOID_DSALG       = '2.5.8';  szOID_DSALG_CRPT  = '2.5.8.1';  szOID_DSALG_HASH  = '2.5.8.2';  szOID_DSALG_SIGN  = '2.5.8.3';  szOID_DSALG_RSA   = '2.5.8.1.1'; // NIST OSE Implementors' Workshop (OIW) // http://nemo.ncsl.nist.gov/oiw/agreements/stable/OSI/12s_9506.w51 // http://nemo.ncsl.nist.gov/oiw/agreements/working/OSI/12w_9503.w51  szOID_OIW            = '1.3.14'; // NIST OSE Implementors' Workshop (OIW) Security SIG algorithm identifiers  szOID_OIWSEC         = '1.3.14.3.2';  szOID_OIWSEC_md4RSA  = '1.3.14.3.2.2';  szOID_OIWSEC_md5RSA  = '1.3.14.3.2.3';  szOID_OIWSEC_md4RSA2 = '1.3.14.3.2.4';  szOID_OIWSEC_desECB  = '1.3.14.3.2.6';  szOID_OIWSEC_desCBC  = '1.3.14.3.2.7';  szOID_OIWSEC_desOFB  = '1.3.14.3.2.8';  szOID_OIWSEC_desCFB  = '1.3.14.3.2.9';  szOID_OIWSEC_desMAC  = '1.3.14.3.2.10';  szOID_OIWSEC_rsaSign = '1.3.14.3.2.11';  szOID_OIWSEC_dsa     = '1.3.14.3.2.12';  szOID_OIWSEC_shaDSA  = '1.3.14.3.2.13';  szOID_OIWSEC_mdc2RSA = '1.3.14.3.2.14';  szOID_OIWSEC_shaRSA  = '1.3.14.3.2.15';  szOID_OIWSEC_dhCommMod = '1.3.14.3.2.16';  szOID_OIWSEC_desEDE    = '1.3.14.3.2.17';  szOID_OIWSEC_sha       = '1.3.14.3.2.18';  szOID_OIWSEC_mdc2      = '1.3.14.3.2.19';  szOID_OIWSEC_dsaComm   = '1.3.14.3.2.20';  szOID_OIWSEC_dsaCommSHA  = '1.3.14.3.2.21';  szOID_OIWSEC_rsaXchg     = '1.3.14.3.2.22';  szOID_OIWSEC_keyHashSeal = '1.3.14.3.2.23';  szOID_OIWSEC_md2RSASign  = '1.3.14.3.2.24';  szOID_OIWSEC_md5RSASign  = '1.3.14.3.2.25';  szOID_OIWSEC_sha1        = '1.3.14.3.2.26';  szOID_OIWSEC_dsaSHA1     = '1.3.14.3.2.27';  szOID_OIWSEC_dsaCommSHA1 =  '1.3.14.3.2.28';  szOID_OIWSEC_sha1RSASign =  '1.3.14.3.2.29'; // NIST OSE Implementors' Workshop (OIW) Directory SIG algorithm identifiers  szOID_OIWDIR             = '1.3.14.7.2';  szOID_OIWDIR_CRPT        = '1.3.14.7.2.1';  szOID_OIWDIR_HASH        = '1.3.14.7.2.2';  szOID_OIWDIR_SIGN        = '1.3.14.7.2.3';  szOID_OIWDIR_md2         = '1.3.14.7.2.2.1';  szOID_OIWDIR_md2RSA      = '1.3.14.7.2.3.1'; // INFOSEC Algorithms // joint-iso-ccitt(2) country(16) us(840) organization(1) us-government(101) dod(2) id-infosec(1)  szOID_INFOSEC                       = '2.16.840.1.101.2.1';  szOID_INFOSEC_sdnsSignature         = '2.16.840.1.101.2.1.1.1';  szOID_INFOSEC_mosaicSignature       = '2.16.840.1.101.2.1.1.2';  szOID_INFOSEC_sdnsConfidentiality   = '2.16.840.1.101.2.1.1.3';  szOID_INFOSEC_mosaicConfidentiality = '2.16.840.1.101.2.1.1.4';  szOID_INFOSEC_sdnsIntegrity         = '2.16.840.1.101.2.1.1.5';  szOID_INFOSEC_mosaicIntegrity       = '2.16.840.1.101.2.1.1.6';  szOID_INFOSEC_sdnsTokenProtection   = '2.16.840.1.101.2.1.1.7';  szOID_INFOSEC_mosaicTokenProtection = '2.16.840.1.101.2.1.1.8';  szOID_INFOSEC_sdnsKeyManagement     = '2.16.840.1.101.2.1.1.9';  szOID_INFOSEC_mosaicKeyManagement   = '2.16.840.1.101.2.1.1.10';  szOID_INFOSEC_sdnsKMandSig          = '2.16.840.1.101.2.1.1.11';  szOID_INFOSEC_mosaicKMandSig        = '2.16.840.1.101.2.1.1.12';  szOID_INFOSEC_SuiteASignature       = '2.16.840.1.101.2.1.1.13';  szOID_INFOSEC_SuiteAConfidentiality = '2.16.840.1.101.2.1.1.14';  szOID_INFOSEC_SuiteAIntegrity       = '2.16.840.1.101.2.1.1.15';  szOID_INFOSEC_SuiteATokenProtection = '2.16.840.1.101.2.1.1.16';  szOID_INFOSEC_SuiteAKeyManagement   = '2.16.840.1.101.2.1.1.17';  szOID_INFOSEC_SuiteAKMandSig        = '2.16.840.1.101.2.1.1.18';  szOID_INFOSEC_mosaicUpdatedSig      = '2.16.840.1.101.2.1.1.19';  szOID_INFOSEC_mosaicKMandUpdSig     = '2.16.840.1.101.2.1.1.20';  szOID_INFOSEC_mosaicUpdatedInteg    = '2.16.840.1.101.2.1.1.21'; type  PCRYPT_OBJID_TABLE = ^CRYPT_OBJID_TABLE;  CRYPT_OBJID_TABLE = record    dwAlgId

WORD;    pszObjId :LPCSTR;  end; //+------------------------------------------------------------------------- //  PKCS #1 HashInfo (DigestInfo) //-------------------------------------------------------------------------- type  PCRYPT_HASH_INFO = ^CRYPT_HASH_INFO;  CRYPT_HASH_INFO = record    HashAlgorithm :CRYPT_ALGORITHM_IDENTIFIER;    Hash :CRYPT_HASH_BLOB;  end; //+------------------------------------------------------------------------- //  Type used for an extension to an encoded content // //  Where the Value's CRYPT_OBJID_BLOB is in its encoded representation. //-------------------------------------------------------------------------- type  PCERT_EXTENSION = ^CERT_EXTENSION;  CERT_EXTENSION = record    pszObjId :LPSTR;    fCritical :BOOL;    Value :CRYPT_OBJID_BLOB;  end; //+------------------------------------------------------------------------- //  AttributeTypeValue // //  Where the Value's CRYPT_OBJID_BLOB is in its encoded representation. //-------------------------------------------------------------------------- type  PCRYPT_ATTRIBUTE_TYPE_VALUE =^CRYPT_ATTRIBUTE_TYPE_VALUE;  CRYPT_ATTRIBUTE_TYPE_VALUE = record    pszObjId :LPSTR;    Value :CRYPT_OBJID_BLOB;  end; //+------------------------------------------------------------------------- //  Attributes // //  Where the Value's PATTR_BLOBs are in their encoded representation. //-------------------------------------------------------------------------- type  PCRYPT_ATTRIBUTE = ^CRYPT_ATTRIBUTE;  CRYPT_ATTRIBUTE = record     pszObjId :LPSTR;     cValue

WORD;     rgValue

CRYPT_ATTR_BLOB;  end; type  PCRYPT_ATTRIBUTES =^CRYPT_ATTRIBUTES;  CRYPT_ATTRIBUTES = record    cAttr

WORD; {IN}    rgAttr

CRYPT_ATTRIBUTE; {IN}  end; //+------------------------------------------------------------------------- //  Attributes making up a Relative Distinguished Name (CERT_RDN) // //  The interpretation of the Value depends on the dwValueType. //  See below for a list of the types. //-------------------------------------------------------------------------- type  PCERT_RDN_ATTR = ^CERT_RDN_ATTR;  CERT_RDN_ATTR = record    pszObjId :LPSTR;    dwValueType

WORD;    Value :CERT_RDN_VALUE_BLOB;  end; //+------------------------------------------------------------------------- //  CERT_RDN attribute Object Identifiers //-------------------------------------------------------------------------- // Labeling attribute types: const  szOID_COMMON_NAME          = '2.5.4.3';  // case-ignore string  szOID_SUR_NAME             = '2.5.4.4';  // case-ignore string  szOID_DEVICE_SERIAL_NUMBER = '2.5.4.5';  // printable string // Geographic attribute types:  szOID_COUNTRY_NAME            = '2.5.4.6';  // printable 2char string  szOID_LOCALITY_NAME           = '2.5.4.7';  // case-ignore string  szOID_STATE_OR_PROVINCE_NAME  = '2.5.4.8';  // case-ignore string  szOID_STREET_ADDRESS          = '2.5.4.9';  // case-ignore string // Organizational attribute types:  szOID_ORGANIZATION_NAME          = '2.5.4.10';// case-ignore string  szOID_ORGANIZATIONAL_UNIT_NAME   = '2.5.4.11'; // case-ignore string  szOID_TITLE                      = '2.5.4.12'; // case-ignore string // Explanatory attribute types:  szOID_DESCRIPTION          = '2.5.4.13'; // case-ignore string  szOID_SEARCH_GUIDE         = '2.5.4.14';  szOID_BUSINESS_CATEGORY    = '2.5.4.15'; // case-ignore string // Postal addressing attribute types:  szOID_POSTAL_ADDRESS       = '2.5.4.16';  szOID_POSTAL_CODE          = '2.5.4.17'; // case-ignore string  szOID_POST_OFFICE_BOX      = '2.5.4.18'; // case-ignore string  szOID_PHYSICAL_DELIVERY_OFFICE_NAME = '2.5.4.19'; // case-ignore string // Telecommunications addressing attribute types:  szOID_TELEPHONE_NUMBER              = '2.5.4.20'; // telephone number  szOID_TELEX_NUMBER                  = '2.5.4.21';  szOID_TELETEXT_TERMINAL_IDENTIFIER  = '2.5.4.22';  szOID_FACSIMILE_TELEPHONE_NUMBER    = '2.5.4.23';  szOID_X21_ADDRESS                   = '2.5.4.24'; // numeric string  szOID_INTERNATIONAL_ISDN_NUMBER     = '2.5.4.25'; // numeric string  szOID_REGISTERED_ADDRESS            = '2.5.4.26';  szOID_DESTINATION_INDICATOR         = '2.5.4.27'; // printable string // Preference attribute types:  szOID_PREFERRED_DELIVERY_METHOD     = '2.5.4.28'; // OSI application attribute types:  szOID_PRESENTATION_ADDRESS          = '2.5.4.29';  szOID_SUPPORTED_APPLICATION_CONTEXT = '2.5.4.30'; // Relational application attribute types:  szOID_MEMBER                        = '2.5.4.31';  szOID_OWNER                         = '2.5.4.32';  szOID_ROLE_OCCUPANT                 = '2.5.4.33';  szOID_SEE_ALSO                      = '2.5.4.34'; // Security attribute types:  szOID_USER_PASSWORD                 = '2.5.4.35';  szOID_USER_CERTIFICATE              = '2.5.4.36';  szOID_CA_CERTIFICATE                = '2.5.4.37';  szOID_AUTHORITY_REVOCATION_LIST     = '2.5.4.38';  szOID_CERTIFICATE_REVOCATION_LIST   = '2.5.4.39';  szOID_CROSS_CERTIFICATE_PAIR        = '2.5.4.40'; // Undocumented attribute types??? //#define szOID_???                         '2.5.4.41'  szOID_GIVEN_NAME                    = '2.5.4.42'; // case-ignore string  szOID_INITIALS                      = '2.5.4.43'; // case-ignore string // Pilot user attribute types:  szOID_DOMAIN_COMPONENT      = '0.9.2342.19200300.100.1.25'; // IA5 string //+------------------------------------------------------------------------- //  CERT_RDN Attribute Value Types // //  For RDN_ENCODED_BLOB, the Value's CERT_RDN_VALUE_BLOB is in its encoded //  representation. Otherwise, its an array of bytes. // //  For all CERT_RDN types, Value.cbData is always the number of bytes, not //  necessarily the number of elements in the string. For instance, //  RDN_UNIVERSAL_STRING is an array of ints (cbData == intCnt * 4) and //  RDN_BMP_STRING is an array of unsigned shorts (cbData == ushortCnt * 2). // //  For CertDecodeName, two 0 bytes are always appended to the end of the //  string (ensures a CHAR or WCHAR string is null terminated). //  These added 0 bytes are't included in the BLOB.cbData. //-------------------------------------------------------------------------- const  CERT_RDN_ANY_TYPE             = 0;  CERT_RDN_ENCODED_BLOB         = 1;  CERT_RDN_OCTET_STRING         = 2;  CERT_RDN_NUMERIC_STRING       = 3;  CERT_RDN_PRINTABLE_STRING     = 4;  CERT_RDN_TELETEX_STRING       = 5;  CERT_RDN_T61_STRING           = 5;  CERT_RDN_VIDEOTEX_STRING      = 6;  CERT_RDN_IA5_STRING           = 7;  CERT_RDN_GRAPHIC_STRING       = 8;  CERT_RDN_VISIBLE_STRING       = 9;  CERT_RDN_ISO646_STRING        = 9;  CERT_RDN_GENERAL_STRING       = 10;  CERT_RDN_UNIVERSAL_STRING     = 11;  CERT_RDN_INT4_STRING          = 11;  CERT_RDN_BMP_STRING           = 12;  CERT_RDN_UNICODE_STRING       = 12; // Macro to check that the dwValueType is a character string and not an // encoded blob or octet string function IS_CERT_RDN_CHAR_STRING(X

WORD) :BOOL; //+------------------------------------------------------------------------- //  A CERT_RDN consists of an array of the above attributes //-------------------------------------------------------------------------- type  PCERT_RDN = ^CERT_RDN;  CERT_RDN = record    cRDNAttr

WORD;    rgRDNAttr

CERT_RDN_ATTR;  end; //+------------------------------------------------------------------------- //  Information stored in a subject's or issuer's name. The information //  is represented as an array of the above RDNs. //-------------------------------------------------------------------------- type  PCERT_NAME_INFO = ^CERT_NAME_INFO;  CERT_NAME_INFO = record    cRDN

WORD;    rgRDN

CERT_RDN;  end; //+------------------------------------------------------------------------- //  Name attribute value without the Object Identifier // //  The interpretation of the Value depends on the dwValueType. //  See above for a list of the types. //-------------------------------------------------------------------------- type  PCERT_NAME_VALUE = ^CERT_NAME_VALUE;  CERT_NAME_VALUE = record    dwValueType

WORD;    Value :CERT_RDN_VALUE_BLOB;  end; //+------------------------------------------------------------------------- //  Public Key Info // //  The PublicKey is the encoded representation of the information as it is //  stored in the bit string //-------------------------------------------------------------------------- type  PCERT_PUBLIC_KEY_INFO = ^CERT_PUBLIC_KEY_INFO;  CERT_PUBLIC_KEY_INFO = record    Algorithm :CRYPT_ALGORITHM_IDENTIFIER;    PublicKey :CRYPT_BIT_BLOB;  end; const  CERT_RSA_PUBLIC_KEY_OBJID        = szOID_RSA_RSA;  CERT_DEFAULT_OID_PUBLIC_KEY_SIGN = szOID_RSA_RSA;  CERT_DEFAULT_OID_PUBLIC_KEY_XCHG = szOID_RSA_RSA; //+------------------------------------------------------------------------- //  Information stored in a certificate // //  The Issuer, Subject, Algorithm, PublicKey and Extension BLOBs are the //  encoded representation of the information. //-------------------------------------------------------------------------- type  PCERT_INFO = ^CERT_INFO;  CERT_INFO = record    dwVersion

WORD;    SerialNumber           :CRYPT_INTEGER_BLOB;    SignatureAlgorithm     :CRYPT_ALGORITHM_IDENTIFIER;    Issuer                 :CERT_NAME_BLOB;    NotBefore              :TFILETIME;    NotAfter               :TFILETIME;    Subject                :CERT_NAME_BLOB;    SubjectPublicKeyInfo   :CERT_PUBLIC_KEY_INFO;    IssuerUniqueId         :CRYPT_BIT_BLOB;    SubjectUniqueId        :CRYPT_BIT_BLOB;    cExtension

WORD;    rgExtension

CERT_EXTENSION;  end; //+------------------------------------------------------------------------- //  Certificate versions //-------------------------------------------------------------------------- const  CERT_V1 = 0;  CERT_V2 = 1;  CERT_V3 = 2; //+------------------------------------------------------------------------- //  Certificate Information Flags //--------------------------------------------------------------------------  CERT_INFO_VERSION_FLAG                 = 1;  CERT_INFO_SERIAL_NUMBER_FLAG           = 2;  CERT_INFO_SIGNATURE_ALGORITHM_FLAG     = 3;  CERT_INFO_ISSUER_FLAG                  = 4;  CERT_INFO_NOT_BEFORE_FLAG              = 5;  CERT_INFO_NOT_AFTER_FLAG               = 6;  CERT_INFO_SUBJECT_FLAG                 = 7;  CERT_INFO_SUBJECT_PUBLIC_KEY_INFO_FLAG = 8;  CERT_INFO_ISSUER_UNIQUE_ID_FLAG        = 9;  CERT_INFO_SUBJECT_UNIQUE_ID_FLAG       = 10;  CERT_INFO_EXTENSION_FLAG               = 11; //+------------------------------------------------------------------------- //  An entry in a CRL // //  The Extension BLOBs are the encoded representation of the information. //-------------------------------------------------------------------------- type  PCRL_ENTRY = ^CRL_ENTRY;  CRL_ENTRY = record    SerialNumber :CRYPT_INTEGER_BLOB;    RevocationDate :TFILETIME;    cExtension

WORD;    rgExtension

CERT_EXTENSION;  end; //+------------------------------------------------------------------------- //  Information stored in a CRL // //  The Issuer, Algorithm and Extension BLOBs are the encoded //  representation of the information. //-------------------------------------------------------------------------- type  PCRL_INFO = ^CRL_INFO;  CRL_INFO = record    dwVersion

WORD;    SignatureAlgorithm  :CRYPT_ALGORITHM_IDENTIFIER;    Issuer              :CERT_NAME_BLOB;    ThisUpdate          :TFILETIME;    NextUpdate          :TFILETIME;    cCRLEntry

WORD;    rgCRLEntry

CRL_ENTRY;    cExtension

WORD;    rgExtension

CERT_EXTENSION;  end; //+------------------------------------------------------------------------- //  CRL versions //-------------------------------------------------------------------------- const  CRL_V1 = 0;  CRL_V2 = 1; //+------------------------------------------------------------------------- //  Information stored in a certificate request // //  The Subject, Algorithm, PublicKey and Attribute BLOBs are the encoded //  representation of the information. //-------------------------------------------------------------------------- type  PCERT_REQUEST_INFO = ^CERT_REQUEST_INFO;  CERT_REQUEST_INFO = record    dwVersion

WORD;    Subject              :CERT_NAME_BLOB;    SubjectPublicKeyInfo :CERT_PUBLIC_KEY_INFO;    cAttribute

WORD;    rgAttribute

CRYPT_ATTRIBUTE;  end; //+------------------------------------------------------------------------- //  Certificate Request versions //-------------------------------------------------------------------------- const CERT_REQUEST_V1 = 0; //+------------------------------------------------------------------------- //  Information stored in Netscape's Keygen request //-------------------------------------------------------------------------- type  PCERT_KEYGEN_REQUEST_INFO = ^CERT_KEYGEN_REQUEST_INFO;  CERT_KEYGEN_REQUEST_INFO = record    dwVersion

WORD;    SubjectPublicKeyInfo :CERT_PUBLIC_KEY_INFO;    pwszChallengeString  :LPWSTR;        // encoded as IA5  end; const  CERT_KEYGEN_REQUEST_V1 = 0; //+------------------------------------------------------------------------- //  Certificate, CRL, Certificate Request or Keygen Request Signed Content // //  The "to be signed" encoded content plus its signature. The ToBeSigned //  is the encoded CERT_INFO, CRL_INFO, CERT_REQUEST_INFO or //  CERT_KEYGEN_REQUEST_INFO. //-------------------------------------------------------------------------- type  PCERT_SIGNED_CONTENT_INFO = ^CERT_SIGNED_CONTENT_INFO;  CERT_SIGNED_CONTENT_INFO = record    ToBeSigned          :CRYPT_DER_BLOB;    SignatureAlgorithm  :CRYPT_ALGORITHM_IDENTIFIER;    Signature           :CRYPT_BIT_BLOB; end; //+------------------------------------------------------------------------- //  Certificate Trust List (CTL) //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CTL Usage. Also used for EnhancedKeyUsage extension. //-------------------------------------------------------------------------- type  PCTL_USAGE =^CTL_USAGE;  CTL_USAGE = record    cUsageIdentifier

WORD;    rgpszUsageIdentifier

LPSTR;      // array of pszObjId  end; type  CERT_ENHKEY_USAGE = CTL_USAGE;  PCERT_ENHKEY_USAGE = ^CERT_ENHKEY_USAGE; //+------------------------------------------------------------------------- //  An entry in a CTL //-------------------------------------------------------------------------- type  PCTL_ENTRY = ^CTL_ENTRY;  CTL_ENTRY = record    SubjectIdentifier :CRYPT_DATA_BLOB;    // For example, its hash    cAttribute

WORD;    rgAttribute

CRYPT_ATTRIBUTE;   // OPTIONAL  end; //+------------------------------------------------------------------------- //  Information stored in a CTL //-------------------------------------------------------------------------- type  PCTL_INFO = ^CTL_INFO;  CTL_INFO = record    dwVersion

WORD;    SubjectUsage        :CTL_USAGE;    ListIdentifier      :CRYPT_DATA_BLOB;     // OPTIONAL    SequenceNumber      :CRYPT_INTEGER_BLOB;  // OPTIONAL    ThisUpdate          :TFILETIME;    NextUpdate          :TFILETIME;           // OPTIONAL    SubjectAlgorithm    :CRYPT_ALGORITHM_IDENTIFIER;    cCTLEntry

WORD;    rgCTLEntry

CTL_ENTRY;          // OPTIONAL    cExtension

WORD;    rgExtension

CERT_EXTENSION;     // OPTIONAL  end; //+------------------------------------------------------------------------- //  CTL versions //-------------------------------------------------------------------------- const  CTL_V1 = 0; //+------------------------------------------------------------------------- //  TimeStamp Request // //  The pszTimeStamp is the OID for the Time type requested //  The pszContentType is the Content Type OID for the content, usually DATA //  The Content is a un-decoded blob //-------------------------------------------------------------------------- type  PCRYPT_TIME_STAMP_REQUEST_INFO = ^CRYPT_TIME_STAMP_REQUEST_INFO;  CRYPT_TIME_STAMP_REQUEST_INFO = record    pszTimeStampAlgorithm :LPSTR;   // pszObjId    pszContentType        :LPSTR;   // pszObjId    Content               :CRYPT_OBJID_BLOB;    cAttribute

WORD;    rgAttribute

CRYPT_ATTRIBUTE;  end; //+------------------------------------------------------------------------- //  Certificate and Message encoding types // //  The encoding type is a DWORD containing both the certificate and message //  encoding types. The certificate encoding type is stored in the LOWORD. //  The message encoding type is stored in the HIWORD. Some functions or //  structure fields require only one of the encoding types. The following //  naming convention is used to indicate which encoding type(s) are //  required: //      dwEncodingType              (both encoding types are required) //      dwMsgAndCertEncodingType    (both encoding types are required) //      dwMsgEncodingType           (only msg encoding type is required) //      dwCertEncodingType          (only cert encoding type is required) // //  Its always acceptable to specify both. //-------------------------------------------------------------------------- const  CERT_ENCODING_TYPE_MASK = $0000FFFF;  CMSG_ENCODING_TYPE_MASK = $FFFF0000; //#define GET_CERT_ENCODING_TYPE(X)   (X & CERT_ENCODING_TYPE_MASK) //#define GET_CMSG_ENCODING_TYPE(X)   (X & CMSG_ENCODING_TYPE_MASK) function GET_CERT_ENCODING_TYPE(X

WORD)

WORD; function GET_CMSG_ENCODING_TYPE(X

WORD)

WORD; const  CRYPT_ASN_ENCODING  = $00000001;  CRYPT_NDR_ENCODING = $00000002;  X509_ASN_ENCODING = $00000001;  X509_NDR_ENCODING = $00000002;  PKCS_7_ASN_ENCODING = $00010000;  PKCS_7_NDR_ENCODING = $00020000; //+------------------------------------------------------------------------- //  format the specified data structure according to the certificate //  encoding type. // //-------------------------------------------------------------------------- function CryptFormatObject(dwCertEncodingType

WORD;                           dwFormatType

WORD;                           dwFormatStrType

WORD;                           pFormatStruct

VOID;                           lpszStructType     :LPCSTR;                     const pbEncoded

BYTE;                           cbEncoded

WORD;                           pbFormat

VOID;                           pcbFormat

DWORD):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Encode / decode the specified data structure according to the certificate //  encoding type. // //  See below for a list of the predefined data structures. //-------------------------------------------------------------------------- function CryptEncodeObject(dwCertEncodingType

WORD;                           lpszStructType     :LPCSTR;                     const pvStructInfo

VOID;                           pbEncoded

BYTE;                           pcbEncoded

DWORD ):BOOL ; stdcall; function CryptDecodeObject(dwCertEncodingType

WORD;                           lpszStructType     :LPCSTR;                     const pbEncoded

BYTE;                           cbEncoded

WORD;                           dwFlags

WORD;                           pvStructInfo

VOID;                           pcbStructInfo

DWORD):BOOL ; stdcall; // When the following flag is set the nocopy optimization is enabled. // This optimization where appropriate, updates the pvStructInfo fields // to point to content residing within pbEncoded instead of making a copy // of and appending to pvStructInfo. // // Note, when set, pbEncoded can't be freed until pvStructInfo is freed. const  CRYPT_DECODE_NOCOPY_FLAG = $1; //+------------------------------------------------------------------------- //  Predefined X509 certificate data structures that can be encoded / decoded. //--------------------------------------------------------------------------  CRYPT_ENCODE_DECODE_NONE         = 0;  X509_CERT                        = (LPCSTR(1));  X509_CERT_TO_BE_SIGNED           = (LPCSTR(2));  X509_CERT_CRL_TO_BE_SIGNED       = (LPCSTR(3));  X509_CERT_REQUEST_TO_BE_SIGNED   = (LPCSTR(4));  X509_EXTENSIONS                  = (LPCSTR(5));  X509_NAME_VALUE                  = (LPCSTR(6));  X509_NAME                        = (LPCSTR(7));  X509_PUBLIC_KEY_INFO             = (LPCSTR(8)); //+------------------------------------------------------------------------- //  Predefined X509 certificate extension data structures that can be //  encoded / decoded. //--------------------------------------------------------------------------  X509_AUTHORITY_KEY_ID            = (LPCSTR(9));  X509_KEY_ATTRIBUTES              = (LPCSTR(10));  X509_KEY_USAGE_RESTRICTION       = (LPCSTR(11));  X509_ALTERNATE_NAME              = (LPCSTR(12));  X509_BASIC_CONSTRAINTS          = (LPCSTR(13));  X509_KEY_USAGE                   = (LPCSTR(14));  X509_BASIC_CONSTRAINTS2          = (LPCSTR(15));  X509_CERT_POLICIES               = (LPCSTR(16)); //+------------------------------------------------------------------------- //  Additional predefined data structures that can be encoded / decoded. //--------------------------------------------------------------------------  PKCS_UTC_TIME                    = (LPCSTR(17));  PKCS_TIME_REQUEST                = (LPCSTR(18));  RSA_CSP_PUBLICKEYBLOB            = (LPCSTR(19));  X509_UNICODE_NAME                = (LPCSTR(20));  X509_KEYGEN_REQUEST_TO_BE_SIGNED  = (LPCSTR(21));  PKCS_ATTRIBUTE                    = (LPCSTR(22));  PKCS_CONTENT_INFO_SEQUENCE_OF_ANY = (LPCSTR(23)); //+------------------------------------------------------------------------- //  Predefined primitive data structures that can be encoded / decoded. //--------------------------------------------------------------------------  X509_UNICODE_NAME_VALUE    = (LPCSTR(24));  X509_ANY_STRING            = X509_NAME_VALUE;  X509_UNICODE_ANY_STRING    = X509_UNICODE_NAME_VALUE;  X509_OCTET_STRING          = (LPCSTR(25));  X509_BITS                  = (LPCSTR(26));  X509_INTEGER               = (LPCSTR(27));  X509_MULTI_BYTE_INTEGER    = (LPCSTR(28));  X509_ENUMERATED            = (LPCSTR(29));  X509_CHOICE_OF_TIME        = (LPCSTR(30)); //+------------------------------------------------------------------------- //  More predefined X509 certificate extension data structures that can be //  encoded / decoded. //--------------------------------------------------------------------------  X509_AUTHORITY_KEY_ID2        = (LPCSTR(31)); //  X509_AUTHORITY_INFO_ACCESS          (LPCSTR(32));  X509_CRL_REASON_CODE          = X509_ENUMERATED;  PKCS_CONTENT_INFO             = (LPCSTR(33));  X509_SEQUENCE_OF_ANY          = (LPCSTR(34));  X509_CRL_DIST_POINTS          = (LPCSTR(35));  X509_ENHANCED_KEY_USAGE       = (LPCSTR(36));  PKCS_CTL                      = (LPCSTR(37));  X509_MULTI_BYTE_UINT          = (LPCSTR(38));  X509_DSS_PUBLICKEY            =  X509_MULTI_BYTE_UINT;  X509_DSS_PARAMETERS           = (LPCSTR(39));  X509_DSS_SIGNATURE            = (LPCSTR(40));  PKCS_RC2_CBC_PARAMETERS       = (LPCSTR(41));  PKCS_SMIME_CAPABILITIES       = (LPCSTR(42)); //+------------------------------------------------------------------------- //  Predefined PKCS #7 data structures that can be encoded / decoded. //--------------------------------------------------------------------------  PKCS7_SIGNER_INFO             = (LPCSTR(500)); //+------------------------------------------------------------------------- //  Predefined Software Publishing Credential (SPC)  data structures that //  can be encoded / decoded. // //  Predefined values: 2000 .. 2999 // //  See spc.h for value and data structure definitions. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  Extension Object Identifiers //-------------------------------------------------------------------------- const  szOID_AUTHORITY_KEY_IDENTIFIER      = '2.5.29.1';  szOID_KEY_ATTRIBUTES                = '2.5.29.2';  szOID_KEY_USAGE_RESTRICTION         = '2.5.29.4';  szOID_SUBJECT_ALT_NAME              = '2.5.29.7';  szOID_ISSUER_ALT_NAME               = '2.5.29.8';  szOID_BASIC_CONSTRAINTS             = '2.5.29.10';  szOID_KEY_USAGE                     = '2.5.29.15';  szOID_BASIC_CONSTRAINTS2            = '2.5.29.19';  szOID_CERT_POLICIES                 = '2.5.29.32';  szOID_AUTHORITY_KEY_IDENTIFIER2     =  '2.5.29.35';  szOID_SUBJECT_KEY_IDENTIFIER        = '2.5.29.14';  szOID_SUBJECT_ALT_NAME2             = '2.5.29.17';  szOID_ISSUER_ALT_NAME2              = '2.5.29.18';  szOID_CRL_REASON_CODE               = '2.5.29.21';  szOID_CRL_DIST_POINTS               = '2.5.29.31';  szOID_ENHANCED_KEY_USAGE            = '2.5.29.37'; // Internet Public Key Infrastructure  szOID_PKIX                          = '1.3.6.1.5.5.7';  szOID_AUTHORITY_INFO_ACCESS         = '1.3.6.1.5.5.7.2'; // Microsoft extensions or attributes  szOID_CERT_EXTENSIONS               = '1.3.6.1.4.1.311.2.1.14';  szOID_NEXT_UPDATE_LOCATION          = '1.3.6.1.4.1.311.10.2'; //  Microsoft PKCS #7 ContentType Object Identifiers  szOID_CTL                           = '1.3.6.1.4.1.311.10.1'; //+------------------------------------------------------------------------- //  Extension Object Identifiers (currently not implemented) //--------------------------------------------------------------------------  szOID_POLICY_MAPPINGS               = '2.5.29.5';  szOID_SUBJECT_DIR_ATTRS             = '2.5.29.9'; //+------------------------------------------------------------------------- //  Enhanced Key Usage (Purpose) Object Identifiers //-------------------------------------------------------------------------- const szOID_PKIX_KP                       = '1.3.6.1.5.5.7.3'; // Consistent key usage bits: DIGITAL_SIGNATURE, KEY_ENCIPHERMENT // or KEY_AGREEMENT  szOID_PKIX_KP_SERVER_AUTH           = '1.3.6.1.5.5.7.3.1'; // Consistent key usage bits: DIGITAL_SIGNATURE  szOID_PKIX_KP_CLIENT_AUTH           = '1.3.6.1.5.5.7.3.2'; // Consistent key usage bits: DIGITAL_SIGNATURE  szOID_PKIX_KP_CODE_SIGNING          = '1.3.6.1.5.5.7.3.3'; // Consistent key usage bits: DIGITAL_SIGNATURE, NON_REPUDIATION and/or // (KEY_ENCIPHERMENT or KEY_AGREEMENT)  szOID_PKIX_KP_EMAIL_PROTECTION      = '1.3.6.1.5.5.7.3.4'; //+------------------------------------------------------------------------- //  Microsoft Enhanced Key Usage (Purpose) Object Identifiers //+------------------------------------------------------------------------- //  Signer of CTLs  szOID_KP_CTL_USAGE_SIGNING          = '1.3.6.1.4.1.311.10.3.1'; //  Signer of TimeStamps  szOID_KP_TIME_STAMP_SIGNING         = '1.3.6.1.4.1.311.10.3.2'; //+------------------------------------------------------------------------- //  Microsoft Attribute Object Identifiers //+-------------------------------------------------------------------------  szOID_YESNO_TRUST_ATTR              = '1.3.6.1.4.1.311.10.4.1'; //+------------------------------------------------------------------------- //  X509_CERT // //  The "to be signed" encoded content plus its signature. The ToBeSigned //  content is the CryptEncodeObject() output for one of the following: //  X509_CERT_TO_BE_SIGNED, X509_CERT_CRL_TO_BE_SIGNED or //  X509_CERT_REQUEST_TO_BE_SIGNED. // //  pvStructInfo points to CERT_SIGNED_CONTENT_INFO. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  X509_CERT_TO_BE_SIGNED // //  pvStructInfo points to CERT_INFO. // //  For CryptDecodeObject(), the pbEncoded is the "to be signed" plus its //  signature (output of a X509_CERT CryptEncodeObject()). // //  For CryptEncodeObject(), the pbEncoded is just the "to be signed". //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  X509_CERT_CRL_TO_BE_SIGNED // //  pvStructInfo points to CRL_INFO. // //  For CryptDecodeObject(), the pbEncoded is the "to be signed" plus its //  signature (output of a X509_CERT CryptEncodeObject()). // //  For CryptEncodeObject(), the pbEncoded is just the "to be signed". //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  X509_CERT_REQUEST_TO_BE_SIGNED // //  pvStructInfo points to CERT_REQUEST_INFO. // //  For CryptDecodeObject(), the pbEncoded is the "to be signed" plus its //  signature (output of a X509_CERT CryptEncodeObject()). // //  For CryptEncodeObject(), the pbEncoded is just the "to be signed". //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  X509_EXTENSIONS //  szOID_CERT_EXTENSIONS // //  pvStructInfo points to following CERT_EXTENSIONS. //-------------------------------------------------------------------------- type  PCERT_EXTENSIONS = ^CERT_EXTENSIONS;  CERT_EXTENSIONS = record    cExtension

WORD;    rgExtension

CERT_EXTENSION;  end; //+------------------------------------------------------------------------- //  X509_NAME_VALUE //  X509_ANY_STRING // //  pvStructInfo points to CERT_NAME_VALUE. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  X509_UNICODE_NAME_VALUE //  X509_UNICODE_ANY_STRING // //  pvStructInfo points to CERT_NAME_VALUE. // //  The name values are unicode strings. // //  For CryptEncodeObject: //    Value.pbData points to the unicode string. //    If Value.cbData = 0, then, the unicode string is NULL terminated. //    Otherwise, Value.cbData is the unicode string byte count. The byte count //    is twice the character count. // //    If the unicode string contains an invalid character for the specified //    dwValueType, then, *pcbEncoded is updated with the unicode character //    index of the first invalid character. LastError is set to: //    CRYPT_E_INVALID_NUMERIC_STRING, CRYPT_E_INVALID_PRINTABLE_STRING or //    CRYPT_E_INVALID_IA5_STRING. // //    The unicode string is converted before being encoded according to //    the specified dwValueType. If dwValueType is set to 0, LastError //    is set to E_INVALIDARG. // //    If the dwValueType isn't one of the character strings (its a //    CERT_RDN_ENCODED_BLOB or CERT_RDN_OCTET_STRING), then, CryptEncodeObject //    will return FALSE with LastError set to CRYPT_E_NOT_CHAR_STRING. // //  For CryptDecodeObject: //    Value.pbData points to a NULL terminated unicode string. Value.cbData //    contains the byte count of the unicode string excluding the NULL //    terminator. dwValueType contains the type used in the encoded object. //    Its not forced to CERT_RDN_UNICODE_STRING. The encoded value is //    converted to the unicode string according to the dwValueType. // //    If the encoded object isn't one of the character string types, then, //    CryptDecodeObject will return FALSE with LastError set to //    CRYPT_E_NOT_CHAR_STRING. For a non character string, decode using //    X509_NAME_VALUE or X509_ANY_STRING. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  X509_NAME // //  pvStructInfo points to CERT_NAME_INFO. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  X509_UNICODE_NAME // //  pvStructInfo points to CERT_NAME_INFO. // //  The RDN attribute values are unicode strings except for the dwValueTypes of //  CERT_RDN_ENCODED_BLOB or CERT_RDN_OCTET_STRING. These dwValueTypes are //  the same as for a X509_NAME. Their values aren't converted to/from unicode. // //  For CryptEncodeObject: //    Value.pbData points to the unicode string. //    If Value.cbData = 0, then, the unicode string is NULL terminated. //    Otherwise, Value.cbData is the unicode string byte count. The byte count //    is twice the character count. // //    If dwValueType = 0 (CERT_RDN_ANY_TYPE), the pszObjId is used to find //    an acceptable dwValueType. If the unicode string contains an //    invalid character for the found or specified dwValueType, then, //    *pcbEncoded is updated with the error location of the invalid character. //    See below for details. LastError is set to: //    CRYPT_E_INVALID_NUMERIC_STRING, CRYPT_E_INVALID_PRINTABLE_STRING or //    CRYPT_E_INVALID_IA5_STRING. // //    The unicode string is converted before being encoded according to //    the specified or ObjId matching dwValueType. // //  For CryptDecodeObject: //    Value.pbData points to a NULL terminated unicode string. Value.cbData //    contains the byte count of the unicode string excluding the NULL //    terminator. dwValueType contains the type used in the encoded object. //    Its not forced to CERT_RDN_UNICODE_STRING. The encoded value is //    converted to the unicode string according to the dwValueType. // //    If the dwValueType of the encoded value isn't a character string //    type, then, it isn't converted to UNICODE. Use the //    IS_CERT_RDN_CHAR_STRING() macro on the dwValueType to check //    that Value.pbData points to a converted unicode string. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  Unicode Name Value Error Location Definitions // //  Error location is returned in *pcbEncoded by //  CryptEncodeObject(X509_UNICODE_NAME) // //  Error location consists of: //    RDN_INDEX     - 10 bits << 22 //    ATTR_INDEX    - 6 bits << 16 //    VALUE_INDEX   - 16 bits (unicode character index) //-------------------------------------------------------------------------- const  CERT_UNICODE_RDN_ERR_INDEX_MASK     = $3FF;  CERT_UNICODE_RDN_ERR_INDEX_SHIFT    = 22;  CERT_UNICODE_ATTR_ERR_INDEX_MASK    = $003F;  CERT_UNICODE_ATTR_ERR_INDEX_SHIFT   = 16;  CERT_UNICODE_VALUE_ERR_INDEX_MASK   = $0000FFFF;  CERT_UNICODE_VALUE_ERR_INDEX_SHIFT  = 0; {#define GET_CERT_UNICODE_RDN_ERR_INDEX(X)   /    ((X >> CERT_UNICODE_RDN_ERR_INDEX_SHIFT) & CERT_UNICODE_RDN_ERR_INDEX_MASK)} function  GET_CERT_UNICODE_RDN_ERR_INDEX(X :integer):integer; {#define GET_CERT_UNICODE_ATTR_ERR_INDEX(X)  /    ((X >> CERT_UNICODE_ATTR_ERR_INDEX_SHIFT) & CERT_UNICODE_ATTR_ERR_INDEX_MASK)} function  GET_CERT_UNICODE_ATTR_ERR_INDEX(X :integer):integer; {#define GET_CERT_UNICODE_VALUE_ERR_INDEX(X) /    (X & CERT_UNICODE_VALUE_ERR_INDEX_MASK)} function  GET_CERT_UNICODE_VALUE_ERR_INDEX(X :integer):integer; //+------------------------------------------------------------------------- //  X509_PUBLIC_KEY_INFO // //  pvStructInfo points to CERT_PUBLIC_KEY_INFO. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  X509_AUTHORITY_KEY_ID //  szOID_AUTHORITY_KEY_IDENTIFIER // //  pvStructInfo points to following CERT_AUTHORITY_KEY_ID_INFO. //-------------------------------------------------------------------------- type  PCERT_AUTHORITY_KEY_ID_INFO = ^CERT_AUTHORITY_KEY_ID_INFO;  CERT_AUTHORITY_KEY_ID_INFO = record    KeyId            :CRYPT_DATA_BLOB;    CertIssuer       :CERT_NAME_BLOB;    CertSerialNumber :CRYPT_INTEGER_BLOB;  end; //+------------------------------------------------------------------------- //  X509_KEY_ATTRIBUTES //  szOID_KEY_ATTRIBUTES // //  pvStructInfo points to following CERT_KEY_ATTRIBUTES_INFO. //-------------------------------------------------------------------------- type  PCERT_PRIVATE_KEY_VALIDITY = ^CERT_PRIVATE_KEY_VALIDITY;  CERT_PRIVATE_KEY_VALIDITY = record    NotBefore :TFILETIME;    NotAfter  :TFILETIME;  end; type  PCERT_KEY_ATTRIBUTES_INFO = ^CERT_KEY_ATTRIBUTES_INFO;  CERT_KEY_ATTRIBUTES_INFO = record    KeyId                  :CRYPT_DATA_BLOB;    IntendedKeyUsage       :CRYPT_BIT_BLOB;    pPrivateKeyUsagePeriod

CERT_PRIVATE_KEY_VALIDITY;     // OPTIONAL  end; const  CERT_DIGITAL_SIGNATURE_KEY_USAGE    = $80;  CERT_NON_REPUDIATION_KEY_USAGE      = $40;  CERT_KEY_ENCIPHERMENT_KEY_USAGE     = $20;  CERT_DATA_ENCIPHERMENT_KEY_USAGE    = $10;  CERT_KEY_AGREEMENT_KEY_USAGE        = $08;  CERT_KEY_CERT_SIGN_KEY_USAGE        = $04;  CERT_OFFLINE_CRL_SIGN_KEY_USAGE     = $02;  CERT_CRL_SIGN_KEY_USAGE             = $02; //+------------------------------------------------------------------------- //  X509_KEY_USAGE_RESTRICTION //  szOID_KEY_USAGE_RESTRICTION // //  pvStructInfo points to following CERT_KEY_USAGE_RESTRICTION_INFO. //-------------------------------------------------------------------------- type  PCERT_POLICY_ID = ^CERT_POLICY_ID;  CERT_POLICY_ID = record    cCertPolicyElementId

WORD;    rgpszCertPolicyElementId

LPSTR;  // pszObjId  end; type  PCERT_KEY_USAGE_RESTRICTION_INFO = ^CERT_KEY_USAGE_RESTRICTION_INFO;  CERT_KEY_USAGE_RESTRICTION_INFO = record    cCertPolicyId

WORD;    rgCertPolicyId

CERT_POLICY_ID;    RestrictedKeyUsage :CRYPT_BIT_BLOB;  end; // See CERT_KEY_ATTRIBUTES_INFO for definition of the RestrictedKeyUsage bits //+------------------------------------------------------------------------- //  X509_ALTERNATE_NAME //  szOID_SUBJECT_ALT_NAME //  szOID_ISSUER_ALT_NAME //  szOID_SUBJECT_ALT_NAME2 //  szOID_ISSUER_ALT_NAME2 // //  pvStructInfo points to following CERT_ALT_NAME_INFO. //-------------------------------------------------------------------------- type  PCERT_ALT_NAME_ENTRY = ^CERT_ALT_NAME_ENTRY;  CERT_ALT_NAME_ENTRY = record    dwAltNameChoice

WORD;    case integer of    {1}0: ({OtherName :Not implemented});    {2}1: (pwszRfc822Name  :LPWSTR);            //(encoded IA5)    {3}2: (pwszDNSName     :LPWSTR);            //(encoded IA5)    {4}3: ({x400Address    :Not implemented});    {5}4: (DirectoryName   :CERT_NAME_BLOB);    {6}5: ({pEdiPartyName  :Not implemented});    {7}6: (pwszURL         :LPWSTR);            //(encoded IA5)    {8}7: (IPAddress       :CRYPT_DATA_BLOB);   //(Octet String)    {9}8: (pszRegisteredID :LPSTR);             //(Octet String)    end; const  CERT_ALT_NAME_OTHER_NAME      = 1;  CERT_ALT_NAME_RFC822_NAME     = 2;  CERT_ALT_NAME_DNS_NAME        = 3;  CERT_ALT_NAME_X400_ADDRESS    = 4;  CERT_ALT_NAME_DIRECTORY_NAME  = 5;  CERT_ALT_NAME_EDI_PARTY_NAME  = 6;  CERT_ALT_NAME_URL             = 7;  CERT_ALT_NAME_IP_ADDRESS      = 8;  CERT_ALT_NAME_REGISTERED_ID   = 9; type  PCERT_ALT_NAME_INFO = ^CERT_ALT_NAME_INFO;  CERT_ALT_NAME_INFO = record    cAltEntry

WORD;    rgAltEntry

CERT_ALT_NAME_ENTRY;  end; //+------------------------------------------------------------------------- //  Alternate name IA5 Error Location Definitions for //  CRYPT_E_INVALID_IA5_STRING. // //  Error location is returned in *pcbEncoded by //  CryptEncodeObject(X509_ALTERNATE_NAME) // //  Error location consists of: //    ENTRY_INDEX   - 8 bits << 16 //    VALUE_INDEX   - 16 bits (unicode character index) //-------------------------------------------------------------------------- const  CERT_ALT_NAME_ENTRY_ERR_INDEX_MASK  = $FF;  CERT_ALT_NAME_ENTRY_ERR_INDEX_SHIFT = 16;  CERT_ALT_NAME_VALUE_ERR_INDEX_MASK  = $0000FFFF;  CERT_ALT_NAME_VALUE_ERR_INDEX_SHIFT = 0; {#define GET_CERT_ALT_NAME_ENTRY_ERR_INDEX(X)   /    ((X >> CERT_ALT_NAME_ENTRY_ERR_INDEX_SHIFT) & /                                  CERT_ALT_NAME_ENTRY_ERR_INDEX_MASK)} function GET_CERT_ALT_NAME_ENTRY_ERR_INDEX(X

WORD)

WORD; {#define GET_CERT_ALT_NAME_VALUE_ERR_INDEX(X) /    (X & CERT_ALT_NAME_VALUE_ERR_INDEX_MASK)} function GET_CERT_ALT_NAME_VALUE_ERR_INDEX(X

WORD)

WORD; //+------------------------------------------------------------------------- //  X509_BASIC_CONSTRAINTS //  szOID_BASIC_CONSTRAINTS // //  pvStructInfo points to following CERT_BASIC_CONSTRAINTS_INFO. //-------------------------------------------------------------------------- type  PCERT_BASIC_CONSTRAINTS_INFO = ^CERT_BASIC_CONSTRAINTS_INFO;  CERT_BASIC_CONSTRAINTS_INFO = record    SubjectType          :CRYPT_BIT_BLOB;    fPathLenConstraint   :BOOL;    dwPathLenConstraint

WORD;    cSubtreesConstraint

WORD;    rgSubtreesConstraint

CERT_NAME_BLOB;  end; const  CERT_CA_SUBJECT_FLAG         = $80;  CERT_END_ENTITY_SUBJECT_FLAG = $40; //+------------------------------------------------------------------------- //  X509_BASIC_CONSTRAINTS2 //  szOID_BASIC_CONSTRAINTS2 // //  pvStructInfo points to following CERT_BASIC_CONSTRAINTS2_INFO. //-------------------------------------------------------------------------- type  PCERT_BASIC_CONSTRAINTS2_INFO = ^CERT_BASIC_CONSTRAINTS2_INFO;  CERT_BASIC_CONSTRAINTS2_INFO = record    fCA                 :BOOL;    fPathLenConstraint  :BOOL;    dwPathLenConstraint

WORD;  end; //+------------------------------------------------------------------------- //  X509_KEY_USAGE //  szOID_KEY_USAGE // //  pvStructInfo points to a CRYPT_BIT_BLOB. Has same bit definitions as //  CERT_KEY_ATTRIBUTES_INFO's IntendedKeyUsage. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  X509_CERT_POLICIES //  szOID_CERT_POLICIES // //  pvStructInfo points to following CERT_POLICIES_INFO. //-------------------------------------------------------------------------- type  PCERT_POLICY_QUALIFIER_INFO = ^CERT_POLICY_QUALIFIER_INFO;  CERT_POLICY_QUALIFIER_INFO = record    pszPolicyQualifierId  :LPSTR;            // pszObjId    Qualifier             :CRYPT_OBJID_BLOB; // optional  end; type  PCERT_POLICY_INFO = ^CERT_POLICY_INFO;  CERT_POLICY_INFO = record    pszPolicyIdentifier :LPSTR;    // pszObjId    cPolicyQualifier

WORD;       // optional    rgPolicyQualifier

CERT_POLICY_QUALIFIER_INFO;  end; type  PCERT_POLICIES_INFO = ^CERT_POLICIES_INFO;  CERT_POLICIES_INFO = record    cPolicyInfo

WORD;    rgPolicyInfo

CERT_POLICY_INFO;  end; //+------------------------------------------------------------------------- //  RSA_CSP_PUBLICKEYBLOB // //  pvStructInfo points to a PUBLICKEYSTRUC immediately followed by a //  RSAPUBKEY and the modulus bytes. // //  CryptExportKey outputs the above StructInfo for a dwBlobType of //  PUBLICKEYBLOB. CryptImportKey expects the above StructInfo when //  importing a public key. // //  For dwCertEncodingType = X509_ASN_ENCODING, the RSA_CSP_PUBLICKEYBLOB is //  encoded as a PKCS #1 RSAPublicKey consisting of a SEQUENCE of a //  modulus INTEGER and a publicExponent INTEGER. The modulus is encoded //  as being a unsigned integer. When decoded, if the modulus was encoded //  as unsigned integer with a leading 0 byte, the 0 byte is removed before //  converting to the CSP modulus bytes. // //  For decode, the aiKeyAlg field of PUBLICKEYSTRUC is always set to //  CALG_RSA_KEYX. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  X509_KEYGEN_REQUEST_TO_BE_SIGNED // //  pvStructInfo points to CERT_KEYGEN_REQUEST_INFO. // //  For CryptDecodeObject(), the pbEncoded is the "to be signed" plus its //  signature (output of a X509_CERT CryptEncodeObject()). // //  For CryptEncodeObject(), the pbEncoded is just the "to be signed". //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  PKCS_ATTRIBUTE data structure // //  pvStructInfo points to a CRYPT_ATTRIBUTE. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  PKCS_CONTENT_INFO_SEQUENCE_OF_ANY data structure // //  pvStructInfo points to following CRYPT_CONTENT_INFO_SEQUENCE_OF_ANY. // //  For X509_ASN_ENCODING: encoded as a PKCS#7 ContentInfo structure wrapping //  a sequence of ANY. The value of the contentType field is pszObjId, //  while the content field is the following structure: //      SequenceOfAny ::= SEQUENCE OF ANY // //  The CRYPT_DER_BLOBs point to the already encoded ANY content. //-------------------------------------------------------------------------- type  PCRYPT_CONTENT_INFO_SEQUENCE_OF_ANY = ^CRYPT_CONTENT_INFO_SEQUENCE_OF_ANY;  CRYPT_CONTENT_INFO_SEQUENCE_OF_ANY = record    pszObjId :LPSTR;    cValue

WORD;    rgValue

CRYPT_DER_BLOB;  end; //+------------------------------------------------------------------------- //  PKCS_CONTENT_INFO data structure // //  pvStructInfo points to following CRYPT_CONTENT_INFO. // //  For X509_ASN_ENCODING: encoded as a PKCS#7 ContentInfo structure. //  The CRYPT_DER_BLOB points to the already encoded ANY content. //-------------------------------------------------------------------------- type  PCRYPT_CONTENT_INFO = ^CRYPT_CONTENT_INFO;  CRYPT_CONTENT_INFO = record    pszObjId :LPSTR;    Content  :CRYPT_DER_BLOB;  end; //+------------------------------------------------------------------------- //  X509_OCTET_STRING data structure // //  pvStructInfo points to a CRYPT_DATA_BLOB. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  X509_BITS data structure // //  pvStructInfo points to a CRYPT_BIT_BLOB. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  X509_INTEGER data structure // //  pvStructInfo points to an int. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  X509_MULTI_BYTE_INTEGER data structure // //  pvStructInfo points to a CRYPT_INTEGER_BLOB. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  X509_ENUMERATED data structure // //  pvStructInfo points to an int containing the enumerated value //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  X509_CHOICE_OF_TIME data structure // //  pvStructInfo points to a FILETIME. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  X509_SEQUENCE_OF_ANY data structure // //  pvStructInfo points to following CRYPT_SEQUENCE_OF_ANY. // //  The CRYPT_DER_BLOBs point to the already encoded ANY content. //-------------------------------------------------------------------------- type  PCRYPT_SEQUENCE_OF_ANY = ^CRYPT_SEQUENCE_OF_ANY;  CRYPT_SEQUENCE_OF_ANY = record    cValue

WORD;    rgValue

CRYPT_DER_BLOB;  end; //+------------------------------------------------------------------------- //  X509_AUTHORITY_KEY_ID2 //  szOID_AUTHORITY_KEY_IDENTIFIER2 // //  pvStructInfo points to following CERT_AUTHORITY_KEY_ID2_INFO. // //  For CRYPT_E_INVALID_IA5_STRING, the error location is returned in //  *pcbEncoded by CryptEncodeObject(X509_AUTHORITY_KEY_ID2) // //  See X509_ALTERNATE_NAME for error location defines. //-------------------------------------------------------------------------- type  PCERT_AUTHORITY_KEY_ID2_INFO = ^CERT_AUTHORITY_KEY_ID2_INFO;  CERT_AUTHORITY_KEY_ID2_INFO = record    KeyId                     :CRYPT_DATA_BLOB;    AuthorityCertIssuer       :CERT_ALT_NAME_INFO;  // Optional, set cAltEntry to 0 to omit.    AuthorityCertSerialNumber :CRYPT_INTEGER_BLOB;  end; //+------------------------------------------------------------------------- //  szOID_SUBJECT_KEY_IDENTIFIER // //  pvStructInfo points to a CRYPT_DATA_BLOB. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  X509_CRL_REASON_CODE //  szOID_CRL_REASON_CODE // //  pvStructInfo points to an int which can be set to one of the following //  enumerated values: //-------------------------------------------------------------------------- const  CRL_REASON_UNSPECIFIED            = 0;  CRL_REASON_KEY_COMPROMISE         = 1;  CRL_REASON_CA_COMPROMISE          = 2;  CRL_REASON_AFFILIATION_CHANGED    = 3;  CRL_REASON_SUPERSEDED             = 4;  CRL_REASON_CESSATION_OF_OPERATION = 5;  CRL_REASON_CERTIFICATE_HOLD       = 6;  CRL_REASON_REMOVE_FROM_CRL        = 8; //+------------------------------------------------------------------------- //  X509_CRL_DIST_POINTS //  szOID_CRL_DIST_POINTS // //  pvStructInfo points to following CRL_DIST_POINTS_INFO. // //  For CRYPT_E_INVALID_IA5_STRING, the error location is returned in //  *pcbEncoded by CryptEncodeObject(X509_CRL_DIST_POINTS) // //  Error location consists of: //    CRL_ISSUER_BIT    - 1 bit  << 31 (0 for FullName, 1 for CRLIssuer) //    POINT_INDEX       - 7 bits << 24 //    ENTRY_INDEX       - 8 bits << 16 //    VALUE_INDEX       - 16 bits (unicode character index) // //  See X509_ALTERNATE_NAME for ENTRY_INDEX and VALUE_INDEX error location //  defines. //-------------------------------------------------------------------------- type  PCRL_DIST_POINT_NAME = ^CRL_DIST_POINT_NAME;  CRL_DIST_POINT_NAME = record    dwDistPointNameChoice

WORD;    case integer of      0

FullName :CERT_ALT_NAME_INFO);  {1}      1

{IssuerRDN :Not implemented});  {2}  end; const  CRL_DIST_POINT_NO_NAME         = 0;  CRL_DIST_POINT_FULL_NAME       = 1;  CRL_DIST_POINT_ISSUER_RDN_NAME = 2; type  PCRL_DIST_POINT = ^CRL_DIST_POINT;  CRL_DIST_POINT = record    DistPointName :CRL_DIST_POINT_NAME;   // OPTIONAL    ReasonFlags   :CRYPT_BIT_BLOB;        // OPTIONAL    CRLIssuer     :CERT_ALT_NAME_INFO;    // OPTIONAL  end; const  CRL_REASON_UNUSED_FLAG                 = $80;  CRL_REASON_KEY_COMPROMISE_FLAG         = $40;  CRL_REASON_CA_COMPROMISE_FLAG          = $20;  CRL_REASON_AFFILIATION_CHANGED_FLAG    = $10;  CRL_REASON_SUPERSEDED_FLAG             = $08;  CRL_REASON_CESSATION_OF_OPERATION_FLAG = $04;  CRL_REASON_CERTIFICATE_HOLD_FLAG       = $02; type  PCRL_DIST_POINTS_INFO = ^CRL_DIST_POINTS_INFO;  CRL_DIST_POINTS_INFO = record    cDistPoint

WORD;    rgDistPoint

CRL_DIST_POINT;  end; const  CRL_DIST_POINT_ERR_INDEX_MASK  = $7F;  CRL_DIST_POINT_ERR_INDEX_SHIFT = 24; {#define GET_CRL_DIST_POINT_ERR_INDEX(X)   /    ((X >> CRL_DIST_POINT_ERR_INDEX_SHIFT) & CRL_DIST_POINT_ERR_INDEX_MASK)} function GET_CRL_DIST_POINT_ERR_INDEX(X

WORD)

WORD; const CRL_DIST_POINT_ERR_CRL_ISSUER_BIT = (DWORD($80000000)); {#define IS_CRL_DIST_POINT_ERR_CRL_ISSUER(X)   /    (0 != (X & CRL_DIST_POINT_ERR_CRL_ISSUER_BIT))} function IS_CRL_DIST_POINT_ERR_CRL_ISSUER(X

WORD):BOOL; //+------------------------------------------------------------------------- //  X509_ENHANCED_KEY_USAGE //  szOID_ENHANCED_KEY_USAGE // //  pvStructInfo points to a CERT_ENHKEY_USAGE, CTL_USAGE. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  szOID_NEXT_UPDATE_LOCATION // //  pvStructInfo points to a CERT_ALT_NAME_INFO. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  PKCS_CTL //  szOID_CTL // //  pvStructInfo points to a CTL_INFO. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  X509_MULTI_BYTE_UINT // //  pvStructInfo points to a CRYPT_UINT_BLOB. Before encoding, inserts a //  leading 0x00. After decoding, removes a leading 0x00. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  X509_DSS_PUBLICKEY // //  pvStructInfo points to a CRYPT_UINT_BLOB. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  X509_DSS_PARAMETERS // //  pvStructInfo points to following CERT_DSS_PARAMETERS data structure. //-------------------------------------------------------------------------- type  PCERT_DSS_PARAMETERS = ^CERT_DSS_PARAMETERS;  CERT_DSS_PARAMETERS = record    p :CRYPT_UINT_BLOB;    q :CRYPT_UINT_BLOB;    g :CRYPT_UINT_BLOB;  end; //+------------------------------------------------------------------------- //  X509_DSS_SIGNATURE // //  pvStructInfo is a BYTE rgbSignature[CERT_DSS_SIGNATURE_LEN]. The //  bytes are ordered as output by the DSS CSP's CryptSignHash(). //-------------------------------------------------------------------------- const  CERT_DSS_R_LEN         = 20;  CERT_DSS_S_LEN         = 20;  CERT_DSS_SIGNATURE_LEN = (CERT_DSS_R_LEN + CERT_DSS_S_LEN); // Sequence of 2 unsigned integers (the extra +1 is for a potential leading // 0x00 to make the integer unsigned)  CERT_MAX_ASN_ENCODED_DSS_SIGNATURE_LEN = (2 + 2*(2 + 20 +1)); //+------------------------------------------------------------------------- //  PKCS_RC2_CBC_PARAMETERS //  szOID_RSA_RC2CBC // //  pvStructInfo points to following CRYPT_RC2_CBC_PARAMETERS data structure. //-------------------------------------------------------------------------- type  PCRYPT_RC2_CBC_PARAMETERS = ^CRYPT_RC2_CBC_PARAMETERS;  CRYPT_RC2_CBC_PARAMETERS = record    dwVersion

WORD;    fIV       :BOOL;           // set if has following IV    rgbIV     :array[0..8-1] of BYTE;  end; const  CRYPT_RC2_40BIT_VERSION  = 160;  CRYPT_RC2_64BIT_VERSION  = 120;  CRYPT_RC2_128BIT_VERSION = 58; //+------------------------------------------------------------------------- //  PKCS_SMIME_CAPABILITIES //  szOID_RSA_SMIMECapabilities // //  pvStructInfo points to following CRYPT_SMIME_CAPABILITIES data structure. // //  Note, for CryptEncodeObject(X509_ASN_ENCODING), Parameters.cbData == 0 //  causes the encoded parameters to be omitted and not encoded as a NULL //  (05 00) as is done when encoding a CRYPT_ALGORITHM_IDENTIFIER. This //  is per the SMIME specification for encoding capabilities. //-------------------------------------------------------------------------- type  PCRYPT_SMIME_CAPABILITY = ^CRYPT_SMIME_CAPABILITY;  CRYPT_SMIME_CAPABILITY = record    pszObjId   :LPSTR;    Parameters :CRYPT_OBJID_BLOB;  end; type  PCRYPT_SMIME_CAPABILITIES = ^CRYPT_SMIME_CAPABILITIES;  CRYPT_SMIME_CAPABILITIES = record    cCapability

WORD;    rgCapability

CRYPT_SMIME_CAPABILITY;  end; //+------------------------------------------------------------------------- //  PKCS7_SIGNER_INFO // //  pvStructInfo points to CMSG_SIGNER_INFO. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  Netscape Certificate Extension Object Identifiers //-------------------------------------------------------------------------- const  szOID_NETSCAPE                   = '2.16.840.1.113730';  szOID_NETSCAPE_CERT_EXTENSION    = '2.16.840.1.113730.1';  szOID_NETSCAPE_CERT_TYPE         = '2.16.840.1.113730.1.1';  szOID_NETSCAPE_BASE_URL          = '2.16.840.1.113730.1.2';  szOID_NETSCAPE_REVOCATION_URL    = '2.16.840.1.113730.1.3';  szOID_NETSCAPE_CA_REVOCATION_URL = '2.16.840.1.113730.1.4';  szOID_NETSCAPE_CERT_RENEWAL_URL  = '2.16.840.1.113730.1.7';  szOID_NETSCAPE_CA_POLICY_URL     = '2.16.840.1.113730.1.8';  szOID_NETSCAPE_SSL_SERVER_NAME   = '2.16.840.1.113730.1.12';  szOID_NETSCAPE_COMMENT           = '2.16.840.1.113730.1.13'; //+------------------------------------------------------------------------- //  Netscape Certificate Data Type Object Identifiers //-------------------------------------------------------------------------- const  szOID_NETSCAPE_DATA_TYPE      = '2.16.840.1.113730.2';  szOID_NETSCAPE_CERT_SEQUENCE  = '2.16.840.1.113730.2.5'; //+------------------------------------------------------------------------- //  szOID_NETSCAPE_CERT_TYPE extension // //  Its value is a bit string. CryptDecodeObject/CryptEncodeObject using //  X509_BITS. // //  The following bits are defined: //-------------------------------------------------------------------------- const  NETSCAPE_SSL_CLIENT_AUTH_CERT_TYPE  = $80;  NETSCAPE_SSL_SERVER_AUTH_CERT_TYPE  = $40;  NETSCAPE_SSL_CA_CERT_TYPE           = $04; //+------------------------------------------------------------------------- //  szOID_NETSCAPE_BASE_URL extension // //  Its value is an IA5_STRING. CryptDecodeObject/CryptEncodeObject using //  X509_ANY_STRING or X509_UNICODE_ANY_STRING, where, //  dwValueType = CERT_RDN_IA5_STRING. // //  When present this string is added to the beginning of all relative URLs //  in the certificate.  This extension can be considered an optimization //  to reduce the size of the URL extensions. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  szOID_NETSCAPE_REVOCATION_URL extension // //  Its value is an IA5_STRING. CryptDecodeObject/CryptEncodeObject using //  X509_ANY_STRING or X509_UNICODE_ANY_STRING, where, //  dwValueType = CERT_RDN_IA5_STRING. // //  It is a relative or absolute URL that can be used to check the //  revocation status of a certificate. The revocation check will be //  performed as an HTTP GET method using a url that is the concatenation of //  revocation-url and certificate-serial-number. //  Where the certificate-serial-number is encoded as a string of //  ascii hexadecimal digits. For example, if the netscape-base-url is //  https://www.certs-r-us.com/, the netscape-revocation-url is //  cgi-bin/check-rev.cgi?, and the certificate serial number is 173420, //  the resulting URL would be: //  https://www.certs-r-us.com/cgi-bin/check-rev.cgi?02a56c // //  The server should return a document with a Content-Type of //  application/x-netscape-revocation.  The document should contain //  a single ascii digit, '1' if the certificate is not curently valid, //  and '0' if it is curently valid. // //  Note: for all of the URLs that include the certificate serial number, //  the serial number will be encoded as a string which consists of an even //  number of hexadecimal digits.  If the number of significant digits is odd, //  the string will have a single leading zero to ensure an even number of //  digits is generated. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  szOID_NETSCAPE_CA_REVOCATION_URL extension // //  Its value is an IA5_STRING. CryptDecodeObject/CryptEncodeObject using //  X509_ANY_STRING or X509_UNICODE_ANY_STRING, where, //  dwValueType = CERT_RDN_IA5_STRING. // //  It is a relative or absolute URL that can be used to check the //  revocation status of any certificates that are signed by the CA that //  this certificate belongs to. This extension is only valid in CA //  certificates.  The use of this extension is the same as the above //  szOID_NETSCAPE_REVOCATION_URL extension. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  szOID_NETSCAPE_CERT_RENEWAL_URL extension // //  Its value is an IA5_STRING. CryptDecodeObject/CryptEncodeObject using //  X509_ANY_STRING or X509_UNICODE_ANY_STRING, where, //  dwValueType = CERT_RDN_IA5_STRING. // //  It is a relative or absolute URL that points to a certificate renewal //  form. The renewal form will be accessed with an HTTP GET method using a //  url that is the concatenation of renewal-url and //  certificate-serial-number. Where the certificate-serial-number is //  encoded as a string of ascii hexadecimal digits. For example, if the //  netscape-base-url is https://www.certs-r-us.com/, the //  netscape-cert-renewal-url is cgi-bin/check-renew.cgi?, and the //  certificate serial number is 173420, the resulting URL would be: //  https://www.certs-r-us.com/cgi-bin/check-renew.cgi?02a56c //  The document returned should be an HTML form that will allow the user //  to request a renewal of their certificate. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  szOID_NETSCAPE_CA_POLICY_URL extension // //  Its value is an IA5_STRING. CryptDecodeObject/CryptEncodeObject using //  X509_ANY_STRING or X509_UNICODE_ANY_STRING, where, //  dwValueType = CERT_RDN_IA5_STRING. // //  It is a relative or absolute URL that points to a web page that //  describes the policies under which the certificate was issued. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  szOID_NETSCAPE_SSL_SERVER_NAME extension // //  Its value is an IA5_STRING. CryptDecodeObject/CryptEncodeObject using //  X509_ANY_STRING or X509_UNICODE_ANY_STRING, where, //  dwValueType = CERT_RDN_IA5_STRING. // //  It is a "shell expression" that can be used to match the hostname of the //  SSL server that is using this certificate.  It is recommended that if //  the server's hostname does not match this pattern the user be notified //  and given the option to terminate the SSL connection.  If this extension //  is not present then the CommonName in the certificate subject's //  distinguished name is used for the same purpose. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  szOID_NETSCAPE_COMMENT extension // //  Its value is an IA5_STRING. CryptDecodeObject/CryptEncodeObject using //  X509_ANY_STRING or X509_UNICODE_ANY_STRING, where, //  dwValueType = CERT_RDN_IA5_STRING. // //  It is a comment that may be displayed to the user when the certificate //  is viewed. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  szOID_NETSCAPE_CERT_SEQUENCE // //  Its value is a PKCS#7 ContentInfo structure wrapping a sequence of //  certificates. The value of the contentType field is //  szOID_NETSCAPE_CERT_SEQUENCE, while the content field is the following //  structure: //      CertificateSequence ::= SEQUENCE OF Certificate. // //  CryptDecodeObject/CryptEncodeObject using //  PKCS_CONTENT_INFO_SEQUENCE_OF_ANY, where, //  pszObjId = szOID_NETSCAPE_CERT_SEQUENCE and the CRYPT_DER_BLOBs point //  to encoded X509 certificates. //-------------------------------------------------------------------------- //+========================================================================= //  Object IDentifier (OID) Installable Functions:  Data Structures and APIs //========================================================================== type  HCRYPTOIDFUNCSET = procedure;  HCRYPTOIDFUNCADDR = procedure; // Predefined OID Function Names const  CRYPT_OID_ENCODE_OBJECT_FUNC     = 'CryptDllEncodeObject';  CRYPT_OID_DECODE_OBJECT_FUNC     = 'CryptDllDecodeObject';  CRYPT_OID_CREATE_COM_OBJECT_FUNC = 'CryptDllCreateCOMObject';  CRYPT_OID_VERIFY_REVOCATION_FUNC = 'CertDllVerifyRevocation';  CRYPT_OID_VERIFY_CTL_USAGE_FUNC  = 'CertDllVerifyCTLUsage';  CRYPT_OID_FORMAT_OBJECT_FUNC     = 'CryptDllFormatObject';  CRYPT_OID_FIND_OID_INFO_FUNC     = 'CryptDllFindOIDInfo'; // CryptDllEncodeObject has same function signature as CryptEncodeObject. // CryptDllDecodeObject has same function signature as CryptDecodeObject. // CryptDllCreateCOMObject has the following signature: //      BOOL WINAPI CryptDllCreateCOMObject( //          IN DWORD dwEncodingType, //          IN LPCSTR pszOID, //          IN PCRYPT_DATA_BLOB pEncodedContent, //          IN DWORD dwFlags, //          IN REFIID riid, //          OUT void **ppvObj); // CertDllVerifyRevocation has the same signature as CertVerifyRevocation //  (See CertVerifyRevocation for details on when called) // CertDllVerifyCTLUsage has the same signature as CertVerifyCTLUsage // CryptDllFindOIDInfo currently is only used to store values used by // CryptFindOIDInfo. See CryptFindOIDInfo() for more details. //  Example of a complete OID Function Registry Name: //    HKEY_LOCAL_MACHINE/Software/Microsoft/Cryptography/OID //      Encoding Type 1/CryptDllEncodeObject/1.2.3 // //  The key's L"Dll" value contains the name of the Dll. //  The key's L"FuncName" value overrides the default function name const  CRYPT_OID_REGPATH                    = 'Software//Microsoft//Cryptography//OID';  CRYPT_OID_REG_ENCODING_TYPE_PREFIX   = 'EncodingType '; {$IFNDEF VER90}    CRYPT_OID_REG_DLL_VALUE_NAME         = WideString('Dll');    CRYPT_OID_REG_FUNC_NAME_VALUE_NAME   = WideString('FuncName'); {$ELSE}    CRYPT_OID_REG_DLL_VALUE_NAME         = ('Dll');    CRYPT_OID_REG_FUNC_NAME_VALUE_NAME   = ('FuncName'); {$ENDIF}  CRYPT_OID_REG_FUNC_NAME_VALUE_NAME_A = 'FuncName'; // OID used for Default OID functions  CRYPT_DEFAULT_OID    = 'DEFAULT'; type  PCRYPT_OID_FUNC_ENTRY = ^CRYPT_OID_FUNC_ENTRY;  CRYPT_OID_FUNC_ENTRY = record    pszOID     :LPCSTR;    pvFuncAddr

VOID;  end; const  CRYPT_INSTALL_OID_FUNC_BEFORE_FLAG = 1; //+------------------------------------------------------------------------- //  Install a set of callable OID function addresses. // //  By default the functions are installed at end of the list. //  Set CRYPT_INSTALL_OID_FUNC_BEFORE_FLAG to install at beginning of list. // //  hModule should be updated with the hModule passed to DllMain to prevent //  the Dll containing the function addresses from being unloaded by //  CryptGetOIDFuncAddress/CryptFreeOIDFunctionAddress. This would be the //  case when the Dll has also regsvr32'ed OID functions via //  CryptRegisterOIDFunction. // //  DEFAULT functions are installed by setting rgFuncEntry[].pszOID = //  CRYPT_DEFAULT_OID. //-------------------------------------------------------------------------- function CryptInstallOIDFunctionAddress(hModule :HMODULE;  // hModule passed to DllMain                                        dwEncodingType

WORD;                                        pszFuncName :LPCSTR;                                        cFuncEntry

WORD;                                  const rgFuncEntry :array of CRYPT_OID_FUNC_ENTRY;                                        dwFlags

WORD):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Initialize and return handle to the OID function set identified by its //  function name. // //  If the set already exists, a handle to the existing set is returned. //-------------------------------------------------------------------------- function CryptInitOIDFunctionSet(pszFuncName :LPCSTR;                                 dwFlags

WORD ):HCRYPTOIDFUNCSET ; stdcall; //+------------------------------------------------------------------------- //  Search the list of installed functions for an encoding type and OID match. //  If not found, search the registry. // //  For success, returns TRUE with *ppvFuncAddr updated with the function's //  address and *phFuncAddr updated with the function address's handle. //  The function's handle is AddRef'ed. CryptFreeOIDFunctionAddress needs to //  be called to release it. // //  For a registry match, the Dll containing the function is loaded. //-------------------------------------------------------------------------- function CryptGetOIDFunctionAddress(hFuncSet :HCRYPTOIDFUNCSET;                                    dwEncodingType

WORD;                                    pszOID :LPCSTR;                                    dwFlags

WORD;                                var ppvFuncAddr :array of PVOID;                                var phFuncAddr :HCRYPTOIDFUNCADDR):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Get the list of registered default Dll entries for the specified //  function set and encoding type. // //  The returned list consists of none, one or more null terminated Dll file //  names. The list is terminated with an empty (L"/0&quot

Dll file name. //  For example: L"first.dll" L"/0" L"second.dll" L"/0" L"/0" //-------------------------------------------------------------------------- function CryptGetDefaultOIDDllList(hFuncSet :HCRYPTOIDFUNCSET;                                   dwEncodingType

WORD;                                   pwszDllList    :LPWSTR;                                   pcchDllList

DWORD):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Either: get the first or next installed DEFAULT function OR //  load the Dll containing the DEFAULT function. // //  If pwszDll is NULL, search the list of installed DEFAULT functions. //  *phFuncAddr must be set to NULL to get the first installed function. //  Successive installed functions are returned by setting *phFuncAddr //  to the hFuncAddr returned by the previous call. // //  If pwszDll is NULL, the input *phFuncAddr //  is always CryptFreeOIDFunctionAddress'ed by this function, even for //  an error. // //  If pwszDll isn't NULL, then, attempts to load the Dll and the DEFAULT //  function. *phFuncAddr is ignored upon entry and isn't //  CryptFreeOIDFunctionAddress'ed. // //  For success, returns TRUE with *ppvFuncAddr updated with the function's //  address and *phFuncAddr updated with the function address's handle. //  The function's handle is AddRef'ed. CryptFreeOIDFunctionAddress needs to //  be called to release it or CryptGetDefaultOIDFunctionAddress can also //  be called for a NULL pwszDll. //-------------------------------------------------------------------------- function CryptGetDefaultOIDFunctionAddress(hFuncSet :HCRYPTOIDFUNCSET;                                           dwEncodingType

WORD;                                           pwszDll

WORD;                                           dwFlags :LPCWSTR;                                       var ppvFuncAddr :array of PVOID;                                       var phFuncAddr :HCRYPTOIDFUNCADDR):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Releases the handle AddRef'ed and returned by CryptGetOIDFunctionAddress //  or CryptGetDefaultOIDFunctionAddress. // //  If a Dll was loaded for the function its unloaded. However, before doing //  the unload, the DllCanUnloadNow function exported by the loaded Dll is //  called. It should return S_FALSE to inhibit the unload or S_TRUE to enable //  the unload. If the Dll doesn't export DllCanUnloadNow, the Dll is unloaded. // //  DllCanUnloadNow has the following signature: //      STDAPI  DllCanUnloadNow(void); //-------------------------------------------------------------------------- function CryptFreeOIDFunctionAddress(hFuncAddr :HCRYPTOIDFUNCADDR;                                     dwFlags

WORD):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Register the Dll containing the function to be called for the specified //  encoding type, function name and OID. // //  pwszDll may contain environment-variable strings //  which are ExpandEnvironmentStrings()'ed before loading the Dll. // //  In addition to registering the DLL, you may override the //  name of the function to be called. For example, //      pszFuncName = "CryptDllEncodeObject", //      pszOverrideFuncName = "MyEncodeXyz". //  This allows a Dll to export multiple OID functions for the same //  function name without needing to interpose its own OID dispatcher function. //-------------------------------------------------------------------------- function CryptRegisterOIDFunction(dwEncodingType

WORD;                                  pszFuncName :LPCSTR;                                  pszOID :LPCSTR; //OPTIONAL                                  pwszDll :LPCWSTR; //OPTIONAL                                  pszOverrideFuncName :LPCSTR):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Unregister the Dll containing the function to be called for the specified //  encoding type, function name and OID. //-------------------------------------------------------------------------- function CryptUnregisterOIDFunction(dwEncodingType

WORD;                                    pszFuncName :LPCSTR;                                    pszOID :LPCSTR):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Register the Dll containing the default function to be called for the //  specified encoding type and function name. // //  Unlike CryptRegisterOIDFunction, you can't override the function name //  needing to be exported by the Dll. // //  The Dll is inserted before the entry specified by dwIndex. //    dwIndex == 0, inserts at the beginning. //    dwIndex == CRYPT_REGISTER_LAST_INDEX, appends at the end. // //  pwszDll may contain environment-variable strings //  which are ExpandEnvironmentStrings()'ed before loading the Dll. //-------------------------------------------------------------------------- function CryptRegisterDefaultOIDFunction(dwEncodingType

WORD;                                         pszFuncName :LPCSTR;                                         dwIndex

WORD;                                         pwszDll :LPCWSTR):BOOL ; stdcall; const  CRYPT_REGISTER_FIRST_INDEX = 0;  CRYPT_REGISTER_LAST_INDEX  = $FFFFFFFF; //+------------------------------------------------------------------------- //  Unregister the Dll containing the default function to be called for //  the specified encoding type and function name. //-------------------------------------------------------------------------- function CryptUnregisterDefaultOIDFunction(dwEncodingType

WORD;                                           pszFuncName :LPCSTR;                                           pwszDll :LPCWSTR):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Set the value for the specified encoding type, function name, OID and //  value name. // //  See RegSetValueEx for the possible value types. // //  String types are UNICODE. //-------------------------------------------------------------------------- function CryptSetOIDFunctionValue(dwEncodingType

WORD;                                  pszFuncName :LPCSTR;                                  pszOID :LPCSTR;                                  pwszValueName :LPCWSTR;                                  dwValueType

WORD;                            const pbValueData

BYTE;                                  cbValueData

WORD):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Get the value for the specified encoding type, function name, OID and //  value name. // //  See RegEnumValue for the possible value types. // //  String types are UNICODE. //-------------------------------------------------------------------------- function CryptGetOIDFunctionValue(dwEncodingType

WORD;                                  pszFuncName :LPCSTR;                                  pwszValueName :LPCSTR;                                  pszOID :LPCWSTR;                                  pdwValueType

DWORD;                                  pbValueData

BYTE;                                  pcbValueData

DWORD):BOOL ; stdcall; type  PFN_CRYPT_ENUM_OID_FUNC = function (dwEncodingType

WORD;                                      pszFuncName :LPCSTR;                                      pszOID :LPCSTR;                                      cValue

WORD;                                const rgdwValueType :array of DWORD;                                const rgpwszValueName :array of LPCWSTR;                                const rgpbValueData :array of PBYTE;                                const rgcbValueData :array of DWORD;                                      pvArg

VOID):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Enumerate the OID functions identified by their encoding type, //  function name and OID. // //  pfnEnumOIDFunc is called for each registry key matching the input //  parameters. Setting dwEncodingType to CRYPT_MATCH_ANY_ENCODING_TYPE matches //  any. Setting pszFuncName or pszOID to NULL matches any. // //  Set pszOID == CRYPT_DEFAULT_OID to restrict the enumeration to only the //  DEFAULT functions // //  String types are UNICODE. //-------------------------------------------------------------------------- function CryptEnumOIDFunction(dwEncodingType

WORD;                              pszFuncName :LPCSTR;    //OPTIONAL                              pszOID :LPCSTR;         //OPTIONAL                              dwFlags

WORD;                              pvArg

VOID;                              pfnEnumOIDFunc

FN_CRYPT_ENUM_OID_FUNC):BOOL ; stdcall; const  CRYPT_MATCH_ANY_ENCODING_TYPE = $FFFFFFFF; //+========================================================================= //  Object IDentifier (OID) Information:  Data Structures and APIs //========================================================================== //+------------------------------------------------------------------------- //  OID Information //-------------------------------------------------------------------------- type  PCRYPT_OID_INFO = ^CRYPT_OID_INFO;  CRYPT_OID_INFO = record    cbSize

WORD;    pszOID :LPCSTR;    pwszName :LPCWSTR;    dwGroupId

WORD;    EnumValue : record {type EnumValue for the union part of the original struct --max--}    case integer of      0

dwValue

WORD);      1

Algid :ALG_ID);      2

dwLength

WORD);    end;    ExtraInfo :CRYPT_DATA_BLOB;  end; type  CCRYPT_OID_INFO  = CRYPT_OID_INFO;  PCCRYPT_OID_INFO = ^CCRYPT_OID_INFO; //+------------------------------------------------------------------------- //  OID Group IDs //-------------------------------------------------------------------------- const  CRYPT_HASH_ALG_OID_GROUP_ID      = 1;  CRYPT_ENCRYPT_ALG_OID_GROUP_ID   = 2;  CRYPT_PUBKEY_ALG_OID_GROUP_ID    = 3;  CRYPT_SIGN_ALG_OID_GROUP_ID      = 4;  CRYPT_RDN_ATTR_OID_GROUP_ID      = 5;  CRYPT_EXT_OR_ATTR_OID_GROUP_ID   = 6;  CRYPT_ENHKEY_USAGE_OID_GROUP_ID  = 7;  CRYPT_POLICY_OID_GROUP_ID        = 8;  CRYPT_LAST_OID_GROUP_ID          = 8;  CRYPT_FIRST_ALG_OID_GROUP_ID     = CRYPT_HASH_ALG_OID_GROUP_ID;  CRYPT_LAST_ALG_OID_GROUP_ID      = CRYPT_SIGN_ALG_OID_GROUP_ID; // The CRYPT_*_ALG_OID_GROUP_ID's have an Algid. The CRYPT_RDN_ATTR_OID_GROUP_ID // has a dwLength. The CRYPT_EXT_OR_ATTR_OID_GROUP_ID, // CRYPT_ENHKEY_USAGE_OID_GROUP_ID or CRYPT_POLICY_OID_GROUP_ID don't have a // dwValue. // CRYPT_PUBKEY_ALG_OID_GROUP_ID has the following optional ExtraInfo: //  DWORD[0] - Flags. CRYPT_OID_INHIBIT_SIGNATURE_FORMAT_FLAG can be set to //             inhibit the reformatting of the signature before //             CryptVerifySignature is called or after CryptSignHash //             is called. CRYPT_OID_USE_PUBKEY_PARA_FOR_PKCS7_FLAG can //             be set to include the public key algorithm's parameters //             in the PKCS7's digestEncryptionAlgorithm's parameters.  CRYPT_OID_INHIBIT_SIGNATURE_FORMAT_FLAG  = $1;  CRYPT_OID_USE_PUBKEY_PARA_FOR_PKCS7_FLAG = $2; // CRYPT_SIGN_ALG_OID_GROUP_ID has the following optional ExtraInfo: //  DWORD[0] - Public Key Algid. //  DWORD[1] - Flags. Same as above for CRYPT_PUBKEY_ALG_OID_GROUP_ID. // CRYPT_RDN_ATTR_OID_GROUP_ID has the following optional ExtraInfo: //  Array of DWORDs: //   [0 ..] - Null terminated list of acceptable RDN attribute //            value types. An empty list implies CERT_RDN_PRINTABLE_STRING, //            CERT_RDN_T61_STRING, 0. //+------------------------------------------------------------------------- //  Find OID information. Returns NULL if unable to find any information //  for the specified key and group. Note, returns a pointer to a constant //  data structure. The returned pointer MUST NOT be freed. // //  dwKeyType's: //    CRYPT_OID_INFO_OID_KEY, pvKey points to a szOID //    CRYPT_OID_INFO_NAME_KEY, pvKey points to a wszName //    CRYPT_OID_INFO_ALGID_KEY, pvKey points to an ALG_ID //    CRYPT_OID_INFO_SIGN_KEY, pvKey points to an array of two ALG_ID's: //      ALG_ID[0] - Hash Algid //      ALG_ID[1] - PubKey Algid // //  Setting dwGroupId to 0, searches all groups according to the dwKeyType. //  Otherwise, only the dwGroupId is searched. //-------------------------------------------------------------------------- function CryptFindOIDInfo(dwKeyType

WORD;                          pvKey

VOID;                          dwGroupId

WORD)

CCRYPT_OID_INFO ; stdcall; const  CRYPT_OID_INFO_OID_KEY   = 1;  CRYPT_OID_INFO_NAME_KEY  = 2;  CRYPT_OID_INFO_ALGID_KEY = 3;  CRYPT_OID_INFO_SIGN_KEY  = 4; //+------------------------------------------------------------------------- //  Register OID information. The OID information specified in the //  CCRYPT_OID_INFO structure is persisted to the registry. // //  crypt32.dll contains information for the commonly known OIDs. This function //  allows applications to augment crypt32.dll's OID information. During //  CryptFindOIDInfo's first call, the registered OID information is installed. // //  By default the registered OID information is installed after crypt32.dll's //  OID entries. Set CRYPT_INSTALL_OID_INFO_BEFORE_FLAG to install before. //-------------------------------------------------------------------------- function CryptRegisterOIDInfo(pInfo

CCRYPT_OID_INFO;                              dwFlags

WORD):BOOL ; stdcall; const  CRYPT_INSTALL_OID_INFO_BEFORE_FLAG = 1; //+------------------------------------------------------------------------- //  Unregister OID information. Only the pszOID and dwGroupId fields are //  used to identify the OID information to be unregistered. //-------------------------------------------------------------------------- function CryptUnregisterOIDInfo(pInfo

CCRYPT_OID_INFO):BOOL ; stdcall; //+========================================================================= //  Low Level Cryptographic Message Data Structures and APIs //========================================================================== type  HCRYPTMSG = Pointer; const  szOID_PKCS_7_DATA                = '1.2.840.113549.1.7.1';  szOID_PKCS_7_SIGNED              = '1.2.840.113549.1.7.2';  szOID_PKCS_7_ENVELOPED           = '1.2.840.113549.1.7.3';  szOID_PKCS_7_SIGNEDANDENVELOPED  = '1.2.840.113549.1.7.4';  szOID_PKCS_7_DIGESTED            = '1.2.840.113549.1.7.5';  szOID_PKCS_7_ENCRYPTED           = '1.2.840.113549.1.7.6';  szOID_PKCS_9_CONTENT_TYPE        = '1.2.840.113549.1.9.3';  szOID_PKCS_9_MESSAGE_DIGEST      = '1.2.840.113549.1.9.4'; //+------------------------------------------------------------------------- //  Message types //-------------------------------------------------------------------------- const  CMSG_DATA                  = 1;  CMSG_SIGNED                = 2;  CMSG_ENVELOPED             = 3;  CMSG_SIGNED_AND_ENVELOPED  = 4;  CMSG_HASHED                = 5;  CMSG_ENCRYPTED             = 6; //+------------------------------------------------------------------------- //  Message Type Bit Flags //--------------------------------------------------------------------------  CMSG_ALL_FLAGS                 = (not ULONG(0));  CMSG_DATA_FLAG                 = (1 shl CMSG_DATA);  CMSG_SIGNED_FLAG               = (1 shl CMSG_SIGNED);  CMSG_ENVELOPED_FLAG            = (1 shl CMSG_ENVELOPED);  CMSG_SIGNED_AND_ENVELOPED_FLAG = (1 shl CMSG_SIGNED_AND_ENVELOPED);  CMSG_HASHED_FLAG               = (1 shl CMSG_HASHED);  CMSG_ENCRYPTED_FLAG            = (1 shl CMSG_ENCRYPTED); //+------------------------------------------------------------------------- //  The message encode information (pvMsgEncodeInfo) is message type dependent //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CMSG_DATA: pvMsgEncodeInfo = NULL //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CMSG_SIGNED // //  The pCertInfo in the CMSG_SIGNER_ENCODE_INFO provides the Issuer, SerialNumber //  and PublicKeyInfo.Algorithm. The PublicKeyInfo.Algorithm implicitly //  specifies the HashEncryptionAlgorithm to be used. // //  The hCryptProv and dwKeySpec specify the private key to use. If dwKeySpec //  == 0, then, defaults to AT_SIGNATURE. // //  pvHashAuxInfo currently isn't used and must be set to NULL. //-------------------------------------------------------------------------- type  PCMSG_SIGNER_ENCODE_INFO = ^CMSG_SIGNER_ENCODE_INFO;  CMSG_SIGNER_ENCODE_INFO = record    cbSize

WORD;    pCertInfo

CERT_INFO;    hCryptProv    :HCRYPTPROV;    dwKeySpec

WORD;    HashAlgorithm :CRYPT_ALGORITHM_IDENTIFIER;    pvHashAuxInfo

VOID;    cAuthAttr

WORD;    rgAuthAttr

CRYPT_ATTRIBUTE;    cUnauthAttr

WORD;    rgUnauthAttr

CRYPT_ATTRIBUTE;  end; type  PCMSG_SIGNED_ENCODE_INFO = ^CMSG_SIGNED_ENCODE_INFO;  CMSG_SIGNED_ENCODE_INFO = record    cbSize

WORD;    cSigners

WORD;    rgSigners

CMSG_SIGNER_ENCODE_INFO;    cCertEncoded

WORD;    rgCertEncoded

CERT_BLOB;    cCrlEncoded

WORD;    rgCrlEncoded

CRL_BLOB;  end; //+------------------------------------------------------------------------- //  CMSG_ENVELOPED // //  The PCERT_INFO for the rgRecipients provides the Issuer, SerialNumber //  and PublicKeyInfo. The PublicKeyInfo.Algorithm implicitly //  specifies the KeyEncryptionAlgorithm to be used. // //  The PublicKeyInfo.PublicKey in PCERT_INFO is used to encrypt the content //  encryption key for the recipient. // //  hCryptProv is used to do the content encryption, recipient key encryption //  and export. The hCryptProv's private keys aren't used. // //  Note: CAPI currently doesn't support more than one KeyEncryptionAlgorithm //  per provider. This will need to be fixed. // //  pvEncryptionAuxInfo currently isn't used and must be set to NULL. //-------------------------------------------------------------------------- type  PCMSG_ENVELOPED_ENCODE_INFO = ^CMSG_ENVELOPED_ENCODE_INFO;  CMSG_ENVELOPED_ENCODE_INFO = record    cbSize

WORD;    hCryptProv :HCRYPTPROV;    ContentEncryptionAlgorithm :CRYPT_ALGORITHM_IDENTIFIER;    pvEncryptionAuxInfo

VOID;    cRecipients

WORD;    rgpRecipients

PCERT_INFO; // pointer to array of PCERT_INFO end; //+------------------------------------------------------------------------- //  CMSG_SIGNED_AND_ENVELOPED // //  For PKCS #7, a signed and enveloped message doesn't have the //  signer's authenticated or unauthenticated attributes. Otherwise, a //  combination of the CMSG_SIGNED_ENCODE_INFO and CMSG_ENVELOPED_ENCODE_INFO. //-------------------------------------------------------------------------- type  PCMSG_SIGNED_AND_ENVELOPED_ENCODE_INFO = ^CMSG_SIGNED_AND_ENVELOPED_ENCODE_INFO;  CMSG_SIGNED_AND_ENVELOPED_ENCODE_INFO = record    cbSize

WORD;    SignedInfo    :CMSG_SIGNED_ENCODE_INFO;    EnvelopedInfo :CMSG_ENVELOPED_ENCODE_INFO;  end; //+------------------------------------------------------------------------- //  CMSG_HASHED // //  hCryptProv is used to do the hash. Doesn't need to use a private key. // //  If fDetachedHash is set, then, the encoded message doesn't contain //  any content (its treated as NULL Data) // //  pvHashAuxInfo currently isn't used and must be set to NULL. //-------------------------------------------------------------------------- type  PCMSG_HASHED_ENCODE_INFO = ^CMSG_HASHED_ENCODE_INFO;  CMSG_HASHED_ENCODE_INFO = record    cbSize

WORD;    hCryptProv :HCRYPTPROV;    HashAlgorithm :CRYPT_ALGORITHM_IDENTIFIER;    pvHashAuxInfo

VOID;  end; //+------------------------------------------------------------------------- //  CMSG_ENCRYPTED // //  The key used to encrypt the message is identified outside of the message //  content (for example, password). // //  The content input to CryptMsgUpdate has already been encrypted. // //  pvEncryptionAuxInfo currently isn't used and must be set to NULL. //-------------------------------------------------------------------------- type  PCMSG_ENCRYPTED_ENCODE_INFO = ^CMSG_ENCRYPTED_ENCODE_INFO;  CMSG_ENCRYPTED_ENCODE_INFO = record    cbSize

WORD;    ContentEncryptionAlgorithm :CRYPT_ALGORITHM_IDENTIFIER;    pvEncryptionAuxInfo

VOID;  end; //+------------------------------------------------------------------------- //  This parameter allows messages to be of variable length with streamed //  output. // //  By default, messages are of a definite length and //  CryptMsgGetParam(CMSG_CONTENT_PARAM) is //  called to get the cryptographically processed content. Until closed, //  the handle keeps a copy of the processed content. // //  With streamed output, the processed content can be freed as its streamed. // //  If the length of the content to be updated is known at the time of the //  open, then, ContentLength should be set to that length. Otherwise, it //  should be set to CMSG_INDEFINITE_LENGTH. //-------------------------------------------------------------------------- type  PFN_CMSG_STREAM_OUTPUT = function (                               const pvArg

VOID;                                     pbData

BYTE;                                     cbData

WORD;                                     fFinal :BOOL):BOOL ; stdcall; const  CMSG_INDEFINITE_LENGTH = ($FFFFFFFF); type  PCMSG_STREAM_INFO = ^CMSG_STREAM_INFO;  CMSG_STREAM_INFO = record    cbContent

WORD;    pfnStreamOutput

FN_CMSG_STREAM_OUTPUT;    pvArg

VOID;  end; //+------------------------------------------------------------------------- //  Open dwFlags //-------------------------------------------------------------------------- const  CMSG_BARE_CONTENT_FLAG              = $00000001;  CMSG_LENGTH_ONLY_FLAG               = $00000002;  CMSG_DETACHED_FLAG                  = $00000004;  CMSG_AUTHENTICATED_ATTRIBUTES_FLAG  = $00000008;  CMSG_CONTENTS_OCTETS_FLAG           = $00000010;  CMSG_MAX_LENGTH_FLAG                = $00000020; //+------------------------------------------------------------------------- //  Open a cryptographic message for encoding // //  For PKCS #7: //  If the content to be passed to CryptMsgUpdate has already //  been message encoded (the input to CryptMsgUpdate is the streamed output //  from another message encode), then, the CMSG_ENCODED_CONTENT_INFO_FLAG should //  be set in dwFlags. If not set, then, the inner ContentType is Data and //  the input to CryptMsgUpdate is treated as the inner Data type's Content, //  a string of bytes. //  If CMSG_BARE_CONTENT_FLAG is specified for a streamed message, //  the streamed output will not have an outer ContentInfo wrapper. This //  makes it suitable to be streamed into an enclosing message. // //  The pStreamInfo parameter needs to be set to stream the encoded message //  output. //-------------------------------------------------------------------------- function CryptMsgOpenToEncode(dwMsgEncodingType

WORD;                              dwFlags

WORD;                              dwMsgType

WORD;                              pvMsgEncodeInfo

VOID;                              pszInnerContentObjID :LPSTR;      //OPTIONAL                              pStreamInfo

CMSG_STREAM_INFO    //OPTIONAL                             &nbsp

:HCRYPTMSG ; stdcall; //+------------------------------------------------------------------------- //  Calculate the length of an encoded cryptographic message. // //  Calculates the length of the encoded message given the //  message type, encoding parameters and total length of //  the data to be updated. Note, this might not be the exact length. However, //  it will always be greater than or equal to the actual length. //-------------------------------------------------------------------------- function CryptMsgCalculateEncodedLength(dwMsgEncodingType

WORD;                                        dwFlags

WORD;                                        dwMsgType

WORD;                                        pvMsgEncodeInfo

VOID;                                        pszInnerContentObjID :LPSTR; //OPTIONAL                                        cbData

WORD)

WORD ; stdcall; //+------------------------------------------------------------------------- //  Open a cryptographic message for decoding // //  For PKCS #7: if the inner ContentType isn't Data, then, the inner //  ContentInfo consisting of both ContentType and Content is output. //  To also enable ContentInfo output for the Data ContentType, then, //  the CMSG_ENCODED_CONTENT_INFO_FLAG should be set //  in dwFlags. If not set, then, only the content portion of the inner //  ContentInfo is output for the Data ContentType. // //  To only calculate the length of the decoded message, set the //  CMSG_LENGTH_ONLY_FLAG in dwFlags. After the final CryptMsgUpdate get the //  MSG_CONTENT_PARAM. Note, this might not be the exact length. However, //  it will always be greater than or equal to the actual length. // //  hCryptProv specifies the crypto provider to use for hashing and/or //  decrypting the message. For enveloped messages, hCryptProv also specifies //  the private exchange key to use. For signed messages, hCryptProv is used //  when CryptMsgVerifySigner is called. // //  For enveloped messages, the pRecipientInfo contains the Issuer and //  SerialNumber identifying the RecipientInfo in the message. // //  Note, the pRecipientInfo should correspond to the provider's private //  exchange key. // //  If pRecipientInfo is NULL, then, the message isn't decrypted. To decrypt //  the message, CryptMsgControl(CMSG_CTRL_DECRYPT) is called after the final //  CryptMsgUpdate. // //  The pStreamInfo parameter needs to be set to stream the decoded content //  output. Note, if pRecipientInfo is NULL, then, the streamed output isn't //  decrypted. //-------------------------------------------------------------------------- function CryptMsgOpenToDecode(dwMsgEncodingType

WORD;                              dwFlags

WORD;                              dwMsgType

WORD;                              hCryptProv :HCRYPTPROV;                              pRecipientInfo

CERT_INFO;   //OPTIONAL                              pStreamInfo

CMSG_STREAM_INFO //OPTIONAL                             &nbsp

:HCRYPTMSG ; stdcall; //+------------------------------------------------------------------------- //  Close a cryptographic message handle // //  LastError is preserved unless FALSE is returned. //-------------------------------------------------------------------------- function CryptMsgClose(hCryptMsg :HCRYPTMSG):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Update the content of a cryptographic message. Depending on how the //  message was opened, the content is either encoded or decoded. // //  This function is repetitively called to append to the message content. //  fFinal is set to identify the last update. On fFinal, the encode/decode //  is completed. The encoded/decoded content and the decoded parameters //  are valid until the open and all duplicated handles are closed. //-------------------------------------------------------------------------- function CryptMsgUpdate(hCryptMsg :HCRYPTMSG;                  const pbData

BYTE;                        cbData

WORD;                        fFinal :BOOL):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Perform a special "control" function after the final CryptMsgUpdate of a //  encoded/decoded cryptographic message. // //  The dwCtrlType parameter specifies the type of operation to be performed. // //  The pvCtrlPara definition depends on the dwCtrlType value. // //  See below for a list of the control operations and their pvCtrlPara //  type definition. //-------------------------------------------------------------------------- function CryptMsgControl(hCryptMsg :HCRYPTMSG;                         dwFlags

WORD;                         dwCtrlType

WORD;                         pvCtrlPara

VOID):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Message control types //-------------------------------------------------------------------------- const  CMSG_CTRL_VERIFY_SIGNATURE       = 1;  CMSG_CTRL_DECRYPT                = 2;  CMSG_CTRL_VERIFY_HASH            = 5;  CMSG_CTRL_ADD_SIGNER             = 6;  CMSG_CTRL_DEL_SIGNER             = 7;  CMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR = 8;  CMSG_CTRL_DEL_SIGNER_UNAUTH_ATTR = 9;  CMSG_CTRL_ADD_CERT               = 10;  CMSG_CTRL_DEL_CERT               = 11;  CMSG_CTRL_ADD_CRL                = 12;  CMSG_CTRL_DEL_CRL                = 13; //+------------------------------------------------------------------------- //  CMSG_CTRL_VERIFY_SIGNATURE // //  Verify the signature of a SIGNED or SIGNED_AND_ENVELOPED //  message after it has been decoded. // //  For a SIGNED_AND_ENVELOPED message, called after //  CryptMsgControl(CMSG_CTRL_DECRYPT), if CryptMsgOpenToDecode was called //  with a NULL pRecipientInfo. // //  pvCtrlPara points to a CERT_INFO struct. // //  The CERT_INFO contains the Issuer and SerialNumber identifying //  the Signer of the message. The CERT_INFO also contains the //  PublicKeyInfo //  used to verify the signature. The cryptographic provider specified //  in CryptMsgOpenToDecode is used. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CMSG_CTRL_DECRYPT // //  Decrypt an ENVELOPED or SIGNED_AND_ENVELOPED message after it has been //  decoded. // //  hCryptProv and dwKeySpec specify the private key to use. For dwKeySpec == //  0, defaults to AT_KEYEXCHANGE. // //  dwRecipientIndex is the index of the recipient in the message associated //  with the hCryptProv's private key. // //  This control function needs to be called, if you don't know the appropriate //  recipient before calling CryptMsgOpenToDecode. After the final //  CryptMsgUpdate, the list of recipients is obtained by iterating through //  CMSG_RECIPIENT_INFO_PARAM. The recipient corresponding to a private //  key owned by the caller is selected and passed to this function to decrypt //  the message. // //  Note, the message can only be decrypted once. //-------------------------------------------------------------------------- type  PCMSG_CTRL_DECRYPT_PARA = ^CMSG_CTRL_DECRYPT_PARA;  CMSG_CTRL_DECRYPT_PARA = record    cbSize

WORD;    hCryptProv :HCRYPTPROV;    dwKeySpec

WORD;    dwRecipientIndex

WORD;  end; //+------------------------------------------------------------------------- //  CMSG_CTRL_VERIFY_HASH // //  Verify the hash of a HASHED message after it has been decoded. // //  Only the hCryptMsg parameter is used, to specify the message whose //  hash is being verified. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CMSG_CTRL_ADD_SIGNER // //  Add a signer to a signed-data or signed-and-enveloped-data message. // //  pvCtrlPara points to a CMSG_SIGNER_ENCODE_INFO. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CMSG_CTRL_DEL_SIGNER // //  Remove a signer from a signed-data or signed-and-enveloped-data message. // //  pvCtrlPara points to a DWORD containing the 0-based index of the //  signer to be removed. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR // //  Add an unauthenticated attribute to the SignerInfo of a signed-data or //  signed-and-enveloped-data message. // //  The unauthenticated attribute is input in the form of an encoded blob. //-------------------------------------------------------------------------- type  PCMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR_PARA = ^CMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR_PARA;  CMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR_PARA = record    cbSize

WORD;    dwSignerIndex

WORD;    blob :CRYPT_DATA_BLOB;  end; //+------------------------------------------------------------------------- //  CMSG_CTRL_DEL_SIGNER_UNAUTH_ATTR // //  Delete an unauthenticated attribute from the SignerInfo of a signed-data //  or signed-and-enveloped-data message. // //  The unauthenticated attribute to be removed is specified by //  a 0-based index. //-------------------------------------------------------------------------- type  PCMSG_CTRL_DEL_SIGNER_UNAUTH_ATTR_PARA = ^CMSG_CTRL_DEL_SIGNER_UNAUTH_ATTR_PARA;  CMSG_CTRL_DEL_SIGNER_UNAUTH_ATTR_PARA = record    cbSize

WORD;    dwSignerIndex

WORD;    dwUnauthAttrIndex

WORD;  end; //+------------------------------------------------------------------------- //  CMSG_CTRL_ADD_CERT // //  Add a certificate to a signed-data or signed-and-enveloped-data message. // //  pvCtrlPara points to a CRYPT_DATA_BLOB containing the certificate's //  encoded bytes. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CMSG_CTRL_DEL_CERT // //  Delete a certificate from a signed-data or signed-and-enveloped-data //  message. // //  pvCtrlPara points to a DWORD containing the 0-based index of the //  certificate to be removed. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CMSG_CTRL_ADD_CRL // //  Add a CRL to a signed-data or signed-and-enveloped-data message. // //  pvCtrlPara points to a CRYPT_DATA_BLOB containing the CRL's //  encoded bytes. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CMSG_CTRL_DEL_CRL // //  Delete a CRL from a signed-data or signed-and-enveloped-data message. // //  pvCtrlPara points to a DWORD containing the 0-based index of the CRL //  to be removed. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  Verify a countersignature, at the SignerInfo level. //  ie. verify that pbSignerInfoCountersignature contains the encrypted //  hash of the encryptedDigest field of pbSignerInfo. // //  hCryptProv is used to hash the encryptedDigest field of pbSignerInfo. //  The only fields referenced from pciCountersigner are SerialNumber, Issuer, //  and SubjectPublicKeyInfo. //-------------------------------------------------------------------------- function CryptMsgVerifyCountersignatureEncoded(hCryptProv :HCRYPTPROV;                                               dwEncodingType

WORD;                                               pbSignerInfo

BYTE;                                               cbSignerInfo

WORD;                                               pbSignerInfoCountersignature

BYTE;                                               cbSignerInfoCountersignature

WORD;                                               pciCountersigner

CERT_INFO):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Countersign an already-existing signature in a message // //  dwIndex is a zero-based index of the SignerInfo to be countersigned. //-------------------------------------------------------------------------- function CryptMsgCountersign(hCryptMsg :HCRYPTMSG;                             dwIndex

WORD;                             cCountersigners

WORD;                             rgCountersigners

CMSG_SIGNER_ENCODE_INFO):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Countersign an already-existing signature (encoded SignerInfo). //  Output an encoded SignerInfo blob, suitable for use as a countersignature //  attribute in the unauthenticated attributes of a signed-data or //  signed-and-enveloped-data message. //-------------------------------------------------------------------------- function CryptMsgCountersignEncoded(dwEncodingType

WORD;                                    pbSignerInfo

BYTE;                                    cbSignerInfo

WORD;                                    cCountersigners

WORD;                                    rgCountersigners

CMSG_SIGNER_ENCODE_INFO;                                    pbCountersignature

BYTE;                                    pcbCountersignature

DWORD):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Get a parameter after encoding/decoding a cryptographic message. Called //  after the final CryptMsgUpdate. Only the CMSG_CONTENT_PARAM and //  CMSG_COMPUTED_HASH_PARAM are valid for an encoded message. // //  For an encoded HASHED message, the CMSG_COMPUTED_HASH_PARAM can be got //  before any CryptMsgUpdates to get its length. // //  The pvData type definition depends on the dwParamType value. // //  Elements pointed to by fields in the pvData structure follow the //  structure. Therefore, *pcbData may exceed the size of the structure. // //  Upon input, if *pcbData == 0, then, *pcbData is updated with the length //  of the data and the pvData parameter is ignored. // //  Upon return, *pcbData is updated with the length of the data. // //  The OBJID BLOBs returned in the pvData structures point to //  their still encoded representation. The appropriate functions //  must be called to decode the information. // //  See below for a list of the parameters to get. //-------------------------------------------------------------------------- function CryptMsgGetParam(hCryptMsg :HCRYPTMSG;                          dwParamType

WORD;                          dwIndex

WORD;                          pvData

VOID;                          pcbData

DWORD):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Get parameter types and their corresponding data structure definitions. //-------------------------------------------------------------------------- const  CMSG_TYPE_PARAM                  = 1;  CMSG_CONTENT_PARAM               = 2;  CMSG_BARE_CONTENT_PARAM          = 3;  CMSG_INNER_CONTENT_TYPE_PARAM    = 4;  CMSG_SIGNER_COUNT_PARAM          = 5;  CMSG_SIGNER_INFO_PARAM           = 6;  CMSG_SIGNER_CERT_INFO_PARAM      = 7;  CMSG_SIGNER_HASH_ALGORITHM_PARAM = 8;  CMSG_SIGNER_AUTH_ATTR_PARAM      = 9;  CMSG_SIGNER_UNAUTH_ATTR_PARAM    = 10;  CMSG_CERT_COUNT_PARAM            = 11;  CMSG_CERT_PARAM                  = 12;  CMSG_CRL_COUNT_PARAM             = 13;  CMSG_CRL_PARAM                   = 14;  CMSG_ENVELOPE_ALGORITHM_PARAM    = 15;  CMSG_RECIPIENT_COUNT_PARAM       = 17;  CMSG_RECIPIENT_INDEX_PARAM       = 18;  CMSG_RECIPIENT_INFO_PARAM        = 19;  CMSG_HASH_ALGORITHM_PARAM        = 20;  CMSG_HASH_DATA_PARAM             = 21;  CMSG_COMPUTED_HASH_PARAM         = 22;  CMSG_ENCRYPT_PARAM               = 26;  CMSG_ENCRYPTED_DIGEST            = 27;  CMSG_ENCODED_SIGNER              = 28;  CMSG_ENCODED_MESSAGE             = 29; //+------------------------------------------------------------------------- //  CMSG_TYPE_PARAM // //  The type of the decoded message. // //  pvData points to a DWORD //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CMSG_CONTENT_PARAM // //  The encoded content of a cryptographic message. Depending on how the //  message was opened, the content is either the whole PKCS#7 //  message (opened to encode) or the inner content (opened to decode). //  In the decode case, the decrypted content is returned, if enveloped. //  If not enveloped, and if the inner content is of type DATA, the returned //  data is the contents octets of the inner content. // //  pvData points to the buffer receiving the content bytes //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CMSG_BARE_CONTENT_PARAM // //  The encoded content of an encoded cryptographic message, without the //  outer layer of ContentInfo. That is, only the encoding of the //  ContentInfo.content field is returned. // //  pvData points to the buffer receiving the content bytes //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CMSG_INNER_CONTENT_TYPE_PARAM // //  The type of the inner content of a decoded cryptographic message, //  in the form of a NULL-terminated object identifier string //  (eg. "1.2.840.113549.1.7.1&quot

. // //  pvData points to the buffer receiving the object identifier string //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CMSG_SIGNER_COUNT_PARAM // //  Count of signers in a SIGNED or SIGNED_AND_ENVELOPED message // //  pvData points to a DWORD //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CMSG_SIGNER_CERT_INFO_PARAM // //  To get all the signers, repetitively call CryptMsgGetParam, with //  dwIndex set to 0 .. SignerCount - 1. // //  pvData points to a CERT_INFO struct. // //  Only the following fields have been updated in the CERT_INFO struct: //  Issuer and SerialNumber. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CMSG_SIGNER_INFO_PARAM // //  To get all the signers, repetitively call CryptMsgGetParam, with //  dwIndex set to 0 .. SignerCount - 1. // //  pvData points to a CMSG_SIGNER_INFO struct. //-------------------------------------------------------------------------- type  PCMSG_SIGNER_INFO = ^CMSG_SIGNER_INFO;  CMSG_SIGNER_INFO = record    dwVersion

WORD;    Issuer :CERT_NAME_BLOB;    SerialNumber :CRYPT_INTEGER_BLOB;    HashAlgorithm :CRYPT_ALGORITHM_IDENTIFIER;    HashEncryptionAlgorithm :CRYPT_ALGORITHM_IDENTIFIER;    EncryptedHash :CRYPT_DATA_BLOB;    AuthAttrs :CRYPT_ATTRIBUTES;    UnauthAttrs :CRYPT_ATTRIBUTES;  end; //+------------------------------------------------------------------------- //  CMSG_SIGNER_HASH_ALGORITHM_PARAM // //  This parameter specifies the HashAlgorithm that was used for the signer. // //  Set dwIndex to iterate through all the signers. // //  pvData points to an CRYPT_ALGORITHM_IDENTIFIER struct. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CMSG_SIGNER_AUTH_ATTR_PARAM // //  The authenticated attributes for the signer. // //  Set dwIndex to iterate through all the signers. // //  pvData points to a CMSG_ATTR struct. //-------------------------------------------------------------------------- type  CMSG_ATTR   = CRYPT_ATTRIBUTES;  PCMSG_ATTR  = ^CRYPT_ATTRIBUTES; //+------------------------------------------------------------------------- //  CMSG_SIGNER_UNAUTH_ATTR_PARAM // //  The unauthenticated attributes for the signer. // //  Set dwIndex to iterate through all the signers. // //  pvData points to a CMSG_ATTR struct. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CMSG_CERT_COUNT_PARAM // //  Count of certificates in a SIGNED or SIGNED_AND_ENVELOPED message. // //  pvData points to a DWORD //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CMSG_CERT_PARAM // //  To get all the certificates, repetitively call CryptMsgGetParam, with //  dwIndex set to 0 .. CertCount - 1. // //  pvData points to an array of the certificate's encoded bytes. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CMSG_CRL_COUNT_PARAM // //  Count of CRLs in a SIGNED or SIGNED_AND_ENVELOPED message. // //  pvData points to a DWORD //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CMSG_CRL_PARAM // //  To get all the CRLs, repetitively call CryptMsgGetParam, with //  dwIndex set to 0 .. CrlCount - 1. // //  pvData points to an array of the CRL's encoded bytes. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CMSG_ENVELOPE_ALGORITHM_PARAM // //  The ContentEncryptionAlgorithm that was used in //  an ENVELOPED or SIGNED_AND_ENVELOPED message. // //  pvData points to an CRYPT_ALGORITHM_IDENTIFIER struct. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CMSG_RECIPIENT_COUNT_PARAM // //  Count of recipients in an ENVELOPED or SIGNED_AND_ENVELOPED message. // //  pvData points to a DWORD //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CMSG_RECIPIENT_INDEX_PARAM // //  Index of the recipient used to decrypt an ENVELOPED or SIGNED_AND_ENVELOPED //  message. // //  pvData points to a DWORD //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CMSG_RECIPIENT_INFO_PARAM // //  To get all the recipients, repetitively call CryptMsgGetParam, with //  dwIndex set to 0 .. RecipientCount - 1. // //  pvData points to a CERT_INFO struct. // //  Only the following fields have been updated in the CERT_INFO struct: //  Issuer, SerialNumber and PublicKeyAlgorithm. The PublicKeyAlgorithm //  specifies the KeyEncryptionAlgorithm that was used. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CMSG_HASH_ALGORITHM_PARAM // //  The HashAlgorithm in a HASHED message. // //  pvData points to an CRYPT_ALGORITHM_IDENTIFIER struct. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CMSG_HASH_DATA_PARAM // //  The hash in a HASHED message. // //  pvData points to an array of bytes. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CMSG_COMPUTED_HASH_PARAM // //  The computed hash for a HASHED message. // //  This may be called for either an encoded or decoded message. //  It also may be called before any encoded CryptMsgUpdates to get its length. // //  pvData points to an array of bytes. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CMSG_ENCRYPT_PARAM // //  The ContentEncryptionAlgorithm that was used in an ENCRYPTED message. // //  pvData points to an CRYPT_ALGORITHM_IDENTIFIER struct. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CMSG_ENCODED_MESSAGE // //  The full encoded message. This is useful in the case of a decoded //  message which has been modified (eg. a signed-data or //  signed-and-enveloped-data message which has been countersigned). // //  pvData points to an array of the message's encoded bytes. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CryptMsg OID installable functions //-------------------------------------------------------------------------- // If *phCryptProv is NULL upon entry, then, if supported, the installable // function should acquire a default provider and return. Note, its up // to the installable function to release at process detach. const  CMSG_OID_GEN_ENCRYPT_KEY_FUNC = 'CryptMsgDllGenEncryptKey'; type  PFN_CMSG_GEN_ENCRYPT_KEY = function (phCryptProv

HCRYPTPROV;                                       paiEncrypt

CRYPT_ALGORITHM_IDENTIFIER;                                       pvEncryptAuxInfo

VOID;                                       pPublicKeyInfo

CERT_PUBLIC_KEY_INFO;                                       phEncryptKey

HCRYPTKEY                                       ):BOOL ; stdcall; const  CMSG_OID_EXPORT_ENCRYPT_KEY_FUNC = 'CryptMsgDllExportEncryptKey'; type  PFN_CMSG_EXPORT_ENCRYPT_KEY = function (hCryptProv :HCRYPTPROV;                                          hEncryptKey :HCRYPTKEY;                                          pPublicKeyInfo

CERT_PUBLIC_KEY_INFO;                                          pbData

BYTE;                                          pcbData

DWORD):BOOL ; stdcall; const  CMSG_OID_IMPORT_ENCRYPT_KEY_FUNC = 'CryptMsgDllImportEncryptKey'; type  PFN_CMSG_IMPORT_ENCRYPT_KEY = function (hCryptProv :HCRYPTPROV;                                          dwKeySpec

WORD;                                          paiEncrypt

CRYPT_ALGORITHM_IDENTIFIER;                                          paiPubKey

CRYPT_ALGORITHM_IDENTIFIER;                                          pbEncodedKey

BYTE;                                          cbEncodedKey

WORD;                                          phEncryptKey

HCRYPTKEY                                         &nbsp

:BOOL ; stdcall; //+========================================================================= //  Certificate Store Data Structures and APIs //========================================================================== //+------------------------------------------------------------------------- //              In its most basic implementation, a cert store is simply a //              collection of certificates and/or CRLs. This is the case when //              a cert store is opened with all of its certificates and CRLs //              coming from a PKCS #7 encoded cryptographic message. // //              Nonetheless, all cert stores have the following properties: //               - A public key may have more than one certificate in the store. //                 For example, a private/public key used for signing may have a //                 certificate issued for VISA and another issued for //                 Mastercard. Also, when a certificate is renewed there might //                 be more than one certificate with the same subject and //                 issuer. //               - However, each certificate in the store is uniquely //                 identified by its Issuer and SerialNumber. //               - There's an issuer of subject certificate relationship. A //                 certificate's issuer is found by doing a match of //                 pSubjectCert->Issuer with pIssuerCert->Subject. //                 The relationship is verified by using //                 the issuer's public key to verify the subject certificate's //                 signature. Note, there might be X.509 v3 extensions //                 to assist in finding the issuer certificate. //               - Since issuer certificates might be renewed, a subject //                 certificate might have more than one issuer certificate. //               - There's an issuer of CRL relationship. An //                 issuer's CRL is found by doing a match of //                 pIssuerCert->Subject with pCrl->Issuer. //                 The relationship is verified by using //                 the issuer's public key to verify the CRL's //                 signature. Note, there might be X.509 v3 extensions //                 to assist in finding the CRL. //               - Since some issuers might support the X.509 v3 delta CRL //                 extensions, an issuer might have more than one CRL. //               - The store shouldn't have any redundant certificates or //                 CRLs. There shouldn't be two certificates with the same //                 Issuer and SerialNumber. There shouldn't be two CRLs with //                 the same Issuer, ThisUpdate and NextUpdate. //               - The store has NO policy or trust information. No //                 certificates are tagged as being "root". Its up to //                 the application to maintain a list of CertIds (Issuer + //                 SerialNumber) for certificates it trusts. //               - The store might contain bad certificates and/or CRLs. //                 The issuer's signature of a subject certificate or CRL may //                 not verify. Certificates or CRLs may not satisfy their //                 time validity requirements. Certificates may be //                 revoked. // //              In addition to the certificates and CRLs, properties can be //              stored. There are two predefined property IDs for a user //              certificate: CERT_KEY_PROV_HANDLE_PROP_ID and //              CERT_KEY_PROV_INFO_PROP_ID. The CERT_KEY_PROV_HANDLE_PROP_ID //              is a HCRYPTPROV handle to the private key assoicated //              with the certificate. The CERT_KEY_PROV_INFO_PROP_ID contains //              information to be used to call //              CryptAcquireContext and CryptProvSetParam to get a handle //              to the private key associated with the certificate. // //              There exists two more predefined property IDs for certificates //              and CRLs, CERT_SHA1_HASH_PROP_ID and CERT_MD5_HASH_PROP_ID. //              If these properties don't already exist, then, a hash of the //              content is computed. (CERT_HASH_PROP_ID maps to the default //              hash algorithm, currently, CERT_SHA1_HASH_PROP_ID). // //              There are additional APIs for creating certificate and CRL //      contexts not in a store (CertCreateCertificateContext and //      CertCreateCRLContext). // //-------------------------------------------------------------------------- type  HCERTSTORE = PVOID; //+------------------------------------------------------------------------- //  Certificate context. // //  A certificate context contains both the encoded and decoded representation //  of a certificate. A certificate context returned by a cert store function //  must be freed by calling the CertFreeCertificateContext function. The //  CertDuplicateCertificateContext function can be called to make a duplicate //  copy (which also must be freed by calling CertFreeCertificateContext). //-------------------------------------------------------------------------- type  PCERT_CONTEXT = ^CERT_CONTEXT;  CERT_CONTEXT = record    dwCertEncodingType

WORD;    pbCertEncoded

BYTE;    cbCertEncoded

WORD;    pCertInfo

CERT_INFO;    hCertStore :HCERTSTORE;  end; type  PCCERT_CONTEXT = ^CERT_CONTEXT; //+------------------------------------------------------------------------- //  CRL context. // //  A CRL context contains both the encoded and decoded representation //  of a CRL. A CRL context returned by a cert store function //  must be freed by calling the CertFreeCRLContext function. The //  CertDuplicateCRLContext function can be called to make a duplicate //  copy (which also must be freed by calling CertFreeCRLContext). //-------------------------------------------------------------------------- type  PCRL_CONTEXT = ^CRL_CONTEXT;  CRL_CONTEXT = record    dwCertEncodingType

WORD;    pbCrlEncoded

BYTE;    cbCrlEncoded

WORD;    pCrlInfo

CRL_INFO;    hCertStore :HCERTSTORE;  end; type  PCCRL_CONTEXT = ^CRL_CONTEXT; //+------------------------------------------------------------------------- //  Certificate Trust List (CTL) context. // //  A CTL context contains both the encoded and decoded representation //  of a CTL. Also contains an opened HCRYPTMSG handle to the decoded //  cryptographic signed message containing the CTL_INFO as its inner content. //  pbCtlContent is the encoded inner content of the signed message. // //  The CryptMsg APIs can be used to extract additional signer information. //-------------------------------------------------------------------------- type  PCTL_CONTEXT = ^CTL_CONTEXT;  CTL_CONTEXT = record    dwMsgAndCertEncodingType

WORD;    pbCtlEncoded

BYTE;    cbCtlEncoded

WORD;    pCtlInfo

CTL_INFO;    hCertStore :HCERTSTORE;    hCryptMsg :HCRYPTMSG;    pbCtlContent

BYTE;    cbCtlContent

WORD;  end; type  PCCTL_CONTEXT = ^CTL_CONTEXT; //+------------------------------------------------------------------------- //  Certificate, CRL and CTL property IDs // //  See CertSetCertificateContextProperty or CertGetCertificateContextProperty //  for usage information. //-------------------------------------------------------------------------- const  CERT_KEY_PROV_HANDLE_PROP_ID        = 1;  CERT_KEY_PROV_INFO_PROP_ID          = 2;  CERT_SHA1_HASH_PROP_ID              = 3;  CERT_MD5_HASH_PROP_ID               = 4;  CERT_HASH_PROP_ID                   = CERT_SHA1_HASH_PROP_ID;  CERT_KEY_CONTEXT_PROP_ID            = 5;  CERT_KEY_SPEC_PROP_ID               = 6;  CERT_IE30_RESERVED_PROP_ID          = 7;  CERT_PUBKEY_HASH_RESERVED_PROP_ID   = 8;  CERT_ENHKEY_USAGE_PROP_ID           = 9;  CERT_CTL_USAGE_PROP_ID              = CERT_ENHKEY_USAGE_PROP_ID;  CERT_NEXT_UPDATE_LOCATION_PROP_ID   = 10;  CERT_FRIENDLY_NAME_PROP_ID          = 11;  CERT_PVK_FILE_PROP_ID               = 12; // Note, 32 - 34 are reserved for the CERT, CRL and CTL file element IDs.  CERT_FIRST_RESERVED_PROP_ID         = 13;  CERT_LAST_RESERVED_PROP_ID          = $00007FFF;  CERT_FIRST_USER_PROP_ID             = $00008000;  CERT_LAST_USER_PROP_ID              = $0000FFFF; function IS_CERT_HASH_PROP_ID( X

WORD):BOOL ; //+------------------------------------------------------------------------- //  Cryptographic Key Provider Information // //  CRYPT_KEY_PROV_INFO defines the CERT_KEY_PROV_INFO_PROP_ID's pvData. // //  The CRYPT_KEY_PROV_INFO fields are passed to CryptAcquireContext //  to get a HCRYPTPROV handle. The optional CRYPT_KEY_PROV_PARAM fields are //  passed to CryptProvSetParam to further initialize the provider. // //  The dwKeySpec field identifies the private key to use from the container //  For example, AT_KEYEXCHANGE or AT_SIGNATURE. //-------------------------------------------------------------------------- type  PCRYPT_KEY_PROV_PARAM = ^CRYPT_KEY_PROV_PARAM;  CRYPT_KEY_PROV_PARAM = record    dwParam

WORD;    pbData

BYTE;    cbData

WORD;    dwFlags

WORD;  end; type  PCRYPT_KEY_PROV_INFO = ^CRYPT_KEY_PROV_INFO;  CRYPT_KEY_PROV_INFO = record    pwszContainerName :LPWSTR;    pwszProvName      :LPWSTR;    dwProvType

WORD;    dwFlags

WORD;    cProvParam

WORD;    rgProvParam

CRYPT_KEY_PROV_PARAM;    dwKeySpec

WORD;  end; //+------------------------------------------------------------------------- //  The following flag should be set in the above dwFlags to enable //  a CertSetCertificateContextProperty(CERT_KEY_CONTEXT_PROP_ID) after a //  CryptAcquireContext is done in the Sign or Decrypt Message functions. // //  The following define must not collide with any of the //  CryptAcquireContext dwFlag defines. //-------------------------------------------------------------------------- const  CERT_SET_KEY_PROV_HANDLE_PROP_ID = $00000001;  CERT_SET_KEY_CONTEXT_PROP_ID     = $00000001; //+------------------------------------------------------------------------- //  Certificate Key Context // //  CERT_KEY_CONTEXT defines the CERT_KEY_CONTEXT_PROP_ID's pvData. //-------------------------------------------------------------------------- type  PCERT_KEY_CONTEXT = ^CERT_KEY_CONTEXT;  CERT_KEY_CONTEXT = record    cbSize

WORD;           // sizeof(CERT_KEY_CONTEXT)    hCryptProv :HCRYPTPROV;    dwKeySpec

WORD;  end; //+------------------------------------------------------------------------- //  Certificate Store Provider Types //-------------------------------------------------------------------------- const  CERT_STORE_PROV_MSG = (LPCSTR(1));  CERT_STORE_PROV_MEMORY = (LPCSTR(2));  CERT_STORE_PROV_FILE = (LPCSTR(3));  CERT_STORE_PROV_REG = (LPCSTR(4));  CERT_STORE_PROV_PKCS7 = (LPCSTR(5));  CERT_STORE_PROV_SERIALIZED = (LPCSTR(6));  CERT_STORE_PROV_FILENAME_A = (LPCSTR(7));  CERT_STORE_PROV_FILENAME_W = (LPCSTR(8));  CERT_STORE_PROV_FILENAME =  CERT_STORE_PROV_FILENAME_W;  CERT_STORE_PROV_SYSTEM_A = (LPCSTR(9));  CERT_STORE_PROV_SYSTEM_W =  (LPCSTR(10));  CERT_STORE_PROV_SYSTEM = CERT_STORE_PROV_SYSTEM_W;  sz_CERT_STORE_PROV_MEMORY = 'Memory';  sz_CERT_STORE_PROV_FILENAME_W = 'File';  sz_CERT_STORE_PROV_FILENAME = sz_CERT_STORE_PROV_FILENAME_W;  sz_CERT_STORE_PROV_SYSTEM_W = 'System';  sz_CERT_STORE_PROV_SYSTEM = sz_CERT_STORE_PROV_SYSTEM_W;  sz_CERT_STORE_PROV_PKCS7 = 'PKCS7';  sz_CERT_STORE_PROV_SERIALIZED = 'Serialized'; //+------------------------------------------------------------------------- //  Certificate Store verify/results flags //--------------------------------------------------------------------------  CERT_STORE_SIGNATURE_FLAG = $00000001;  CERT_STORE_TIME_VALIDITY_FLAG = $00000002;  CERT_STORE_REVOCATION_FLAG = $00000004;  CERT_STORE_NO_CRL_FLAG = $00010000;  CERT_STORE_NO_ISSUER_FLAG = $00020000; //+------------------------------------------------------------------------- //  Certificate Store open/property flags //--------------------------------------------------------------------------  CERT_STORE_NO_CRYPT_RELEASE_FLAG = $00000001;  CERT_STORE_READONLY_FLAG = $00008000; //+------------------------------------------------------------------------- //  Certificate Store Provider flags are in the HiWord (0xFFFF0000) //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  Certificate System Store Flag Values //-------------------------------------------------------------------------- // Location of the system store in the registry: //  HKEY_CURRENT_USER or HKEY_LOCAL_MACHINE  CERT_SYSTEM_STORE_LOCATION_MASK = $00030000;  CERT_SYSTEM_STORE_CURRENT_USER  = $00010000;  CERT_SYSTEM_STORE_LOCAL_MACHINE = $00020000; //+------------------------------------------------------------------------- //  Open the cert store using the specified store provider. // //  hCryptProv specifies the crypto provider to use to create the hash //  properties or verify the signature of a subject certificate or CRL. //  The store doesn't need to use a private //  key. If the CERT_STORE_NO_CRYPT_RELEASE_FLAG isn't set, hCryptProv is //  CryptReleaseContext'ed on the final CertCloseStore. // //  Note, if the open fails, hCryptProv is released if it would have been //  released when the store was closed. // //  If hCryptProv is zero, then, the default provider and container for the //  PROV_RSA_FULL provider type is CryptAcquireContext'ed with //  CRYPT_VERIFYCONTEXT access. The CryptAcquireContext is deferred until //  the first create hash or verify signature. In addition, once acquired, //  the default provider isn't released until process exit when crypt32.dll //  is unloaded. The acquired default provider is shared across all stores //  and threads. // //  After initializing the store's data structures and optionally acquiring a //  default crypt provider, CertOpenStore calls CryptGetOIDFunctionAddress to //  get the address of the CRYPT_OID_OPEN_STORE_PROV_FUNC specified by //  lpszStoreProvider. Since a store can contain certificates with different //  encoding types, CryptGetOIDFunctionAddress is called with dwEncodingType //  set to 0 and not the dwEncodingType passed to CertOpenStore. //  PFN_CERT_DLL_OPEN_STORE_FUNC specifies the signature of the provider's //  open function. This provider open function is called to load the //  store's certificates and CRLs. Optionally, the provider may return an //  array of functions called before a certificate or CRL is added or deleted //  or has a property that is set. // //  Use of the dwEncodingType parameter is provider dependent. The type //  definition for pvPara also depends on the provider. // //  Store providers are installed or registered via //  CryptInstallOIDFunctionAddress or CryptRegisterOIDFunction, where, //  dwEncodingType is 0 and pszFuncName is CRYPT_OID_OPEN_STORE_PROV_FUNC. // //  Here's a list of the predefined provider types (implemented in crypt32.dll): // //  CERT_STORE_PROV_MSG: //      Gets the certificates and CRLs from the specified cryptographic message. //      dwEncodingType contains the message and certificate encoding types. //      The message's handle is passed in pvPara. Given, //          HCRYPTMSG hCryptMsg; pvPara = (const void *) hCryptMsg; // //  CERT_STORE_PROV_MEMORY //  sz_CERT_STORE_PROV_MEMORY: //      Opens a store without any initial certificates or CRLs. pvPara //      isn't used. // //  CERT_STORE_PROV_FILE: //      Reads the certificates and CRLs from the specified file. The file's //      handle is passed in pvPara. Given, //          HANDLE hFile; pvPara = (const void *) hFile; // //      For a successful open, the file pointer is advanced past //      the certificates and CRLs and their properties read from the file. //      Note, only expects a serialized store and not a file containing //      either a PKCS #7 signed message or a single encoded certificate. // //      The hFile isn't closed. // //  CERT_STORE_PROV_REG: //      Reads the certificates and CRLs from the registry. The registry's //      key handle is passed in pvPara. Given, //          HKEY hKey; pvPara = (const void *) hKey; // //      The input hKey isn't closed by the provider. Before returning, the //      provider opens/creates "Certificates" and "CRLs" subkeys. These //      subkeys remain open until the store is closed. // //      If CERT_STORE_READONLY_FLAG is set, then, the registry subkeys are //      RegOpenKey'ed with KEY_READ_ACCESS. Otherwise, the registry subkeys //      are RegCreateKey'ed with KEY_ALL_ACCESS. // //      This provider returns the array of functions for reading, writing, //      deleting and property setting certificates and CRLs. //      Any changes to the opened store are immediately pushed through to //      the registry. However, if CERT_STORE_READONLY_FLAG is set, then, //      writing, deleting or property setting results in a //      SetLastError(E_ACCESSDENIED). // //      Note, all the certificates and CRLs are read from the registry //      when the store is opened. The opened store serves as a write through //      cache. However, the opened store isn't notified of other changes //      made to the registry. Note, RegNotifyChangeKeyValue is supported //      on NT but not supported on Windows95. // //  CERT_STORE_PROV_PKCS7: //  sz_CERT_STORE_PROV_PKCS7: //      Gets the certificates and CRLs from the encoded PKCS #7 signed message. //      dwEncodingType specifies the message and certificate encoding types. //      The pointer to the encoded message's blob is passed in pvPara. Given, //          CRYPT_DATA_BLOB EncodedMsg; pvPara = (const void *) &EncodedMsg; // //      Note, also supports the IE3.0 special version of a //      PKCS #7 signed message referred to as a "SPC" formatted message. // //  CERT_STORE_PROV_SERIALIZED: //  sz_CERT_STORE_PROV_SERIALIZED: //      Gets the certificates and CRLs from memory containing a serialized //      store.  The pointer to the serialized memory blob is passed in pvPara. //      Given, //          CRYPT_DATA_BLOB Serialized; pvPara = (const void *) &Serialized; // //  CERT_STORE_PROV_FILENAME_A: //  CERT_STORE_PROV_FILENAME_W: //  CERT_STORE_PROV_FILENAME: //  sz_CERT_STORE_PROV_FILENAME_W: //  sz_CERT_STORE_PROV_FILENAME: //      Opens the file and first attempts to read as a serialized store. Then, //      as a PKCS #7 signed message. Finally, as a single encoded certificate. //      The filename is passed in pvPara. The filename is UNICODE for the //      "_W" provider and ASCII for the "_A" provider. For "_W": given, //          LPCWSTR pwszFilename; pvPara = (const void *) pwszFilename; //      For "_A": given, //          LPCSTR pszFilename; pvPara = (const void *) pszFilename; // //      Note, the default (without "_A" or "_W&quot

is unicode. // //      Note, also supports the reading of the IE3.0 special version of a //      PKCS #7 signed message file referred to as a "SPC" formatted file. // //  CERT_STORE_PROV_SYSTEM_A: //  CERT_STORE_PROV_SYSTEM_W: //  CERT_STORE_PROV_SYSTEM: //  sz_CERT_STORE_PROV_SYSTEM_W: //  sz_CERT_STORE_PROV_SYSTEM: //      Opens the specified "system" store. Currently, all the system //      stores are stored in the registry. The upper word of the dwFlags //      parameter is used to specify the location of the system store. It //      should be set to either CERT_SYSTEM_STORE_CURRENT_USER for //      HKEY_CURRENT_USER or CERT_SYSTEM_STORE_LOCAL_MACHINE for //      HKEY_LOCAL_MACHINE. // //      After opening the registry key associated with the system name, //      the CERT_STORE_PROV_REG provider is called to complete the open. // //      The system store name is passed in pvPara. The name is UNICODE for the //      "_W" provider and ASCII for the "_A" provider. For "_W": given, //          LPCWSTR pwszSystemName; pvPara = (const void *) pwszSystemName; //      For "_A": given, //          LPCSTR pszSystemName; pvPara = (const void *) pszSystemName; // //      Note, the default (without "_A" or "_W&quot

is UNICODE. // //      If CERT_STORE_READONLY_FLAG is set, then, the registry is //      RegOpenKey'ed with KEY_READ_ACCESS. Otherwise, the registry is //      RegCreateKey'ed with KEY_ALL_ACCESS. // //      The "root" store is treated differently from the other system //      stores. Before a certificate is added to or deleted from the "root" //      store, a pop up message box is displayed. The certificate's subject, //      issuer, serial number, time validity, sha1 and md5 thumbprints are //      displayed. The user is given the option to do the add or delete. //      If they don't allow the operation, LastError is set to E_ACCESSDENIED. //-------------------------------------------------------------------------- function CertOpenStore(lpszStoreProvider :LPCSTR;                       dwEncodingType

WORD;                       hCryptProv :HCRYPTPROV;                       dwFlags

WORD;                 const pvPara

VOID):HCERTSTORE ; stdcall; //+------------------------------------------------------------------------- //  OID Installable Certificate Store Provider Data Structures //-------------------------------------------------------------------------- // Handle returned by the store provider when opened. type  HCERTSTOREPROV = PVOID; // Store Provider OID function's pszFuncName. const  CRYPT_OID_OPEN_STORE_PROV_FUNC = 'CertDllOpenStoreProv'; // Note, the Store Provider OID function's dwEncodingType is always 0. // The following information is returned by the provider when opened. Its // zeroed with cbSize set before the provider is called. If the provider // doesn't need to be called again after the open it doesn't need to // make any updates to the CERT_STORE_PROV_INFO. type  PCERT_STORE_PROV_INFO = ^CERT_STORE_PROV_INFO;  CERT_STORE_PROV_INFO = record    cbSize

WORD;    cStoreProvFunc

WORD;    rgpvStoreProvFunc

PVOID;    hStoreProv :HCERTSTOREPROV;    dwStoreProvFlags

WORD;  end; // Definition of the store provider's open function. // // *pStoreProvInfo has been zeroed before the call. // // Note, pStoreProvInfo->cStoreProvFunc should be set last.  Once set, // all subsequent store calls, such as CertAddSerializedElementToStore will // call the appropriate provider callback function. type  PFN_CERT_DLL_OPEN_STORE_PROV_FUNC = function (lpszStoreProvider :LPCSTR;                                                dwEncodingType

WORD;                                                hCryptProv :HCRYPTPROV;                                                dwFlags

WORD;                                          const pvPara

VOID;                                                hCertStore :HCERTSTORE;                                                pStoreProvInfo

CERT_STORE_PROV_INFO                                               &nbsp

:BOOL ; stdcall; // Indices into the store provider's array of callback functions. // // The provider can implement any subset of the following functions. It // sets pStoreProvInfo->cStoreProvFunc to the last index + 1 and any // preceding not implemented functions to NULL. const  CERT_STORE_PROV_CLOSE_FUNC = 0;  CERT_STORE_PROV_READ_CERT_FUNC = 1;  CERT_STORE_PROV_WRITE_CERT_FUNC = 2;  CERT_STORE_PROV_DELETE_CERT_FUNC = 3;  CERT_STORE_PROV_SET_CERT_PROPERTY_FUNC = 4;  CERT_STORE_PROV_READ_CRL_FUNC = 5;  CERT_STORE_PROV_WRITE_CRL_FUNC = 6;  CERT_STORE_PROV_DELETE_CRL_FUNC = 7;  CERT_STORE_PROV_SET_CRL_PROPERTY_FUNC = 8;  CERT_STORE_PROV_READ_CTL_FUNC = 9;  CERT_STORE_PROV_WRITE_CTL_FUNC = 10;  CERT_STORE_PROV_DELETE_CTL_FUNC = 11;  CERT_STORE_PROV_SET_CTL_PROPERTY_FUNC = 12; // Called by CertCloseStore when the store's reference count is // decremented to 0. type  PFN_CERT_STORE_PROV_CLOSE = procedure(hStoreProv :HCERTSTOREPROV;                                        dwFlags

WORD) ; stdcall; // Currently not called directly by the store APIs. However, may be exported // to support other providers based on it. // // Reads the provider's copy of the certificate context. If it exists, // creates a new certificate context. type  PFN_CERT_STORE_PROV_READ_CERT = function (hStoreProv :HCERTSTOREPROV;                                            pStoreCertContext

CCERT_CONTEXT;                                            dwFlags

WORD;                                        var ppProvCertContext

CCERT_CONTEXT                                           &nbsp

:BOOL ; stdcall; const  CERT_STORE_PROV_WRITE_ADD_FLAG = $1; // Called by CertAddEncodedCertificateToStore, // CertAddCertificateContextToStore or CertAddSerializedElementToStore before // adding to the store. The CERT_STORE_PROV_WRITE_ADD_FLAG is set. In // addition to the encoded certificate, the added pCertContext might also // have properties. // // Returns TRUE if its OK to update the the store. type  PFN_CERT_STORE_PROV_WRITE_CERT = function (hStoreProv :HCERTSTOREPROV;                                             pCertContext

CCERT_CONTEXT;                                             dwFlags

WORD):BOOL ; stdcall; // Called by CertDeleteCertificateFromStore before deleting from the // store. // // Returns TRUE if its OK to delete from the store. type  PFN_CERT_STORE_PROV_DELETE_CERT = function (hStoreProv :HCERTSTOREPROV;                                              pCertContext

CCERT_CONTEXT;                                              dwFlags

WORD):BOOL ; stdcall; // Called by CertSetCertificateContextProperty before setting the // certificate's property. Also called by CertGetCertificateContextProperty, // when getting a hash property that needs to be created and then persisted // via the set. // // Upon input, the property hasn't been set for the pCertContext parameter. // // Returns TRUE if its OK to set the property. type  PFN_CERT_STORE_PROV_SET_CERT_PROPERTY = function (hStoreProv :HCERTSTOREPROV;                                                    pCertContext

CCERT_CONTEXT;                                                    dwPropId

WORD;                                                    dwFlags

WORD;                                              const pvData

VOID                                                   &nbsp

:BOOL ; stdcall; // Currently not called directly by the store APIs. However, may be exported // to support other providers based on it. // // Reads the provider's copy of the CRL context. If it exists, // creates a new CRL context. type  PFN_CERT_STORE_PROV_READ_CRL = function (hStoreProv :HCERTSTOREPROV;                                           pStoreCrlContext

CCRL_CONTEXT;                                           dwFlags

WORD;                                       var ppProvCrlContext

CCRL_CONTEXT                                           ):BOOL ; stdcall; // Called by CertAddEncodedCRLToStore, // CertAddCRLContextToStore or CertAddSerializedElementToStore before // adding to the store. The CERT_STORE_PROV_WRITE_ADD_FLAG is set. In // addition to the encoded CRL, the added pCertContext might also // have properties. // // Returns TRUE if its OK to update the the store. type  PFN_CERT_STORE_PROV_WRITE_CRL = function (hStoreProv :HCERTSTOREPROV;                                            pCrlContext

CCRL_CONTEXT;                                            dwFlags

WORD):BOOL ; stdcall; // Called by CertDeleteCRLFromStore before deleting from the store. // // Returns TRUE if its OK to delete from the store. type  PFN_CERT_STORE_PROV_DELETE_CRL = function (hStoreProv :HCERTSTOREPROV;                                             pCrlContext

CCRL_CONTEXT;                                             dwFlags

WORD):BOOL ; stdcall; // Called by CertDeleteCRLFromStore before deleting from the store. // // Returns TRUE if its OK to delete from the store. type  PFN_CERT_STORE_PROV_SET_CRL_PROPERTY = function (hStoreProv :HCERTSTOREPROV;                                                   pCrlContext

CCRL_CONTEXT;                                                   dwPropId

WORD;                                                   dwFlags

WORD;                                                   pvData

VOID):BOOL ; stdcall; // Currently not called directly by the store APIs. However, may be exported // to support other providers based on it. // // Reads the provider's copy of the CTL context. If it exists, // creates a new CTL context. type  PFN_CERT_STORE_PROV_READ_CTL = function (hStoreProv :HCERTSTOREPROV;                                           pStoreCtlContext

CCTL_CONTEXT;                                           dwFlags

WORD;                                       var ppProvCtlContext

CCTL_CONTEXT                                           ):BOOL ; stdcall; // Called by CertAddEncodedCTLToStore, // CertAddCTLContextToStore or CertAddSerializedElementToStore before // adding to the store. The CERT_STORE_PROV_WRITE_ADD_FLAG is set. In // addition to the encoded CTL, the added pCertContext might also // have properties. // // Returns TRUE if its OK to update the the store. type  PFN_CERT_STORE_PROV_WRITE_CTL = function (hStoreProv :HCERTSTOREPROV;                                            pCtlContext

CCTL_CONTEXT;                                            dwFlags

WORD):BOOL ; stdcall; // Called by CertDeleteCTLFromStore before deleting from the store. // // Returns TRUE if its OK to delete from the store. type  PFN_CERT_STORE_PROV_DELETE_CTL = function (hStoreProv :HCERTSTOREPROV;                                             pCtlContext

CCTL_CONTEXT;                                             dwFlags

WORD):BOOL ; stdcall; // Called by CertSetCTLContextProperty before setting the // CTL's property. Also called by CertGetCTLContextProperty, // when getting a hash property that needs to be created and then persisted // via the set. // // Upon input, the property hasn't been set for the pCtlContext parameter. // // Returns TRUE if its OK to set the property. type  PFN_CERT_STORE_PROV_SET_CTL_PROPERTY = function (hStoreProv :HCERTSTOREPROV;                                                   pCtlContext

CCTL_CONTEXT;                                                   dwPropId

WORD;                                                   dwFlags

WORD;                                             const pvData

VOID                                                   ):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Duplicate a cert store handle //-------------------------------------------------------------------------- function CertDuplicateStore(hCertStore :HCERTSTORE):HCERTSTORE ; stdcall; const CERT_STORE_SAVE_AS_STORE = 1; const CERT_STORE_SAVE_AS_PKCS7 = 2; const CERT_STORE_SAVE_TO_FILE = 1; const CERT_STORE_SAVE_TO_MEMORY = 2; const CERT_STORE_SAVE_TO_FILENAME_A = 3; const CERT_STORE_SAVE_TO_FILENAME_W = 4; const CERT_STORE_SAVE_TO_FILENAME = CERT_STORE_SAVE_TO_FILENAME_W; //+------------------------------------------------------------------------- //  Save the cert store. Extended version with lots of options. // //  According to the dwSaveAs parameter, the store can be saved as a //  serialized store (CERT_STORE_SAVE_AS_STORE) containing properties in //  addition to encoded certificates, CRLs and CTLs or the store can be saved //  as a PKCS #7 signed message (CERT_STORE_SAVE_AS_PKCS7) which doesn't //  include the properties or CTLs. // //  Note, the CERT_KEY_CONTEXT_PROP_ID property (and its //  CERT_KEY_PROV_HANDLE_PROP_ID or CERT_KEY_SPEC_PROP_ID) isn't saved into //  a serialized store. // //  For CERT_STORE_SAVE_AS_PKCS7, the dwEncodingType specifies the message //  encoding type. The dwEncodingType parameter isn't used for //  CERT_STORE_SAVE_AS_STORE. // //  The dwFlags parameter currently isn't used and should be set to 0. // //  The dwSaveTo and pvSaveToPara parameters specify where to save the //  store as follows: //    CERT_STORE_SAVE_TO_FILE: //      Saves to the specified file. The file's handle is passed in //      pvSaveToPara. Given, //          HANDLE hFile; pvSaveToPara = (void *) hFile; // //      For a successful save, the file pointer is positioned after the //      last write. // //    CERT_STORE_SAVE_TO_MEMORY: //      Saves to the specified memory blob. The pointer to //      the memory blob is passed in pvSaveToPara. Given, //          CRYPT_DATA_BLOB SaveBlob; pvSaveToPara = (void *) &SaveBlob; //      Upon entry, the SaveBlob's pbData and cbData need to be initialized. //      Upon return, cbData is updated with the actual length. //      For a length only calculation, pbData should be set to NULL. If //      pbData is non-NULL and cbData isn't large enough, FALSE is returned //      with a last error of ERRROR_MORE_DATA. // //    CERT_STORE_SAVE_TO_FILENAME_A: //    CERT_STORE_SAVE_TO_FILENAME_W: //    CERT_STORE_SAVE_TO_FILENAME: //      Opens the file and saves to it. The filename is passed in pvSaveToPara. //      The filename is UNICODE for the "_W" option and ASCII for the "_A" //      option. For "_W": given, //          LPCWSTR pwszFilename; pvSaveToPara = (void *) pwszFilename; //      For "_A": given, //          LPCSTR pszFilename; pvSaveToPara = (void *) pszFilename; // //      Note, the default (without "_A" or "_W&quot

is UNICODE. // //-------------------------------------------------------------------------- function CertSaveStore(hCertStore :HCERTSTORE;                       dwEncodingType

WORD;                       dwSaveAs

WORD;                       dwSaveTo

WORD;                       pvSaveToPara

VOID;                       dwFlags

WORD):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Certificate Store close flags //-------------------------------------------------------------------------- const CERT_CLOSE_STORE_FORCE_FLAG = $00000001; const CERT_CLOSE_STORE_CHECK_FLAG = $00000002; //+------------------------------------------------------------------------- //  Close a cert store handle. // //  There needs to be a corresponding close for each open and duplicate. // //  Even on the final close, the cert store isn't freed until all of its //  certificate and CRL contexts have also been freed. // //  On the final close, the hCryptProv passed to CertStoreOpen is //  CryptReleaseContext'ed. // //  To force the closure of the store with all of its memory freed, set the //  CERT_STORE_CLOSE_FORCE_FLAG. This flag should be set when the caller does //  its own reference counting and wants everything to vanish. // //  To check if all the store's certificates and CRLs have been freed and that //  this is the last CertCloseStore, set the CERT_CLOSE_STORE_CHECK_FLAG. If //  set and certs, CRLs or stores still need to be freed/closed, FALSE is //  returned with LastError set to CRYPT_E_PENDING_CLOSE. Note, for FALSE, //  the store is still closed. This is a diagnostic flag. // //  LastError is preserved unless CERT_CLOSE_STORE_CHECK_FLAG is set and FALSE //  is returned. //-------------------------------------------------------------------------- function CertCloseStore(hCertStore :HCERTSTORE; dwFlags

WORD):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Get the subject certificate context uniquely identified by its Issuer and //  SerialNumber from the store. // //  If the certificate isn't found, NULL is returned. Otherwise, a pointer to //  a read only CERT_CONTEXT is returned. CERT_CONTEXT must be freed by calling //  CertFreeCertificateContext. CertDuplicateCertificateContext can be called to make a //  duplicate. // //  The returned certificate might not be valid. Normally, it would be //  verified when getting its issuer certificate (CertGetIssuerCertificateFromStore). //-------------------------------------------------------------------------- function CertGetSubjectCertificateFromStore(hCertStore :HCERTSTORE;                                            dwCertEncodingType

WORD;                                            pCertId

CERT_INFO         // Only the Issuer and SerialNumber                                           &nbsp

CCERT_CONTEXT ; stdcall; // fields are used //+------------------------------------------------------------------------- //  Enumerate the certificate contexts in the store. // //  If a certificate isn't found, NULL is returned. //  Otherwise, a pointer to a read only CERT_CONTEXT is returned. CERT_CONTEXT //  must be freed by calling CertFreeCertificateContext or is freed when passed as the //  pPrevCertContext on a subsequent call. CertDuplicateCertificateContext //  can be called to make a duplicate. // //  pPrevCertContext MUST BE NULL to enumerate the first //  certificate in the store. Successive certificates are enumerated by setting //  pPrevCertContext to the CERT_CONTEXT returned by a previous call. // //  NOTE: a NON-NULL pPrevCertContext is always CertFreeCertificateContext'ed by //  this function, even for an error. //-------------------------------------------------------------------------- function CertEnumCertificatesInStore(hCertStore :HCERTSTORE;                                     pPrevCertContext

CCERT_CONTEXT                                     )

CCERT_CONTEXT ; stdcall; //+------------------------------------------------------------------------- //  Find the first or next certificate context in the store. // //  The certificate is found according to the dwFindType and its pvFindPara. //  See below for a list of the find types and its parameters. // //  Currently dwFindFlags is only used for CERT_FIND_SUBJECT_ATTR, //  CERT_FIND_ISSUER_ATTR or CERT_FIND_CTL_USAGE. Otherwise, must be set to 0. // //  Usage of dwCertEncodingType depends on the dwFindType. // //  If the first or next certificate isn't found, NULL is returned. //  Otherwise, a pointer to a read only CERT_CONTEXT is returned. CERT_CONTEXT //  must be freed by calling CertFreeCertificateContext or is freed when passed as the //  pPrevCertContext on a subsequent call. CertDuplicateCertificateContext //  can be called to make a duplicate. // //  pPrevCertContext MUST BE NULL on the first //  call to find the certificate. To find the next certificate, the //  pPrevCertContext is set to the CERT_CONTEXT returned by a previous call. // //  NOTE: a NON-NULL pPrevCertContext is always CertFreeCertificateContext'ed by //  this function, even for an error. //-------------------------------------------------------------------------- function CertFindCertificateInStore(hCertStore :HCERTSTORE;                                    dwCertEncodingType

WORD;                                    dwFindFlags

WORD;                                    dwFindType

WORD;                              const pvFindPara

VOID;                                    pPrevCertContext

CCERT_CONTEXT                                   &nbsp

CCERT_CONTEXT ; stdcall; //+------------------------------------------------------------------------- // Certificate comparison functions //-------------------------------------------------------------------------- const CERT_COMPARE_SHIFT = 16; const CERT_COMPARE_ANY = 0; const CERT_COMPARE_SHA1_HASH = 1; const CERT_COMPARE_NAME = 2; const CERT_COMPARE_ATTR = 3; const CERT_COMPARE_MD5_HASH  = 4; const CERT_COMPARE_PROPERTY = 5; const CERT_COMPARE_PUBLIC_KEY = 6; const CERT_COMPARE_HASH = CERT_COMPARE_SHA1_HASH; const CERT_COMPARE_NAME_STR_A = 7; const CERT_COMPARE_NAME_STR_W = 8; const CERT_COMPARE_KEY_SPEC = 9; const CERT_COMPARE_ENHKEY_USAGE = 10; const CERT_COMPARE_CTL_USAGE = CERT_COMPARE_ENHKEY_USAGE; //+------------------------------------------------------------------------- //  dwFindType // //  The dwFindType definition consists of two components: //   - comparison function //   - certificate information flag //-------------------------------------------------------------------------- const CERT_FIND_ANY = (CERT_COMPARE_ANY shl CERT_COMPARE_SHIFT); const CERT_FIND_SHA1_HASH = (CERT_COMPARE_SHA1_HASH shl CERT_COMPARE_SHIFT); const CERT_FIND_MD5_HASH = (CERT_COMPARE_MD5_HASH shl CERT_COMPARE_SHIFT); const CERT_FIND_HASH = CERT_FIND_SHA1_HASH; const CERT_FIND_PROPERTY = (CERT_COMPARE_PROPERTY shl CERT_COMPARE_SHIFT); const CERT_FIND_PUBLIC_KEY = (CERT_COMPARE_PUBLIC_KEY shl CERT_COMPARE_SHIFT); const CERT_FIND_SUBJECT_NAME = (CERT_COMPARE_NAME shl CERT_COMPARE_SHIFT or CERT_INFO_SUBJECT_FLAG); const CERT_FIND_SUBJECT_ATTR = (CERT_COMPARE_ATTR shl CERT_COMPARE_SHIFT or  CERT_INFO_SUBJECT_FLAG); const CERT_FIND_ISSUER_NAME = (CERT_COMPARE_NAME shl CERT_COMPARE_SHIFT or  CERT_INFO_ISSUER_FLAG); const CERT_FIND_ISSUER_ATTR = (CERT_COMPARE_ATTR shl CERT_COMPARE_SHIFT or   CERT_INFO_ISSUER_FLAG); const CERT_FIND_SUBJECT_STR_A =  (CERT_COMPARE_NAME_STR_A shl CERT_COMPARE_SHIFT or   CERT_INFO_SUBJECT_FLAG); const CERT_FIND_SUBJECT_STR_W =  (CERT_COMPARE_NAME_STR_W shl CERT_COMPARE_SHIFT or   CERT_INFO_SUBJECT_FLAG); const CERT_FIND_SUBJECT_STR = CERT_FIND_SUBJECT_STR_W; const CERT_FIND_ISSUER_STR_A = (CERT_COMPARE_NAME_STR_A shl CERT_COMPARE_SHIFT or  CERT_INFO_ISSUER_FLAG); const CERT_FIND_ISSUER_STR_W =  (CERT_COMPARE_NAME_STR_W shl CERT_COMPARE_SHIFT or  CERT_INFO_ISSUER_FLAG); const CERT_FIND_ISSUER_STR = CERT_FIND_ISSUER_STR_W; const CERT_FIND_KEY_SPEC = (CERT_COMPARE_KEY_SPEC shl CERT_COMPARE_SHIFT); const CERT_FIND_ENHKEY_USAGE = (CERT_COMPARE_ENHKEY_USAGE shl CERT_COMPARE_SHIFT); const CERT_FIND_CTL_USAGE = CERT_FIND_ENHKEY_USAGE; //+------------------------------------------------------------------------- //  CERT_FIND_ANY // //  Find any certificate. // //  pvFindPara isn't used. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CERT_FIND_HASH // //  Find a certificate with the specified hash. // //  pvFindPara points to a CRYPT_HASH_BLOB. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CERT_FIND_PROPERTY // //  Find a certificate having the specified property. // //  pvFindPara points to a DWORD containing the PROP_ID //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CERT_FIND_PUBLIC_KEY // //  Find a certificate matching the specified public key. // //  pvFindPara points to a CERT_PUBLIC_KEY_INFO containing the public key //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CERT_FIND_SUBJECT_NAME //  CERT_FIND_ISSUER_NAME // //  Find a certificate with the specified subject/issuer name. Does an exact //  match of the entire name. // //  Restricts search to certificates matching the dwCertEncodingType. // //  pvFindPara points to a CERT_NAME_BLOB. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CERT_FIND_SUBJECT_ATTR //  CERT_FIND_ISSUER_ATTR // //  Find a certificate with the specified subject/issuer attributes. // //  Compares the attributes in the subject/issuer name with the //  Relative Distinguished Name's (CERT_RDN) array of attributes specified in //  pvFindPara. The comparison iterates through the CERT_RDN attributes and looks //  for an attribute match in any of the subject/issuer's RDNs. // //  The CERT_RDN_ATTR fields can have the following special values: //    pszObjId == NULL              - ignore the attribute object identifier //    dwValueType == RDN_ANY_TYPE   - ignore the value type //    Value.pbData == NULL          - match any value // //  Currently only an exact, case sensitive match is supported. // //  CERT_UNICODE_IS_RDN_ATTRS_FLAG should be set in dwFindFlags if the RDN was //  initialized with unicode strings as for //  CryptEncodeObject(X509_UNICODE_NAME). // //  Restricts search to certificates matching the dwCertEncodingType. // //  pvFindPara points to a CERT_RDN (defined in wincert.h). //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CERT_FIND_SUBJECT_STR_A //  CERT_FIND_SUBJECT_STR_W | CERT_FIND_SUBJECT_STR //  CERT_FIND_ISSUER_STR_A //  CERT_FIND_ISSUER_STR_W  | CERT_FIND_ISSUER_STR // //  Find a certificate containing the specified subject/issuer name string. // //  First, the certificate's subject/issuer is converted to a name string //  via CertNameToStrA/CertNameToStrW(CERT_SIMPLE_NAME_STR). Then, a //  case insensitive substring within string match is performed. // //  Restricts search to certificates matching the dwCertEncodingType. // //  For *_STR_A, pvFindPara points to a null terminated character string. //  For *_STR_W, pvFindPara points to a null terminated wide character string. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CERT_FIND_KEY_SPEC // //  Find a certificate having a CERT_KEY_SPEC_PROP_ID property matching //  the specified KeySpec. // //  pvFindPara points to a DWORD containing the KeySpec. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CERT_FIND_ENHKEY_USAGE // //  Find a certificate having the szOID_ENHANCED_KEY_USAGE extension or //  the CERT_ENHKEY_USAGE_PROP_ID and matching the specified pszUsageIdentifers. // //  pvFindPara points to a CERT_ENHKEY_USAGE data structure. If pvFindPara //  is NULL or CERT_ENHKEY_USAGE's cUsageIdentifier is 0, then, matches any //  certificate having enhanced key usage. // //  The CERT_FIND_OPTIONAL_ENHKEY_USAGE_FLAG can be set in dwFindFlags to //  also match a certificate without either the extension or property. // //  If CERT_FIND_NO_ENHKEY_USAGE_FLAG is set in dwFindFlags, finds //  certificates without the key usage extension or property. Setting this //  flag takes precedence over pvFindPara being NULL. // //  If the CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG is set, then, only does a match //  using the extension. If pvFindPara is NULL or cUsageIdentifier is set to //  0, finds certificates having the extension. If //  CERT_FIND_OPTIONAL_ENHKEY_USAGE_FLAG is set, also matches a certificate //  without the extension. If CERT_FIND_NO_ENHKEY_USAGE_FLAG is set, finds //  certificates without the extension. // //  If the CERT_FIND_EXT_PROP_ENHKEY_USAGE_FLAG is set, then, only does a match //  using the property. If pvFindPara is NULL or cUsageIdentifier is set to //  0, finds certificates having the property. If //  CERT_FIND_OPTIONAL_ENHKEY_USAGE_FLAG is set, also matches a certificate //  without the property. If CERT_FIND_NO_ENHKEY_USAGE_FLAG is set, finds //  certificates without the property. //-------------------------------------------------------------------------- const CERT_FIND_OPTIONAL_ENHKEY_USAGE_FLAG = $1; const CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG = $2; const CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG = $4; const CERT_FIND_NO_ENHKEY_USAGE_FLAG = $8; const CERT_FIND_OPTIONAL_CTL_USAGE_FLAG = CERT_FIND_OPTIONAL_ENHKEY_USAGE_FLAG; const CERT_FIND_EXT_ONLY_CTL_USAGE_FLAG = CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG; const CERT_FIND_PROP_ONLY_CTL_USAGE_FLAG = CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG; const CERT_FIND_NO_CTL_USAGE_FLAG = CERT_FIND_NO_ENHKEY_USAGE_FLAG; //+------------------------------------------------------------------------- //  Get the certificate context from the store for the first or next issuer //  of the specified subject certificate. Perform the enabled //  verification checks on the subject. (Note, the checks are on the subject //  using the returned issuer certificate.) // //  If the first or next issuer certificate isn't found, NULL is returned. //  Otherwise, a pointer to a read only CERT_CONTEXT is returned. CERT_CONTEXT //  must be freed by calling CertFreeCertificateContext or is freed when passed as the //  pPrevIssuerContext on a subsequent call. CertDuplicateCertificateContext //  can be called to make a duplicate. // //  For a self signed subject certificate, NULL is returned with LastError set //  to CERT_STORE_SELF_SIGNED. The enabled verification checks are still done. // //  The pSubjectContext may have been obtained from this store, another store //  or created by the caller application. When created by the caller, the //  CertCreateCertificateContext function must have been called. // //  An issuer may have multiple certificates. This may occur when the validity //  period is about to change. pPrevIssuerContext MUST BE NULL on the first //  call to get the issuer. To get the next certificate for the issuer, the //  pPrevIssuerContext is set to the CERT_CONTEXT returned by a previous call. // //  NOTE: a NON-NULL pPrevIssuerContext is always CertFreeCertificateContext'ed by //  this function, even for an error. // //  The following flags can be set in *pdwFlags to enable verification checks //  on the subject certificate context: //      CERT_STORE_SIGNATURE_FLAG     - use the public key in the returned //                                      issuer certificate to verify the //                                      signature on the subject certificate. //                                      Note, if pSubjectContext->hCertStore == //                                      hCertStore, the store provider might //                                      be able to eliminate a redo of //                                      the signature verify. //      CERT_STORE_TIME_VALIDITY_FLAG - get the current time and verify that //                                      its within the subject certificate's //                                      validity period //      CERT_STORE_REVOCATION_FLAG    - check if the subject certificate is on //                                      the issuer's revocation list // //  If an enabled verification check fails, then, its flag is set upon return. //  If CERT_STORE_REVOCATION_FLAG was enabled and the issuer doesn't have a //  CRL in the store, then, CERT_STORE_NO_CRL_FLAG is set in addition to //  the CERT_STORE_REVOCATION_FLAG. // //  If CERT_STORE_SIGNATURE_FLAG or CERT_STORE_REVOCATION_FLAG is set, then, //  CERT_STORE_NO_ISSUER_FLAG is set if it doesn't have an issuer certificate //  in the store. // //  For a verification check failure, a pointer to the issuer's CERT_CONTEXT //  is still returned and SetLastError isn't updated. //-------------------------------------------------------------------------- function CertGetIssuerCertificateFromStore(hCertStore :HCERTSTORE;                                           pSubjectContext

CCERT_CONTEXT;                                           pPrevIssuerContext

CCERT_CONTEXT; //OPTIONAL                                           pdwFlags

DWORD)

CCERT_CONTEXT ; stdcall; //+------------------------------------------------------------------------- //  Perform the enabled verification checks on the subject certificate //  using the issuer. Same checks and flags definitions as for the above //  CertGetIssuerCertificateFromStore. // //  If you are only checking CERT_STORE_TIME_VALIDITY_FLAG, then, the //  issuer can be NULL. // //  For a verification check failure, SUCCESS is still returned. //-------------------------------------------------------------------------- function CertVerifySubjectCertificateContext(pSubject

CCERT_CONTEXT;                                             pIssuer

CCERT_CONTEXT; //OPTIONAL                                             pdwFlags

DWORD):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Duplicate a certificate context //-------------------------------------------------------------------------- function CertDuplicateCertificateContext(pCertContext

CCERT_CONTEXT)

CCERT_CONTEXT ; stdcall; //+------------------------------------------------------------------------- //  Create a certificate context from the encoded certificate. The created //  context isn't put in a store. // //  Makes a copy of the encoded certificate in the created context. // //  If unable to decode and create the certificate context, NULL is returned. //  Otherwise, a pointer to a read only CERT_CONTEXT is returned. //  CERT_CONTEXT must be freed by calling CertFreeCertificateContext. //  CertDuplicateCertificateContext can be called to make a duplicate. // //  CertSetCertificateContextProperty and CertGetCertificateContextProperty can be called //  to store properties for the certificate. //-------------------------------------------------------------------------- function CertCreateCertificateContext(dwCertEncodingType

WORD;                                      pbCertEncoded

BYTE;                                      cbCertEncoded

WORD)

CCERT_CONTEXT ; stdcall; //+------------------------------------------------------------------------- //  Free a certificate context // //  There needs to be a corresponding free for each context obtained by a //  get, find, duplicate or create. //-------------------------------------------------------------------------- function CertFreeCertificateContext(pCertContext

CCERT_CONTEXT):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Set the property for the specified certificate context. // //  The type definition for pvData depends on the dwPropId value. There are //  five predefined types: //      CERT_KEY_PROV_HANDLE_PROP_ID - a HCRYPTPROV for the certificate's //      private key is passed in pvData. Updates the hCryptProv field //      of the CERT_KEY_CONTEXT_PROP_ID. If the CERT_KEY_CONTEXT_PROP_ID //      doesn't exist, its created with all the other fields zeroed out. If //      CERT_STORE_NO_CRYPT_RELEASE_FLAG isn't set, HCRYPTPROV is implicitly //      released when either the property is set to NULL or on the final //      free of the CertContext. // //      CERT_KEY_PROV_INFO_PROP_ID - a PCRYPT_KEY_PROV_INFO for the certificate's //      private key is passed in pvData. // //      CERT_SHA1_HASH_PROP_ID - //      CERT_MD5_HASH_PROP_ID  - normally, either property is implicitly //      set by doing a CertGetCertificateContextProperty. pvData points to a //      CRYPT_HASH_BLOB. // //      CERT_KEY_CONTEXT_PROP_ID - a PCERT_KEY_CONTEXT for the certificate's //      private key is passed in pvData. The CERT_KEY_CONTEXT contains both the //      hCryptProv and dwKeySpec for the private key. //      See the CERT_KEY_PROV_HANDLE_PROP_ID for more information about //      the hCryptProv field and dwFlags settings. Note, more fields may //      be added for this property. The cbSize field value will be adjusted //      accordingly. // //      CERT_KEY_SPEC_PROP_ID - the dwKeySpec for the private key. pvData //      points to a DWORD containing the KeySpec // //      CERT_ENHKEY_USAGE_PROP_ID - enhanced key usage definition for the //      certificate. pvData points to a CRYPT_DATA_BLOB containing an //      ASN.1 encoded CERT_ENHKEY_USAGE (encoded via //      CryptEncodeObject(X509_ENHANCED_KEY_USAGE). // //      CERT_NEXT_UPDATE_LOCATION_PROP_ID - location of the next update. //      Currently only applicable to CTLs. pvData points to a CRYPT_DATA_BLOB //      containing an ASN.1 encoded CERT_ALT_NAME_INFO (encoded via //      CryptEncodeObject(X509_ALTERNATE_NAME)). // //      CERT_FRIENDLY_NAME_PROP_ID - friendly name for the cert, CRL or CTL. //      pvData points to a CRYPT_DATA_BLOB. pbData is a pointer to a NULL //      terminated unicode, wide character string. //      cbData = (wcslen((LPWSTR) pbData) + 1) * sizeof(WCHAR). // //  For all the other PROP_IDs: an encoded PCRYPT_DATA_BLOB is passed in pvData. // //  If the property already exists, then, the old value is deleted and silently //  replaced. Setting, pvData to NULL, deletes the property. //-------------------------------------------------------------------------- function CertSetCertificateContextProperty(pCertContext

CCERT_CONTEXT;                                           dwPropId

WORD;                                           dwFlags

WORD;                                           pvData

VOID):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Get the property for the specified certificate context. // //  For CERT_KEY_PROV_HANDLE_PROP_ID, pvData points to a HCRYPTPROV. // //  For CERT_KEY_PROV_INFO_PROP_ID, pvData points to a CRYPT_KEY_PROV_INFO structure. //  Elements pointed to by fields in the pvData structure follow the //  structure. Therefore, *pcbData may exceed the size of the structure. // //  For CERT_KEY_CONTEXT_PROP_ID, pvData points to a CERT_KEY_CONTEXT structure. // //  For CERT_KEY_SPEC_PROP_ID, pvData points to a DWORD containing the KeySpec. //  If the CERT_KEY_CONTEXT_PROP_ID exists, the KeySpec is obtained from there. //  Otherwise, if the CERT_KEY_PROV_INFO_PROP_ID exists, its the source //  of the KeySpec. // //  For CERT_SHA1_HASH_PROP_ID or CERT_MD5_HASH_PROP_ID, if the hash //  doesn't already exist, then, its computed via CryptHashCertificate() //  and then set. pvData points to the computed hash. Normally, the length //  is 20 bytes for SHA and 16 for MD5. // //  For all other PROP_IDs, pvData points to an encoded array of bytes. //-------------------------------------------------------------------------- function CertGetCertificateContextProperty(pCertContext

CCERT_CONTEXT;                                           dwPropId

WORD;                                           pvData

VOID;                                           pcbData

DWORD):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Enumerate the properties for the specified certificate context. // //  To get the first property, set dwPropId to 0. The ID of the first //  property is returned. To get the next property, set dwPropId to the //  ID returned by the last call. To enumerate all the properties continue //  until 0 is returned. // //  CertGetCertificateContextProperty is called to get the property's data. // //  Note, since, the CERT_KEY_PROV_HANDLE_PROP_ID and CERT_KEY_SPEC_PROP_ID //  properties are stored as fields in the CERT_KEY_CONTEXT_PROP_ID //  property, they aren't enumerated individually. //-------------------------------------------------------------------------- function CertEnumCertificateContextProperties(pCertContext

CCERT_CONTEXT;                                              dwPropId

WORD)

WORD ; stdcall; //+------------------------------------------------------------------------- //  Get the first or next CRL context from the store for the specified //  issuer certificate. Perform the enabled verification checks on the CRL. // //  If the first or next CRL isn't found, NULL is returned. //  Otherwise, a pointer to a read only CRL_CONTEXT is returned. CRL_CONTEXT //  must be freed by calling CertFreeCRLContext. However, the free must be //  pPrevCrlContext on a subsequent call. CertDuplicateCRLContext //  can be called to make a duplicate. // //  The pIssuerContext may have been obtained from this store, another store //  or created by the caller application. When created by the caller, the //  CertCreateCertificateContext function must have been called. // //  If pIssuerContext == NULL, finds all the CRLs in the store. // //  An issuer may have multiple CRLs. For example, it generates delta CRLs //  using a X.509 v3 extension. pPrevCrlContext MUST BE NULL on the first //  call to get the CRL. To get the next CRL for the issuer, the //  pPrevCrlContext is set to the CRL_CONTEXT returned by a previous call. // //  NOTE: a NON-NULL pPrevCrlContext is always CertFreeCRLContext'ed by //  this function, even for an error. // //  The following flags can be set in *pdwFlags to enable verification checks //  on the returned CRL: //      CERT_STORE_SIGNATURE_FLAG     - use the public key in the //                                      issuer's certificate to verify the //                                      signature on the returned CRL. //                                      Note, if pIssuerContext->hCertStore == //                                      hCertStore, the store provider might //                                      be able to eliminate a redo of //                                      the signature verify. //      CERT_STORE_TIME_VALIDITY_FLAG - get the current time and verify that //                                      its within the CRL's ThisUpdate and //                                      NextUpdate validity period. // //  If an enabled verification check fails, then, its flag is set upon return. // //  If pIssuerContext == NULL, then, an enabled CERT_STORE_SIGNATURE_FLAG //  always fails and the CERT_STORE_NO_ISSUER_FLAG is also set. // //  For a verification check failure, a pointer to the first or next //  CRL_CONTEXT is still returned and SetLastError isn't updated. //-------------------------------------------------------------------------- function CertGetCRLFromStore(hCertStore :HCERTSTORE;                             pIssuerContext

CCERT_CONTEXT; //OPTIONAL                             pPrevCrlContext

CCRL_CONTEXT;                             pdwFlags

DWORD)

CCRL_CONTEXT ; stdcall; //+------------------------------------------------------------------------- //  Duplicate a CRL context //-------------------------------------------------------------------------- function CertDuplicateCRLContext(pCrlContext

CCRL_CONTEXT)

CCRL_CONTEXT ; stdcall; //+------------------------------------------------------------------------- //  Create a CRL context from the encoded CRL. The created //  context isn't put in a store. // //  Makes a copy of the encoded CRL in the created context. // //  If unable to decode and create the CRL context, NULL is returned. //  Otherwise, a pointer to a read only CRL_CONTEXT is returned. //  CRL_CONTEXT must be freed by calling CertFreeCRLContext. //  CertDuplicateCRLContext can be called to make a duplicate. // //  CertSetCRLContextProperty and CertGetCRLContextProperty can be called //  to store properties for the CRL. //-------------------------------------------------------------------------- function CertCreateCRLContext(dwCertEncodingType

WORD;                              pbCrlEncoded

BYTE;                              cbCrlEncoded

WORD)

CCRL_CONTEXT ; stdcall; //+------------------------------------------------------------------------- //  Free a CRL context // //  There needs to be a corresponding free for each context obtained by a //  get, duplicate or create. //-------------------------------------------------------------------------- function CertFreeCRLContext(pCrlContext

CCRL_CONTEXT):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Set the property for the specified CRL context. // //  Same Property Ids and semantics as CertSetCertificateContextProperty. //-------------------------------------------------------------------------- function CertSetCRLContextProperty(pCrlContext

CCRL_CONTEXT;                                   dwPropId

WORD;                                   dwFlags

WORD;                             const pvData

VOID):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Get the property for the specified CRL context. // //  Same Property Ids and semantics as CertGetCertificateContextProperty. // //  CERT_SHA1_HASH_PROP_ID or CERT_MD5_HASH_PROP_ID is the predefined //  property of most interest. //-------------------------------------------------------------------------- function CertGetCRLContextProperty(pCrlContext

CCRL_CONTEXT;                                   dwPropId

WORD;                                   pvData

VOID;                                   pcbData

DWORD):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Enumerate the properties for the specified CRL context. // //  To get the first property, set dwPropId to 0. The ID of the first //  property is returned. To get the next property, set dwPropId to the //  ID returned by the last call. To enumerate all the properties continue //  until 0 is returned. // //  CertGetCRLContextProperty is called to get the property's data. //-------------------------------------------------------------------------- function CertEnumCRLContextProperties(pCrlContext

CCRL_CONTEXT;                                      dwPropId

WORD)

WORD ; stdcall; //+------------------------------------------------------------------------- // Add certificate/CRL, encoded, context or element disposition values. //-------------------------------------------------------------------------- const CERT_STORE_ADD_NEW = 1; const CERT_STORE_ADD_USE_EXISTING = 2; const CERT_STORE_ADD_REPLACE_EXISTING = 3; const CERT_STORE_ADD_ALWAYS = 4; //+------------------------------------------------------------------------- //  Add the encoded certificate to the store according to the specified //  disposition action. // //  Makes a copy of the encoded certificate before adding to the store. // //  dwAddDispostion specifies the action to take if the certificate //  already exists in the store. This parameter must be one of the following //  values: //    CERT_STORE_ADD_NEW //      Fails if the certificate already exists in the store. LastError //      is set to CRYPT_E_EXISTS. //    CERT_STORE_ADD_USE_EXISTING //      If the certifcate already exists, then, its used and if ppCertContext //      is non-NULL, the existing context is duplicated. //    CERT_STORE_ADD_REPLACE_EXISTING //      If the certificate already exists, then, the existing certificate //      context is deleted before creating and adding the new context. //    CERT_STORE_ADD_ALWAYS //      No check is made to see if the certificate already exists. A //      new certificate context is always created. This may lead to //      duplicates in the store. // //  CertGetSubjectCertificateFromStore is called to determine if the //  certificate already exists in the store. // //  ppCertContext can be NULL, indicating the caller isn't interested //  in getting the CERT_CONTEXT of the added or existing certificate. //-------------------------------------------------------------------------- function CertAddEncodedCertificateToStore(hCertStore :HCERTSTORE;                                          dwCertEncodingType

WORD;                                    const pbCertEncoded

BYTE;                                          cbCertEncoded

WORD;                                          dwAddDisposition

WORD;                                      var ppCertContext

CCERT_CONTEXT):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Add the certificate context to the store according to the specified //  disposition action. // //  In addition to the encoded certificate, the context's properties are //  also copied.  Note, the CERT_KEY_CONTEXT_PROP_ID property (and its //  CERT_KEY_PROV_HANDLE_PROP_ID or CERT_KEY_SPEC_PROP_ID) isn't copied. // //  Makes a copy of the certificate context before adding to the store. // //  dwAddDispostion specifies the action to take if the certificate //  already exists in the store. This parameter must be one of the following //  values: //    CERT_STORE_ADD_NEW //      Fails if the certificate already exists in the store. LastError //      is set to CRYPT_E_EXISTS. //    CERT_STORE_ADD_USE_EXISTING //      If the certifcate already exists, then, its used and if ppStoreContext //      is non-NULL, the existing context is duplicated. Iterates //      through pCertContext's properties and only copies the properties //      that don't already exist. The SHA1 and MD5 hash properties aren't //      copied. //    CERT_STORE_ADD_REPLACE_EXISTING //      If the certificate already exists, then, the existing certificate //      context is deleted before creating and adding a new context. //      Properties are copied before doing the add. //    CERT_STORE_ADD_ALWAYS //      No check is made to see if the certificate already exists. A //      new certificate context is always created and added. This may lead to //      duplicates in the store. Properties are //      copied before doing the add. // //  CertGetSubjectCertificateFromStore is called to determine if the //  certificate already exists in the store. // //  ppStoreContext can be NULL, indicating the caller isn't interested //  in getting the CERT_CONTEXT of the added or existing certificate. //-------------------------------------------------------------------------- function CertAddCertificateContextToStore(hCertStore :HCERTSTORE;                                          pCertContext

CCERT_CONTEXT;                                          dwAddDisposition

WORD;                                      var ppStoreContext

CCERT_CONTEXT //OPTIONAL                                         &nbsp

:BOOL ; stdcall; //+------------------------------------------------------------------------- //  Certificate Store Context Types //-------------------------------------------------------------------------- const CERT_STORE_CERTIFICATE_CONTEXT = 1; const CERT_STORE_CRL_CONTEXT = 2; const CERT_STORE_CTL_CONTEXT = 3; //+------------------------------------------------------------------------- //  Certificate Store Context Bit Flags //-------------------------------------------------------------------------- const CERT_STORE_ALL_CONTEXT_FLAG = (not ULONG(0)); const CERT_STORE_CERTIFICATE_CONTEXT_FLAG = (1 shl CERT_STORE_CERTIFICATE_CONTEXT); const CERT_STORE_CRL_CONTEXT_FLAG =  (1 shl CERT_STORE_CRL_CONTEXT); const CERT_STORE_CTL_CONTEXT_FLAG = (1 shl CERT_STORE_CTL_CONTEXT); //+------------------------------------------------------------------------- //  Add the serialized certificate or CRL element to the store. // //  The serialized element contains the encoded certificate, CRL or CTL and //  its properties, such as, CERT_KEY_PROV_INFO_PROP_ID. // //  If hCertStore is NULL, creates a certificate, CRL or CTL context not //  residing in any store. // //  dwAddDispostion specifies the action to take if the certificate or CRL //  already exists in the store. See CertAddCertificateContextToStore for a //  list of and actions taken. // //  dwFlags currently isn't used and should be set to 0. // //  dwContextTypeFlags specifies the set of allowable contexts. For example, to //  add either a certificate or CRL, set dwContextTypeFlags to: //      CERT_STORE_CERTIFICATE_CONTEXT_FLAG | CERT_STORE_CRL_CONTEXT_FLAG // //  *pdwContextType is updated with the type of the context returned in //  *ppvContxt. pdwContextType or ppvContext can be NULL, indicating the //  caller isn't interested in getting the output. If *ppvContext is //  returned it must be freed by calling CertFreeCertificateContext or //  CertFreeCRLContext. //-------------------------------------------------------------------------- function CertAddSerializedElementToStore(hCertStore :HCERTSTORE;                                         pbElement

BYTE;                                         cbElement

WORD;                                         dwAddDisposition

WORD;                                         dwFlags

WORD;                                         dwContextTypeFlags

WORD;                                         pdwContextType

DWORD;                                     var ppvContext : array of PVOID):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Delete the specified certificate from the store. // //  All subsequent gets or finds for the certificate will fail. However, //  memory allocated for the certificate isn't freed until all of its contexts //  have also been freed. // //  The pCertContext is obtained from a get, enum, find or duplicate. // //  Some store provider implementations might also delete the issuer's CRLs //  if this is the last certificate for the issuer in the store. // //  NOTE: the pCertContext is always CertFreeCertificateContext'ed by //  this function, even for an error. //-------------------------------------------------------------------------- function CertDeleteCertificateFromStore(pCertContext

CCERT_CONTEXT):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Add the encoded CRL to the store according to the specified //  disposition option. // //  Makes a copy of the encoded CRL before adding to the store. // //  dwAddDispostion specifies the action to take if the CRL //  already exists in the store. See CertAddEncodedCertificateToStore for a //  list of and actions taken. // //  Compares the CRL's Issuer to determine if the CRL already exists in the //  store. // //  ppCrlContext can be NULL, indicating the caller isn't interested //  in getting the CRL_CONTEXT of the added or existing CRL. //-------------------------------------------------------------------------- function CertAddEncodedCRLToStore(hCertStore :HCERTSTORE;                                  dwCertEncodingType

WORD;                                  pbCrlEncoded

BYTE;                                  cbCrlEncoded

WORD;                                  dwAddDisposition

WORD;                              var ppCrlContext

CCRL_CONTEXT                                 &nbsp

:BOOL ; stdcall; //+------------------------------------------------------------------------- //  Add the CRL context to the store according to the specified //  disposition option. // //  In addition to the encoded CRL, the context's properties are //  also copied.  Note, the CERT_KEY_CONTEXT_PROP_ID property (and its //  CERT_KEY_PROV_HANDLE_PROP_ID or CERT_KEY_SPEC_PROP_ID) isn't copied. // //  Makes a copy of the encoded CRL before adding to the store. // //  dwAddDispostion specifies the action to take if the CRL //  already exists in the store. See CertAddCertificateContextToStore for a //  list of and actions taken. // //  Compares the CRL's Issuer, ThisUpdate and NextUpdate to determine //  if the CRL already exists in the store. // //  ppStoreContext can be NULL, indicating the caller isn't interested //  in getting the CRL_CONTEXT of the added or existing CRL. //-------------------------------------------------------------------------- function CertAddCRLContextToStore(hCertStore :HCERTSTORE;                                  pCrlContext

CCRL_CONTEXT;                                  dwAddDisposition

WORD;                              var ppStoreContext

CCRL_CONTEXT                                 &nbsp

:BOOL ; stdcall; //+------------------------------------------------------------------------- //  Delete the specified CRL from the store. // //  All subsequent gets for the CRL will fail. However, //  memory allocated for the CRL isn't freed until all of its contexts //  have also been freed. // //  The pCrlContext is obtained from a get or duplicate. // //  NOTE: the pCrlContext is always CertFreeCRLContext'ed by //  this function, even for an error. //-------------------------------------------------------------------------- function CertDeleteCRLFromStore(pCrlContext

CCRL_CONTEXT):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Serialize the certificate context's encoded certificate and its //  properties. //-------------------------------------------------------------------------- function CertSerializeCertificateStoreElement(pCertContext

CCERT_CONTEXT;                                              dwFlags

WORD;                                              pbElement

BYTE;                                              pcbElement

DWORD):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Serialize the CRL context's encoded CRL and its properties. //-------------------------------------------------------------------------- function CertSerializeCRLStoreElement(pCrlContext

CCRL_CONTEXT;                                      dwFlags

WORD;                                      pbElement

BYTE;                                      pcbElement

DWORD):BOOL ; stdcall; //+========================================================================= //  Certificate Trust List (CTL) Store Data Structures and APIs //========================================================================== //+------------------------------------------------------------------------- //  Duplicate a CTL context //-------------------------------------------------------------------------- function CertDuplicateCTLContext(pCtlContext

CCTL_CONTEXT)

CCTL_CONTEXT ; stdcall; //+------------------------------------------------------------------------- //  Create a CTL context from the encoded CTL. The created //  context isn't put in a store. // //  Makes a copy of the encoded CTL in the created context. // //  If unable to decode and create the CTL context, NULL is returned. //  Otherwise, a pointer to a read only CTL_CONTEXT is returned. //  CTL_CONTEXT must be freed by calling CertFreeCTLContext. //  CertDuplicateCTLContext can be called to make a duplicate. // //  CertSetCTLContextProperty and CertGetCTLContextProperty can be called //  to store properties for the CTL. //-------------------------------------------------------------------------- function CertCreateCTLContext(dwMsgAndCertEncodingType

WORD;                        const pbCtlEncoded

BYTE;                              cbCtlEncoded

WORD)

CCTL_CONTEXT ; stdcall; //+------------------------------------------------------------------------- //  Free a CTL context // //  There needs to be a corresponding free for each context obtained by a //  get, duplicate or create. //-------------------------------------------------------------------------- function CertFreeCTLContext(pCtlContext

CCTL_CONTEXT):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Set the property for the specified CTL context. // //  Same Property Ids and semantics as CertSetCertificateContextProperty. //-------------------------------------------------------------------------- function CertSetCTLContextProperty(pCtlContext

CCTL_CONTEXT;                                   dwPropId

WORD;                                   dwFlags

WORD;                             const pvData

VOID):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Get the property for the specified CTL context. // //  Same Property Ids and semantics as CertGetCertificateContextProperty. // //  CERT_SHA1_HASH_PROP_ID or CERT_NEXT_UPDATE_LOCATION_PROP_ID are the //  predefined properties of most interest. //-------------------------------------------------------------------------- function CertGetCTLContextProperty(pCtlContext

CCTL_CONTEXT;                                   dwPropId

WORD;                                   pvData

VOID;                                   pcbData

DWORD):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Enumerate the properties for the specified CTL context. //-------------------------------------------------------------------------- function CertEnumCTLContextProperties(pCtlContext

CCTL_CONTEXT;                                      dwPropId

WORD)

WORD ; stdcall; //+------------------------------------------------------------------------- //  Enumerate the CTL contexts in the store. // //  If a CTL isn't found, NULL is returned. //  Otherwise, a pointer to a read only CTL_CONTEXT is returned. CTL_CONTEXT //  must be freed by calling CertFreeCTLContext or is freed when passed as the //  pPrevCtlContext on a subsequent call. CertDuplicateCTLContext //  can be called to make a duplicate. // //  pPrevCtlContext MUST BE NULL to enumerate the first //  CTL in the store. Successive CTLs are enumerated by setting //  pPrevCtlContext to the CTL_CONTEXT returned by a previous call. // //  NOTE: a NON-NULL pPrevCtlContext is always CertFreeCTLContext'ed by //  this function, even for an error. //-------------------------------------------------------------------------- function CertEnumCTLsInStore(hCertStore :HCERTSTORE;                             pPrevCtlContext

CCTL_CONTEXT                             )

CCTL_CONTEXT ; stdcall; //+------------------------------------------------------------------------- //  Attempt to find the specified subject in the CTL. // //  For CTL_CERT_SUBJECT_TYPE, pvSubject points to a CERT_CONTEXT. The CTL's //  SubjectAlgorithm is examined to determine the representation of the //  subject's identity. Initially, only SHA1 or MD5 hash will be supported. //  The appropriate hash property is obtained from the CERT_CONTEXT. // //  For CTL_ANY_SUBJECT_TYPE, pvSubject points to the CTL_ANY_SUBJECT_INFO //  structure which contains the SubjectAlgorithm to be matched in the CTL //  and the SubjectIdentifer to be matched in one of the CTL entries. // //  The certificate's hash or the CTL_ANY_SUBJECT_INFO's SubjectIdentifier //  is used as the key in searching the subject entries. A binary //  memory comparison is done between the key and the entry's SubjectIdentifer. // //  dwEncodingType isn't used for either of the above SubjectTypes. //-------------------------------------------------------------------------- function CertFindSubjectInCTL(dwEncodingType

WORD;                              dwSubjectType

WORD;                              pvSubject

VOID;                              pCtlContext

CCTL_CONTEXT;                              dwFlags

WORD)

CTL_ENTRY ; stdcall; // Subject Types: //  CTL_ANY_SUBJECT_TYPE, pvSubject points to following CTL_ANY_SUBJECT_INFO. //  CTL_CERT_SUBJECT_TYPE, pvSubject points to CERT_CONTEXT. const CTL_ANY_SUBJECT_TYPE = 1; const CTL_CERT_SUBJECT_TYPE = 2; type  PCTL_ANY_SUBJECT_INFO = ^CTL_ANY_SUBJECT_INFO;  CTL_ANY_SUBJECT_INFO = record    SubjectAlgorithm :CRYPT_ALGORITHM_IDENTIFIER;    SubjectIdentifier :CRYPT_DATA_BLOB;  end; //+------------------------------------------------------------------------- //  Find the first or next CTL context in the store. // //  The CTL is found according to the dwFindType and its pvFindPara. //  See below for a list of the find types and its parameters. // //  Currently dwFindFlags isn't used and must be set to 0. // //  Usage of dwMsgAndCertEncodingType depends on the dwFindType. // //  If the first or next CTL isn't found, NULL is returned. //  Otherwise, a pointer to a read only CTL_CONTEXT is returned. CTL_CONTEXT //  must be freed by calling CertFreeCTLContext or is freed when passed as the //  pPrevCtlContext on a subsequent call. CertDuplicateCTLContext //  can be called to make a duplicate. // //  pPrevCtlContext MUST BE NULL on the first //  call to find the CTL. To find the next CTL, the //  pPrevCtlContext is set to the CTL_CONTEXT returned by a previous call. // //  NOTE: a NON-NULL pPrevCtlContext is always CertFreeCTLContext'ed by //  this function, even for an error. //-------------------------------------------------------------------------- function CertFindCTLInStore(hCertStore :HCERTSTORE;                            dwMsgAndCertEncodingType

WORD;                            dwFindFlags

WORD;                            dwFindType

WORD;                      const pvFindPara

VOID;                            pPrevCtlContext

CCTL_CONTEXT)

CCTL_CONTEXT ; stdcall; const CTL_FIND_ANY = 0; const CTL_FIND_SHA1_HASH = 1; const CTL_FIND_MD5_HASH = 2; const CTL_FIND_USAGE = 3; const CTL_FIND_SUBJECT = 4; type  PCTL_FIND_USAGE_PARA = ^CTL_FIND_USAGE_PARA;  CTL_FIND_USAGE_PARA = record    cbSize

WORD;    SubjectUsage :CTL_USAGE;         // optional    ListIdentifier :CRYPT_DATA_BLOB; // optional    pSigner

CERT_INFO;             // optional  end; const CTL_FIND_NO_LIST_ID_CBDATA = $FFFFFFFF; const CTL_FIND_NO_SIGNER_PTR     = (PCERT_INFO($FFFFFFFF)); const CTL_FIND_SAME_USAGE_FLAG   = $1; type  PCTL_FIND_SUBJECT_PARA = ^CTL_FIND_SUBJECT_PARA;  CTL_FIND_SUBJECT_PARA = record    cbSize

WORD;    pUsagePara

CTL_FIND_USAGE_PARA; // optional    dwSubjectType

WORD;    pvSubject

VOID;  end; //+------------------------------------------------------------------------- //  CTL_FIND_ANY // //  Find any CTL. // //  pvFindPara isn't used. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CTL_FIND_SHA1_HASH //  CTL_FIND_MD5_HASH // //  Find a CTL with the specified hash. // //  pvFindPara points to a CRYPT_HASH_BLOB. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CTL_FIND_USAGE // //  Find a CTL having the specified usage identifiers, list identifier or //  signer. The CertEncodingType of the signer is obtained from the //  dwMsgAndCertEncodingType parameter. // //  pvFindPara points to a CTL_FIND_USAGE_PARA data structure. The //  SubjectUsage.cUsageIdentifer can be 0 to match any usage. The //  ListIdentifier.cbData can be 0 to match any list identifier. To only match //  CTLs without a ListIdentifier, cbData must be set to //  CTL_FIND_NO_LIST_ID_CBDATA. pSigner can be NULL to match any signer. Only //  the Issuer and SerialNumber fields of the pSigner's PCERT_INFO are used. //  To only match CTLs without a signer, pSigner must be set to //  CTL_FIND_NO_SIGNER_PTR. // //  The CTL_FIND_SAME_USAGE_FLAG can be set in dwFindFlags to //  only match CTLs with the same usage identifiers. CTLs having additional //  usage identifiers aren't matched. For example, if only "1.2.3" is specified //  in CTL_FIND_USAGE_PARA, then, for a match, the CTL must only contain //  "1.2.3" and not any additional usage identifers. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  CTL_FIND_SUBJECT // //  Find a CTL having the specified subject. CertFindSubjectInCTL can be //  called to get a pointer to the subject's entry in the CTL.  pUsagePara can //  optionally be set to enable the above CTL_FIND_USAGE matching. // //  pvFindPara points to a CTL_FIND_SUBJECT_PARA data structure. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  Add the encoded CTL to the store according to the specified //  disposition option. // //  Makes a copy of the encoded CTL before adding to the store. // //  dwAddDispostion specifies the action to take if the CTL //  already exists in the store. See CertAddEncodedCertificateToStore for a //  list of and actions taken. // //  Compares the CTL's SubjectUsage, ListIdentifier and any of its signers //  to determine if the CTL already exists in the store. // //  ppCtlContext can be NULL, indicating the caller isn't interested //  in getting the CTL_CONTEXT of the added or existing CTL. //-------------------------------------------------------------------------- function CertAddEncodedCTLToStore(hCertStore :HCERTSTORE;                                  dwMsgAndCertEncodingType

WORD;                            const pbCtlEncoded

BYTE;                                  cbCtlEncoded

WORD;                                  dwAddDisposition

WORD;                              var ppCtlContext

CCTL_CONTEXT //OPTIONAL                                 &nbsp

:BOOL ; stdcall; //+------------------------------------------------------------------------- //  Add the CTL context to the store according to the specified //  disposition option. // //  In addition to the encoded CTL, the context's properties are //  also copied.  Note, the CERT_KEY_CONTEXT_PROP_ID property (and its //  CERT_KEY_PROV_HANDLE_PROP_ID or CERT_KEY_SPEC_PROP_ID) isn't copied. // //  Makes a copy of the encoded CTL before adding to the store. // //  dwAddDispostion specifies the action to take if the CTL //  already exists in the store. See CertAddCertificateContextToStore for a //  list of and actions taken. // //  Compares the CTL's SubjectUsage, ListIdentifier and any of its signers //  to determine if the CTL already exists in the store. // //  ppStoreContext can be NULL, indicating the caller isn't interested //  in getting the CTL_CONTEXT of the added or existing CTL. //-------------------------------------------------------------------------- function CertAddCTLContextToStore(hCertStore :HCERTSTORE;                                  pCtlContext

CCTL_CONTEXT;                                  dwAddDisposition

WORD;                              var ppStoreContext

CCTL_CONTEXT                                 &nbsp

:BOOL ; stdcall; //+------------------------------------------------------------------------- //  Serialize the CTL context's encoded CTL and its properties. //-------------------------------------------------------------------------- function CertSerializeCTLStoreElement(pCtlContext

CCTL_CONTEXT;                                      dwFlags

WORD;                                      pbElement

BYTE;                                      pcbElement

DWORD):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Delete the specified CTL from the store. // //  All subsequent gets for the CTL will fail. However, //  memory allocated for the CTL isn't freed until all of its contexts //  have also been freed. // //  The pCtlContext is obtained from a get or duplicate. // //  NOTE: the pCtlContext is always CertFreeCTLContext'ed by //  this function, even for an error. //-------------------------------------------------------------------------- function CertDeleteCTLFromStore(pCtlContext

CCTL_CONTEXT):BOOL ; stdcall; //+========================================================================= //  Enhanced Key Usage Helper Functions //========================================================================== //+------------------------------------------------------------------------- //  Get the enhanced key usage extension or property from the certificate //  and decode. // //  If the CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG is set, then, only get the //  extension. // //  If the CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG is set, then, only get the //  property. //-------------------------------------------------------------------------- function CertGetEnhancedKeyUsage(pCertContext

CCERT_CONTEXT;                                 dwFlags

WORD;                                 pUsage

CERT_ENHKEY_USAGE;                                 pcbUsage

DWORD):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Set the enhanced key usage property for the certificate. //-------------------------------------------------------------------------- function CertSetEnhancedKeyUsage(pCertContext

CCERT_CONTEXT;                                 pUsage

CERT_ENHKEY_USAGE                                 ):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Add the usage identifier to the certificate's enhanced key usage property. //-------------------------------------------------------------------------- function CertAddEnhancedKeyUsageIdentifier(pCertContext

CCERT_CONTEXT;                                           pszUsageIdentifier :LPCSTR                                           ):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Remove the usage identifier from the certificate's enhanced key usage //  property. //-------------------------------------------------------------------------- function CertRemoveEnhancedKeyUsageIdentifier(pCertContext

CCERT_CONTEXT;                                              pszUsageIdentifier :LPCSTR                                             &nbsp

:BOOL ; stdcall; //+========================================================================= //  Cryptographic Message helper functions for verifying and signing a //  CTL. //========================================================================== //+------------------------------------------------------------------------- //  Get and verify the signer of a cryptographic message. // //  To verify a CTL, the hCryptMsg is obtained from the CTL_CONTEXT's //  hCryptMsg field. // //  If CMSG_TRUSTED_SIGNER_FLAG is set, then, treat the Signer stores as being //  trusted and only search them to find the certificate corresponding to the //  signer's issuer and serial number.  Otherwise, the SignerStores are //  optionally provided to supplement the message's store of certificates. //  If a signer certificate is found, its public key is used to verify //  the message signature. The CMSG_SIGNER_ONLY_FLAG can be set to //  return the signer without doing the signature verify. // //  If CMSG_USE_SIGNER_INDEX_FLAG is set, then, only get the signer specified //  by *pdwSignerIndex. Otherwise, iterate through all the signers //  until a signer verifies or no more signers. // //  For a verified signature, *ppSigner is updated with certificate context //  of the signer and *pdwSignerIndex is updated with the index of the signer. //  ppSigner and/or pdwSignerIndex can be NULL, indicating the caller isn't //  interested in getting the CertContext and/or index of the signer. //-------------------------------------------------------------------------- function CryptMsgGetAndVerifySigner(hCryptMsg :HCRYPTMSG;                                    cSignerStore

WORD;                                var rghSignerStore :HCERTSTORE;                                    dwFlags

WORD;                                var ppSigner

CCERT_CONTEXT;                                    pdwSignerIndex

DWORD):BOOL ; stdcall; const CMSG_TRUSTED_SIGNER_FLAG   = $1; const CMSG_SIGNER_ONLY_FLAG      = $2; const CMSG_USE_SIGNER_INDEX_FLAG = $4; //+------------------------------------------------------------------------- //  Sign an encoded CTL. // //  The pbCtlContent can be obtained via a CTL_CONTEXT's pbCtlContent //  field or via a CryptEncodeObject(PKCS_CTL). //-------------------------------------------------------------------------- function CryptMsgSignCTL(dwMsgEncodingType

WORD;                         pbCtlContent

BYTE;                         cbCtlContent

WORD;                         pSignInfo

CMSG_SIGNED_ENCODE_INFO;                         dwFlags

WORD;                         pbEncoded

BYTE;                         pcbEncoded

DWORD):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Encode the CTL and create a signed message containing the encoded CTL. //-------------------------------------------------------------------------- function CryptMsgEncodeAndSignCTL(dwMsgEncodingType

WORD;                                  pCtlInfo

CTL_INFO;                                  pSignInfo

CMSG_SIGNED_ENCODE_INFO;                                  dwFlags

WORD;                                  pbEncoded

BYTE;                                  pcbEncoded

DWORD):BOOL ; stdcall; //+========================================================================= //  Certificate Verify CTL Usage Data Structures and APIs //========================================================================== type  PHCERTSTORE = ^HCERTSTORE; type  PCTL_VERIFY_USAGE_PARA = ^CTL_VERIFY_USAGE_PARA;  CTL_VERIFY_USAGE_PARA = record    cbSize

WORD;    ListIdentifier :CRYPT_DATA_BLOB;// OPTIONAL    cCtlStore

WORD;    rghCtlStore

HCERTSTORE;       // OPTIONAL    cSignerStore

WORD;    rghSignerStore

HCERTSTORE;    // OPTIONAL  end; type  PCTL_VERIFY_USAGE_STATUS = ^CTL_VERIFY_USAGE_STATUS;  CTL_VERIFY_USAGE_STATUS = record    cbSize

WORD;    dwError

WORD;    dwFlags

WORD;    ppCtl

PCCTL_CONTEXT;             // IN OUT OPTIONAL    dwCtlEntryIndex

WORD;    ppSigner

PCCERT_CONTEXT ;        // IN OUT OPTIONAL    dwSignerIndex

WORD;  end; const CERT_VERIFY_INHIBIT_CTL_UPDATE_FLAG = $1; const CERT_VERIFY_TRUSTED_SIGNERS_FLAG = $2; const CERT_VERIFY_NO_TIME_CHECK_FLAG = $4; const CERT_VERIFY_ALLOW_MORE_USAGE_FLAG = $8; const CERT_VERIFY_UPDATED_CTL_FLAG = $1; //+------------------------------------------------------------------------- //  Verify that a subject is trusted for the specified usage by finding a //  signed and time valid CTL with the usage identifiers and containing the //  the subject. A subject can be identified by either its certificate context //  or any identifier such as its SHA1 hash. // //  See CertFindSubjectInCTL for definition of dwSubjectType and pvSubject //  parameters. // //  Via pVerifyUsagePara, the caller can specify the stores to be searched //  to find the CTL. The caller can also specify the stores containing //  acceptable CTL signers. By setting the ListIdentifier, the caller //  can also restrict to a particular signer CTL list. // //  Via pVerifyUsageStatus, the CTL containing the subject, the subject's //  index into the CTL's array of entries, and the signer of the CTL //  are returned. If the caller is not interested, ppCtl and ppSigner can be set //  to NULL. Returned contexts must be freed via the store's free context APIs. // //  If the CERT_VERIFY_INHIBIT_CTL_UPDATE_FLAG isn't set, then, a time //  invalid CTL in one of the CtlStores may be replaced. When replaced, the //  CERT_VERIFY_UPDATED_CTL_FLAG is set in pVerifyUsageStatus->dwFlags. // //  If the CERT_VERIFY_TRUSTED_SIGNERS_FLAG is set, then, only the //  SignerStores specified in pVerifyUsageStatus are searched to find //  the signer. Otherwise, the SignerStores provide additional sources //  to find the signer's certificate. // //  If CERT_VERIFY_NO_TIME_CHECK_FLAG is set, then, the CTLs aren't checked //  for time validity. // //  If CERT_VERIFY_ALLOW_MORE_USAGE_FLAG is set, then, the CTL may contain //  additional usage identifiers than specified by pSubjectUsage. Otherwise, //  the found CTL will contain the same usage identifers and no more. // //  CertVerifyCTLUsage will be implemented as a dispatcher to OID installable //  functions. First, it will try to find an OID function matching the first //  usage object identifier in the pUsage sequence. Next, it will dispatch //  to the default CertDllVerifyCTLUsage functions. // //  If the subject is trusted for the specified usage, then, TRUE is //  returned. Otherwise, FALSE is returned with dwError set to one of the //  following: //      CRYPT_E_NO_VERIFY_USAGE_DLL //      CRYPT_E_NO_VERIFY_USAGE_CHECK //      CRYPT_E_VERIFY_USAGE_OFFLINE //      CRYPT_E_NOT_IN_CTL //      CRYPT_E_NO_TRUSTED_SIGNER //-------------------------------------------------------------------------- function CertVerifyCTLUsage(dwEncodingType

WORD;                            dwSubjectType

WORD;                            pvSubject

VOID;                            pSubjectUsage

CTL_USAGE;                            dwFlags

WORD;                            pVerifyUsagePara

CTL_VERIFY_USAGE_PARA;                            pVerifyUsageStatus

CTL_VERIFY_USAGE_STATUS                           &nbsp

:BOOL ; stdcall; //+========================================================================= //  Certificate Revocation Data Structures and APIs //========================================================================== //+------------------------------------------------------------------------- //  The following data structure may be passed to CertVerifyRevocation to //  assist in finding the issuer of the context to be verified. // //  When pIssuerCert is specified, pIssuerCert is the issuer of //  rgpvContext[cContext - 1]. // //  When cCertStore and rgCertStore are specified, these stores may contain //  an issuer certificate. //-------------------------------------------------------------------------- type  PCERT_REVOCATION_PARA = ^CERT_REVOCATION_PARA;  CERT_REVOCATION_PARA = record    cbSize

WORD;    pIssuerCert

CCERT_CONTEXT;    cCertStore

WORD;    rgCertStore

HCERTSTORE ;  end; //+------------------------------------------------------------------------- //  The following data structure is returned by CertVerifyRevocation to //  specify the status of the revoked or unchecked context. Review the //  following CertVerifyRevocation comments for details. // //  Upon input to CertVerifyRevocation, cbSize must be set to a size //  >= sizeof(CERT_REVOCATION_STATUS). Otherwise, CertVerifyRevocation //  returns FALSE and sets LastError to E_INVALIDARG. // //  Upon input to the installed or registered CRYPT_OID_VERIFY_REVOCATION_FUNC //  functions, the dwIndex, dwError and dwReason have been zero'ed. //-------------------------------------------------------------------------- type  PCERT_REVOCATION_STATUS = ^CERT_REVOCATION_STATUS;  CERT_REVOCATION_STATUS = record    cbSize

WORD;    dwIndex

WORD;    dwError

WORD;    dwReason

WORD;  end; //+------------------------------------------------------------------------- //  Verifies the array of contexts for revocation. The dwRevType parameter //  indicates the type of the context data structure passed in rgpvContext. //  Currently only the revocation of certificates is defined. // //  If the CERT_VERIFY_REV_CHAIN_FLAG flag is set, then, CertVerifyRevocation //  is verifying a chain of certs where, rgpvContext[i + 1] is the issuer //  of rgpvContext. Otherwise, CertVerifyRevocation makes no assumptions //  about the order of the contexts. // //  To assist in finding the issuer, the pRevPara may optionally be set. See //  the CERT_REVOCATION_PARA data structure for details. // //  The contexts must contain enough information to allow the //  installable or registered revocation DLLs to find the revocation server. For //  certificates, this information would normally be conveyed in an //  extension such as the IETF's AuthorityInfoAccess extension. // //  CertVerifyRevocation returns TRUE if all of the contexts were successfully //  checked and none were revoked. Otherwise, returns FALSE and updates the //  returned pRevStatus data structure as follows: //    dwIndex //      Index of the first context that was revoked or unable to //      be checked for revocation //    dwError //      Error status. LastError is also set to this error status. //      dwError can be set to one of the following error codes defined //      in winerror.h: //        ERROR_SUCCESS - good context //        CRYPT_E_REVOKED - context was revoked. dwReason contains the //           reason for revocation //        CRYPT_E_REVOCATION_OFFLINE - unable to connect to the //           revocation server //        CRYPT_E_NOT_IN_REVOCATION_DATABASE - the context to be checked //           was not found in the revocation server's database. //        CRYPT_E_NO_REVOCATION_CHECK - the called revocation function //           wasn't able to do a revocation check on the context //        CRYPT_E_NO_REVOCATION_DLL - no installed or registered Dll was //           found to verify revocation //    dwReason //      The dwReason is currently only set for CRYPT_E_REVOKED and contains //      the reason why the context was revoked. May be one of the following //      CRL reasons defined by the CRL Reason Code extension ("2.5.29.21&quot //          CRL_REASON_UNSPECIFIED              0 //          CRL_REASON_KEY_COMPROMISE           1 //          CRL_REASON_CA_COMPROMISE            2 //          CRL_REASON_AFFILIATION_CHANGED      3 //          CRL_REASON_SUPERSEDED               4 //          CRL_REASON_CESSATION_OF_OPERATION   5 //          CRL_REASON_CERTIFICATE_HOLD         6 // //  For each entry in rgpvContext, CertVerifyRevocation iterates //  through the CRYPT_OID_VERIFY_REVOCATION_FUNC //  function set's list of installed DEFAULT functions. //  CryptGetDefaultOIDFunctionAddress is called with pwszDll = NULL. If no //  installed functions are found capable of doing the revocation verification, //  CryptVerifyRevocation iterates through CRYPT_OID_VERIFY_REVOCATION_FUNC's //  list of registered DEFAULT Dlls. CryptGetDefaultOIDDllList is called to //  get the list. CryptGetDefaultOIDFunctionAddress is called to load the Dll. // //  The called functions have the same signature as CertVerifyRevocation. A //  called function returns TRUE if it was able to successfully check all of //  the contexts and none were revoked. Otherwise, the called function returns //  FALSE and updates pRevStatus. dwIndex is set to the index of //  the first context that was found to be revoked or unable to be checked. //  dwError and LastError are updated. For CRYPT_E_REVOKED, dwReason //  is updated. Upon input to the called function, dwIndex, dwError and //  dwReason have been zero'ed. cbSize has been checked to be >= //  sizeof(CERT_REVOCATION_STATUS). // //  If the called function returns FALSE, and dwError isn't set to //  CRYPT_E_REVOKED, then, CertVerifyRevocation either continues on to the //  next DLL in the list for a returned dwIndex of 0 or for a returned //  dwIndex > 0, restarts the process of finding a verify function by //  advancing the start of the context array to the returned dwIndex and //  decrementing the count of remaining contexts. //-------------------------------------------------------------------------- function CertVerifyRevocation(dwEncodingType WORD;                              dwRevType WORD;                              cContext WORD;                              rgpvContext :array of PVOID;                              dwFlags WORD;                              pRevPara CERT_REVOCATION_PARA;                              pRevStatus CERT_REVOCATION_STATUS                             &nbsp:BOOL ; stdcall; //+------------------------------------------------------------------------- //  Revocation types //-------------------------------------------------------------------------- const CERT_CONTEXT_REVOCATION_TYPE = 1; //+------------------------------------------------------------------------- //  When the following flag is set, rgpvContext[] consists of a chain //  of certificates, where rgpvContext[i + 1] is the issuer of rgpvContext. //-------------------------------------------------------------------------- const CERT_VERIFY_REV_CHAIN_FLAG = $1; //+------------------------------------------------------------------------- //  CERT_CONTEXT_REVOCATION_TYPE // //  pvContext points to a const CERT_CONTEXT. //-------------------------------------------------------------------------- //+========================================================================= //  Certificate Helper APIs //========================================================================== //+------------------------------------------------------------------------- //  Compare two multiple byte integer blobs to see if they are identical. // //  Before doing the comparison, leading zero bytes are removed from a //  positive number and leading 0xFF bytes are removed from a negative //  number. // //  The multiple byte integers are treated as Little Endian. pbData[0] is the //  least significant byte and pbData[cbData - 1] is the most significant //  byte. // //  Returns TRUE if the integer blobs are identical after removing leading //  0 or 0xFF bytes. //-------------------------------------------------------------------------- function CertCompareIntegerBlob(pInt1 CRYPT_INTEGER_BLOB;                                pInt2 CRYPT_INTEGER_BLOB                               &nbsp:BOOL ; stdcall; //+------------------------------------------------------------------------- //  Compare two certificates to see if they are identical. // //  Since a certificate is uniquely identified by its Issuer and SerialNumber, //  these are the only fields needing to be compared. // //  Returns TRUE if the certificates are identical. //-------------------------------------------------------------------------- function CertCompareCertificate(dwCertEncodingType WORD;                                pCertId1 CERT_INFO;                                pCertId2 CERT_INFO):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Compare two certificate names to see if they are identical. // //  Returns TRUE if the names are identical. //-------------------------------------------------------------------------- function CertCompareCertificateName(dwCertEncodingType WORD;                                    pCertName1 CERT_NAME_BLOB;                                    pCertName2 CERT_NAME_BLOB):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Compare the attributes in the certificate name with the specified //  Relative Distinguished Name's (CERT_RDN) array of attributes. //  The comparison iterates through the CERT_RDN attributes and looks for an //  attribute match in any of the certificate name's RDNs. //  Returns TRUE if all the attributes are found and match. // //  The CERT_RDN_ATTR fields can have the following special values: //    pszObjId == NULL              - ignore the attribute object identifier //    dwValueType == RDN_ANY_TYPE   - ignore the value type // //  Currently only an exact, case sensitive match is supported. // //  CERT_UNICODE_IS_RDN_ATTRS_FLAG should be set if the pRDN was initialized //  with unicode strings as for CryptEncodeObject(X509_UNICODE_NAME). //-------------------------------------------------------------------------- function CertIsRDNAttrsInCertificateName(dwCertEncodingType WORD;                                         dwFlags WORD;                                         pCertName CERT_NAME_BLOB;                                         pRDN CERT_RDN):BOOL ; stdcall; const CERT_UNICODE_IS_RDN_ATTRS_FLAG = $1; //+------------------------------------------------------------------------- //  Compare two public keys to see if they are identical. // //  Returns TRUE if the keys are identical. //-------------------------------------------------------------------------- function CertComparePublicKeyInfo(dwCertEncodingType WORD;                                  pPublicKey1 CERT_PUBLIC_KEY_INFO;                                  pPublicKey2 CERT_PUBLIC_KEY_INFO                                 &nbsp:BOOL ; stdcall; //+------------------------------------------------------------------------- //  Get the public/private key's bit length. // //  Returns 0 if unable to determine the key's length. //-------------------------------------------------------------------------- function CertGetPublicKeyLength(dwCertEncodingType WORD;                                pPublicKey CERT_PUBLIC_KEY_INFO                               &nbspWORD ; stdcall; //+------------------------------------------------------------------------- //  Verify the signature of a subject certificate or a CRL using the //  public key info // //  Returns TRUE for a valid signature. // //  hCryptProv specifies the crypto provider to use to verify the signature. //  It doesn't need to use a private key. //-------------------------------------------------------------------------- function CryptVerifyCertificateSignature(hCryptProv :HCRYPTPROV;                                         dwCertEncodingType WORD;                                   const pbEncoded BYTE;                                         cbEncoded WORD;                                         pPublicKey CERT_PUBLIC_KEY_INFO                                         ):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Compute the hash of the "to be signed" information in the encoded //  signed content (CERT_SIGNED_CONTENT_INFO). // //  hCryptProv specifies the crypto provider to use to compute the hash. //  It doesn't need to use a private key. //-------------------------------------------------------------------------- function CryptHashToBeSigned(hCryptProv :HCRYPTPROV;                             dwCertEncodingType WORD;                       const pbEncoded BYTE;                             cbEncoded WORD;                             pbComputedHash BYTE;                             pcbComputedHash DWORD):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Hash the encoded content. // //  hCryptProv specifies the crypto provider to use to compute the hash. //  It doesn't need to use a private key. // //  Algid specifies the CAPI hash algorithm to use. If Algid is 0, then, the //  default hash algorithm (currently SHA1) is used. //-------------------------------------------------------------------------- function CryptHashCertificate(hCryptProv :HCRYPTPROV;                              Algid :ALG_ID;                              dwFlags WORD;                        const pbEncoded BYTE;                              cbEncoded WORD;                              pbComputedHash BYTE;                              pcbComputedHash DWORD):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Sign the "to be signed" information in the encoded signed content. // //  hCryptProv specifies the crypto provider to use to do the signature. //  It uses the specified private key. //-------------------------------------------------------------------------- function CryptSignCertificate(hCryptProv :HCRYPTPROV;                              dwKeySpec WORD;                              dwCertEncodingType WORD;                        const pbEncodedToBeSigned BYTE;                              cbEncodedToBeSigned WORD;                              pSignatureAlgorithm CRYPT_ALGORITHM_IDENTIFIER;                        const pvHashAuxInfo VOID;                              pbSignature BYTE;                              pcbSignatureDWORD):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Encode the "to be signed" information. Sign the encoded "to be signed". //  Encode the "to be signed" and the signature. // //  hCryptProv specifies the crypto provider to use to do the signature. //  It uses the specified private key. //-------------------------------------------------------------------------- function CryptSignAndEncodeCertificate(hCryptProv :HCRYPTPROV;                                       dwKeySpec WORD;                                       dwCertEncodingType WORD;                                 const lpszStructType :LPCSTR; // "to be signed"                                       pvStructInfo VOID;                                       pSignatureAlgorithm CRYPT_ALGORITHM_IDENTIFIER;                                 const pvHashAuxInfo VOID;                                       pbEncoded BYTE;                                       pcbEncoded DWORD):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Verify the time validity of a certificate. // //  Returns -1 if before NotBefore, +1 if after NotAfter and otherwise 0 for //  a valid certificate // //  If pTimeToVerify is NULL, uses the current time. //-------------------------------------------------------------------------- function CertVerifyTimeValidity(pTimeToVerify FILETIME;                                pCertInfo CERT_INFO):LONG ; stdcall; //+------------------------------------------------------------------------- //  Verify the time validity of a CRL. // //  Returns -1 if before ThisUpdate, +1 if after NextUpdate and otherwise 0 for //  a valid CRL // //  If pTimeToVerify is NULL, uses the current time. //-------------------------------------------------------------------------- function CertVerifyCRLTimeValidity(pTimeToVerify FILETIME;                                   pCrlInfo CRL_INFO):LONG ; stdcall; //+------------------------------------------------------------------------- //  Verify that the subject's time validity nests within the issuer's time //  validity. // //  Returns TRUE if it nests. Otherwise, returns FALSE. //-------------------------------------------------------------------------- function CertVerifyValidityNesting(pSubjectInfo CERT_INFO;                                   pIssuerInfo CERT_INFO):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Verify that the subject certificate isn't on its issuer CRL. // //  Returns true if the certificate isn't on the CRL. //-------------------------------------------------------------------------- function CertVerifyCRLRevocation(dwCertEncodingType WORD;                                 pCertId CERT_INFO;    // Only the Issuer and SerialNumber                                 cCrlInfo WORD;        // fields are used                                 rgpCrlInfo :array of PCRL_INFO):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Convert the CAPI AlgId to the ASN.1 Object Identifier string // //  Returns NULL if there isn't an ObjId corresponding to the AlgId. //-------------------------------------------------------------------------- function CertAlgIdToOID(dwAlgId WORD):LPCSTR ; stdcall; //+------------------------------------------------------------------------- //  Convert the ASN.1 Object Identifier string to the CAPI AlgId. // //  Returns 0 if there isn't an AlgId corresponding to the ObjId. //-------------------------------------------------------------------------- function CertOIDToAlgId(pszObjId :LPCSTR)WORD ; stdcall; //+------------------------------------------------------------------------- //  Find an extension identified by its Object Identifier. // //  If found, returns pointer to the extension. Otherwise, returns NULL. //-------------------------------------------------------------------------- function CertFindExtension(pszObjId :LPCSTR;                           cExtensions WORD;                           rgExtensions :array of CERT_EXTENSION)CERT_EXTENSION ; stdcall; //+------------------------------------------------------------------------- //  Find the first attribute identified by its Object Identifier. // //  If found, returns pointer to the attribute. Otherwise, returns NULL. //-------------------------------------------------------------------------- function CertFindAttribute(pszObjId :LPCSTR;                           cAttr WORD;                           rgAttr :array of CRYPT_ATTRIBUTE)CRYPT_ATTRIBUTE ; stdcall; //+------------------------------------------------------------------------- //  Find the first CERT_RDN attribute identified by its Object Identifier in //  the name's list of Relative Distinguished Names. // //  If found, returns pointer to the attribute. Otherwise, returns NULL. //-------------------------------------------------------------------------- function CertFindRDNAttr(pszObjId :LPCSTR;                         pName CERT_NAME_INFO )CERT_RDN_ATTR ; stdcall; //+------------------------------------------------------------------------- //  Get the intended key usage bytes from the certificate. // //  If the certificate doesn't have any intended key usage bytes, returns FALSE //  and *pbKeyUsage is zeroed. Otherwise, returns TRUE and up through //  cbKeyUsage bytes are copied into *pbKeyUsage. Any remaining uncopied //  bytes are zeroed. //-------------------------------------------------------------------------- function CertGetIntendedKeyUsage(dwCertEncodingType WORD;                                 pCertInfo CERT_INFO;                                 pbKeyUsage BYTE;                                 cbKeyUsage WORD):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Export the public key info associated with the provider's corresponding //  private key. // //  Calls CryptExportPublicKeyInfo with pszPublicKeyObjId = szOID_RSA_RSA, //  dwFlags = 0 and pvAuxInfo = NULL. //-------------------------------------------------------------------------- function CryptExportPublicKeyInfo(hCryptProv :HCRYPTPROV;                                  dwKeySpec WORD;                                  dwCertEncodingType WORD;                                  pInfo CERT_PUBLIC_KEY_INFO;                                  pcbInfo DWORD):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Export the public key info associated with the provider's corresponding //  private key. // //  Uses the dwCertEncodingType and pszPublicKeyObjId to call the //  installable CRYPT_OID_EXPORT_PUBLIC_KEY_INFO_FUNC. The called function //  has the same signature as CryptExportPublicKeyInfoEx. // //  If unable to find an installable OID function for the pszPublicKeyObjId, //  attempts to export as a RSA Public Key (szOID_RSA_RSA). // //  The dwFlags and pvAuxInfo aren't used for szOID_RSA_RSA. //-------------------------------------------------------------------------- const CRYPT_OID_EXPORT_PUBLIC_KEY_INFO_FUNC = 'CryptDllExportPublicKeyInfoEx'; function CryptExportPublicKeyInfoEx(hCryptProv :HCRYPTPROV;                                    dwKeySpec WORD;                                    dwCertEncodingType WORD;                                    pszPublicKeyObjId :LPSTR;                                    dwFlags WORD;                                    pvAuxInfo VOID;                                    pInfo CERT_PUBLIC_KEY_INFO;                                    pcbInfo DWORD):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Convert and import the public key info into the provider and return a //  handle to the public key. // //  Calls CryptImportPublicKeyInfoEx with aiKeyAlg = 0, dwFlags = 0 and //  pvAuxInfo = NULL. //-------------------------------------------------------------------------- function CryptImportPublicKeyInfo(hCryptProv :HCRYPTPROV;                                  dwCertEncodingType WORD;                                  pInfo CERT_PUBLIC_KEY_INFO;                                  phKey HCRYPTKEY):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Convert and import the public key info into the provider and return a //  handle to the public key. // //  Uses the dwCertEncodingType and pInfo->Algorithm.pszObjId to call the //  installable CRYPT_OID_IMPORT_PUBLIC_KEY_INFO_FUNC. The called function //  has the same signature as CryptImportPublicKeyInfoEx. // //  If unable to find an installable OID function for the pszObjId, //  attempts to import as a RSA Public Key (szOID_RSA_RSA). // //  For szOID_RSA_RSA: aiKeyAlg may be set to CALG_RSA_SIGN or CALG_RSA_KEYX. //  Defaults to CALG_RSA_KEYX. The dwFlags and pvAuxInfo aren't used. //-------------------------------------------------------------------------- const CRYPT_OID_IMPORT_PUBLIC_KEY_INFO_FUNC = 'CryptDllImportPublicKeyInfoEx'; function CryptImportPublicKeyInfoEx(hCryptProv :HCRYPTPROV;                                    dwCertEncodingType WORD;                                    pInfo CERT_PUBLIC_KEY_INFO;                                    aiKeyAlg :ALG_ID;                                    dwFlags WORD;                                    pvAuxInfo VOID;                                    phKey HCRYPTKEY                                   &nbsp:BOOL ; stdcall; //+------------------------------------------------------------------------- //  Compute the hash of the encoded public key info. // //  The public key info is encoded and then hashed. //-------------------------------------------------------------------------- function CryptHashPublicKeyInfo(hCryptProv :HCRYPTPROV;                                Algid :ALG_ID;                                dwFlags WORD;                                dwCertEncodingType WORD;                                pInfo CERT_PUBLIC_KEY_INFO;                                pbComputedHash BYTE;                                pcbComputedHash DWORD):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Convert a Name Value to a null terminated char string // //  Returns the number of characters converted including the terminating null //  character. If psz is NULL or csz is 0, returns the required size of the //  destination string (including the terminating null char). // //  If psz != NULL && csz != 0, returned psz is always NULL terminated. // //  Note: csz includes the NULL char. //-------------------------------------------------------------------------- function CertRDNValueToStrA(dwValueType WORD;                            pValue CERT_RDN_VALUE_BLOB;                            psz :LPSTR;                   //OPTIONAL                            csz WORD)WORD ; stdcall; //+------------------------------------------------------------------------- //  Convert a Name Value to a null terminated char string // //  Returns the number of characters converted including the terminating null //  character. If psz is NULL or csz is 0, returns the required size of the //  destination string (including the terminating null char). // //  If psz != NULL && csz != 0, returned psz is always NULL terminated. // //  Note: csz includes the NULL char. //-------------------------------------------------------------------------- function CertRDNValueToStrW(dwValueType WORD;                            pValue CERT_RDN_VALUE_BLOB;                            psz :LPWSTR;                   //OPTIONAL                            csz WORD)WORD ; stdcall; function CertRDNValueToStr(dwValueType WORD;                           pValue CERT_RDN_VALUE_BLOB;                           psz :LPAWSTR;     //OPTIONAL                           csz WORD)WORD ; stdcall; //+------------------------------------------------------------------------- //  Convert the certificate name blob to a null terminated char string. // //  Follows the string representation of distinguished names specified in //  RFC 1779. (Note, added double quoting "" for embedded quotes, quote //  empty strings and don't quote strings containing consecutive spaces). //  RDN values of type CERT_RDN_ENCODED_BLOB or CERT_RDN_OCTET_STRING are //  formatted in hexadecimal (e.g. #0A56CF). // //  The name string is formatted according to the dwStrType: //    CERT_SIMPLE_NAME_STR //      The object identifiers are discarded. CERT_RDN entries are separated //      by ", ". Multiple attributes per CERT_RDN are separated by " + ". //      For example: //          Microsoft, Joe Cool + Programmer //    CERT_OID_NAME_STR //      The object identifiers are included with a "=" separator from their //      attribute value. CERT_RDN entries are separated by ", ". //      Multiple attributes per CERT_RDN are separated by " + ". For example: //          2.5.4.11=Microsoft, 2.5.4.3=Joe Cool + 2.5.4.12=Programmer //    CERT_X500_NAME_STR //      The object identifiers are converted to their X500 key name. Otherwise, //      same as CERT_OID_NAME_STR. If the object identifier doesn't have //      a corresponding X500 key name, then, the object identifier is used with //      a "OID." prefix. For example: //          OU=Microsoft, CN=Joe Cool + T=Programmer, OID.1.2.3.4.5.6=Unknown // //  We quote the RDN value if it contains leading or trailing whitespace //  or one of the following characters: ",", "+", "=", """, "/n",  "<", ">", //  "#" or ";". The quoting character is ". If the the RDN Value contains //  a " it is double quoted ("&quot. For example: //      OU="  Microsoft", CN="Joe ""Cool""" + T="Programmer, Manager" // //  CERT_NAME_STR_SEMICOLON_FLAG can be or'ed into dwStrType to replace //  the ", " separator with a "; " separator. // //  CERT_NAME_STR_CRLF_FLAG can be or'ed into dwStrType to replace //  the ", " separator with a "/r/n" separator. // //  CERT_NAME_STR_NO_PLUS_FLAG can be or'ed into dwStrType to replace the //  " + " separator with a single space, " ". // //  CERT_NAME_STR_NO_QUOTING_FLAG can be or'ed into dwStrType to inhibit //  the above quoting. // //  Returns the number of characters converted including the terminating null //  character. If psz is NULL or csz is 0, returns the required size of the //  destination string (including the terminating null char). // //  If psz != NULL && csz != 0, returned psz is always NULL terminated. // //  Note: csz includes the NULL char. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //-------------------------------------------------------------------------- function CertNameToStrA(dwCertEncodingType WORD;                        pName CERT_NAME_BLOB;                        dwStrType WORD;                        psz :LPSTR; //OPTIONAL                        csz WORD)WORD ; stdcall; //+------------------------------------------------------------------------- //-------------------------------------------------------------------------- function CertNameToStrW(dwCertEncodingType WORD;                        pName CERT_NAME_BLOB;                        dwStrType WORD;                        psz :LPWSTR; //OPTIONAL                        csz WORD)WORD ; stdcall; function CertNameToStr(dwCertEncodingType WORD;                       pName CERT_NAME_BLOB;                       dwStrType WORD;                       psz :LPAWSTR; //OPTIONAL                       csz WORD)WORD ; stdcall; //+------------------------------------------------------------------------- //  Certificate name string types //-------------------------------------------------------------------------- const CERT_SIMPLE_NAME_STR = 1; const CERT_OID_NAME_STR = 2; const CERT_X500_NAME_STR = 3; //+------------------------------------------------------------------------- //  Certificate name string type flags OR'ed with the above types //-------------------------------------------------------------------------- const CERT_NAME_STR_SEMICOLON_FLAG = $40000000; const CERT_NAME_STR_NO_PLUS_FLAG = $20000000; const CERT_NAME_STR_NO_QUOTING_FLAG = $10000000; const CERT_NAME_STR_CRLF_FLAG = $08000000; const CERT_NAME_STR_COMMA_FLAG = $04000000; //+------------------------------------------------------------------------- //  Convert the null terminated X500 string to an encoded certificate name. // //  The input string is expected to be formatted the same as the output //  from the above CertNameToStr API. // //  The CERT_SIMPLE_NAME_STR type isn't supported. Otherwise, when dwStrType //  is set to 0, CERT_OID_NAME_STR or CERT_X500_NAME_STR, allow either a //  case insensitive X500 key (CN=), case insensitive "OID." prefixed //  object identifier (OID.1.2.3.4.5.6=) or an object identifier (1.2.3.4=). // //  If no flags are OR'ed into dwStrType, then, allow "," or ";" as RDN //  separators and "+" as the multiple RDN value separator. Quoting is //  supported. A quote may be included in a quoted value by double quoting, //  for example (CN="Joe ""Cool""&quot. A value starting with a "#" is treated //  as ascii hex and converted to a CERT_RDN_OCTET_STRING. Embedded whitespace //  is skipped (1.2.3 = # AB CD 01  is the same as 1.2.3=#ABCD01). // //  Whitespace surrounding the keys, object identifers and values is removed. // //  CERT_NAME_STR_COMMA_FLAG can be or'ed into dwStrType to only allow the //  "," as the RDN separator. // //  CERT_NAME_STR_SEMICOLON_FLAG can be or'ed into dwStrType to only allow the //  ";" as the RDN separator. // //  CERT_NAME_STR_CRLF_FLAG can be or'ed into dwStrType to only allow //  "/r" or "/n" as the RDN separator. // //  CERT_NAME_STR_NO_PLUS_FLAG can be or'ed into dwStrType to ignore "+" //  as a separator and not allow multiple values per RDN. // //  CERT_NAME_STR_NO_QUOTING_FLAG can be or'ed into dwStrType to inhibit //  quoting. // //  Support the following X500 Keys: // //  Key         Object Identifier               RDN Value Type(s) //  ---         -----------------               ----------------- //  CN          szOID_COMMON_NAME               Printable, T61 //  L           szOID_LOCALITY_NAME             Printable, T61 //  O           szOID_ORGANIZATION_NAME         Printable, T61 //  OU          szOID_ORGANIZATIONAL_UNIT_NAME  Printable, T61 //  Email       szOID_RSA_emailAddr             Only IA5 //  C           szOID_COUNTRY_NAME              Only Printable //  S           szOID_STATE_OR_PROVINCE_NAME    Printable, T61 //  ST          szOID_STATE_OR_PROVINCE_NAME    Printable, T61 //  STREET      szOID_STREET_ADDRESS            Printable, T61 //  T           szOID_TITLE                     Printable, T61 //  Title       szOID_TITLE                     Printable, T61 //  G           szOID_GIVEN_NAME                Printable, T61 //  GivenName   szOID_GIVEN_NAME                Printable, T61 //  I           szOID_INITIALS                  Printable, T61 //  Initials    szOID_INITIALS                  Printable, T61 //  SN          szOID_SUR_NAME                  Printable, T61 //  DC          szOID_DOMAIN_COMPONENT          Only IA5 // //  The T61 types are UTF-8 encoded. // //  Returns TRUE if successfully parsed the input string and encoded //  the name. // //  If the input string is detected to be invalid, *ppszError is updated //  to point to the beginning of the invalid character sequence. Otherwise, //  *ppszError is set to NULL. *ppszError is updated with a non-NULL pointer //  for the following errors: //      CRYPT_E_INVALID_X500_STRING //      CRYPT_E_INVALID_NUMERIC_STRING //      CRYPT_E_INVALID_PRINTABLE_STRING //      CRYPT_E_INVALID_IA5_STRING // //  ppszError can be set to NULL if not interested in getting a pointer //  to the invalid character sequence. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //-------------------------------------------------------------------------- function CertStrToNameA(dwCertEncodingType WORD;                        pszX500 :LPCSTR;                        dwStrType WORD;                        pvReserved VOID;                        pbEncoded BYTE;                        pcbEncoded DWORD;                     var ppszError :array of LPCSTR):BOOL ; stdcall;  {--max-- iniziato qui} //+------------------------------------------------------------------------- //-------------------------------------------------------------------------- function CertStrToNameW(dwCertEncodingType WORD;                        pszX500 :LPCWSTR;                        dwStrType WORD;                        pvReserved VOID;                        pbEncoded BYTE;                        pcbEncoded DWORD;                    var ppszError :array of LPWSTR):BOOL ; stdcall; function CertStrToName(dwCertEncodingType WORD;                       pszX500 :LPAWSTR;                       dwStrType WORD;                       pvReserved VOID;                       pbEncoded BYTE;                       pcbEncoded DWORD;                   var ppszError :array of LPAWSTR):BOOL ; stdcall; //+========================================================================= //  Simplified Cryptographic Message Data Structures and APIs //========================================================================== //+------------------------------------------------------------------------- //              Conventions for the *pb and *pcb output parameters: // //              Upon entry to the function: //                  if pcb is OPTIONAL && pcb == NULL, then, //                      No output is returned //                  else if pb == NULL && pcb != NULL, then, //                      Length only determination. No length error is //                      returned. //                  otherwise where (pb != NULL && pcb != NULL && *pcb != 0) //                      Output is returned. If *pcb isn't big enough a //                      length error is returned. In all cases *pcb is updated //                      with the actual length needed/returned. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  Type definitions of the parameters used for doing the cryptographic //  operations. //-------------------------------------------------------------------------- //+------------------------------------------------------------------------- //  Callback to get and verify the signer's certificate. // //  Passed the CertId of the signer (its Issuer and SerialNumber) and a //  handle to its cryptographic signed message's cert store. // //  For CRYPT_E_NO_SIGNER, called with pSignerId == NULL. // //  For a valid signer certificate, returns a pointer to a read only //  CERT_CONTEXT. The returned CERT_CONTEXT is either obtained from a //  cert store or was created via CertCreateCertificateContext. For either case, //  its freed via CertFreeCertificateContext. // //  If a valid certificate isn't found, this callback returns NULL with //  LastError set via SetLastError(). // //  The NULL implementation tries to get the Signer certificate from the //  message cert store. It doesn't verify the certificate. //-------------------------------------------------------------------------- type    PFN_CRYPT_GET_SIGNER_CERTIFICATE = function (pvGetArg VOID;                                                 dwCertEncodingType WORD;                                                 pSignerId CERT_INFO;        // Only the Issuer and SerialNumber                                                 hMsgCertStore :HCERTSTORE     // fields have been updated                                                 )CCERT_CONTEXT ; stdcall; //+------------------------------------------------------------------------- //  The CRYPT_SIGN_MESSAGE_PARA are used for signing messages using the //  specified signing certificate contexts. (Note, allows multiple signers.) // //  Either the CERT_KEY_PROV_HANDLE_PROP_ID or CERT_KEY_PROV_INFO_PROP_ID must //  be set for each rgpSigningCert[]. Either one specifies the private //  signature key to use. // //  If any certificates and/or CRLs are to be included in the signed message, //  then, the MsgCert and MsgCrl parameters need to be updated. If the //  rgpSigningCerts are to be included, then, they must also be in the //  rgpMsgCert array. // //  cbSize must be set to the sizeof(CRYPT_SIGN_MESSAGE_PARA) or else //  LastError will be updated with E_INVALIDARG. // //  pvHashAuxInfo currently isn't used and must be set to NULL. // //  dwFlags normally is set to 0. However, if the encoded output //  is to be a CMSG_SIGNED inner content of an outer cryptographic message, //  such as a CMSG_ENVELOPED, then, the CRYPT_MESSAGE_BARE_CONTENT_OUT_FLAG //  should be set. If not set, then it would be encoded as an inner content //  type of CMSG_DATA. // //  dwInnerContentType is normally set to 0. It needs to be set if the //  ToBeSigned input is the encoded output of another cryptographic //  message, such as, an CMSG_ENVELOPED. When set, it's one of the cryptographic //  message types, for example, CMSG_ENVELOPED. // //  If the inner content of a nested cryptographic message is data (CMSG_DATA //  the default), then, neither dwFlags or dwInnerContentType need to be set. //-------------------------------------------------------------------------- type  PCRYPT_SIGN_MESSAGE_PARA = ^CRYPT_SIGN_MESSAGE_PARA;  CRYPT_SIGN_MESSAGE_PARA = record    cbSize WORD;    dwMsgEncodingType WORD;    pSigningCert CCERT_CONTEXT;    HashAlgorithm :CRYPT_ALGORITHM_IDENTIFIER;    pvHashAuxInfo VOID;    cMsgCert WORD;    rgpMsgCert PCCERT_CONTEXT;// pointer to array of PCCERT_CONTEXT    cMsgCrl WORD;    rgpMsgCrl PCCRL_CONTEXT; // pointer to array of PCCERT_CO    cAuthAttr WORD;    rgAuthAttr CRYPT_ATTRIBUTE;    cUnauthAttr WORD;    rgUnauthAttr CRYPT_ATTRIBUTE;    dwFlags WORD;    dwInnerContentType WORD;  end; const CRYPT_MESSAGE_BARE_CONTENT_OUT_FLAG = $1; //+------------------------------------------------------------------------- //  The CRYPT_VERIFY_MESSAGE_PARA are used to verify signed messages. // //  hCryptProv is used to do hashing and signature verification. // //  The dwCertEncodingType specifies the encoding type of the certificates //  and/or CRLs in the message. // //  pfnGetSignerCertificate is called to get and verify the message signer's //  certificate. // //  cbSize must be set to the sizeof(CRYPT_VERIFY_MESSAGE_PARA) or else //  LastError will be updated with E_INVALIDARG. //-------------------------------------------------------------------------- type  PCRYPT_VERIFY_MESSAGE_PARA = ^CRYPT_VERIFY_MESSAGE_PARA;  CRYPT_VERIFY_MESSAGE_PARA = record    cbSize WORD;    dwMsgAndCertEncodingType WORD;    hCryptProv :HCRYPTPROV;    pfnGetSignerCertificate FN_CRYPT_GET_SIGNER_CERTIFICATE;    pvGetArg VOID;  end; //+------------------------------------------------------------------------- //  The CRYPT_ENCRYPT_MESSAGE_PARA are used for encrypting messages. // //  hCryptProv is used to do content encryption, recipient key //  encryption, and recipient key export. Its private key //  isn't used. // //  pvEncryptionAuxInfo currently isn't used and must be set to NULL. // //  cbSize must be set to the sizeof(CRYPT_ENCRYPT_MESSAGE_PARA) or else //  LastError will be updated with E_INVALIDARG. // //  dwFlags normally is set to 0. However, if the encoded output //  is to be a CMSG_ENVELOPED inner content of an outer cryptographic message, //  such as a CMSG_SIGNED, then, the CRYPT_MESSAGE_BARE_CONTENT_OUT_FLAG //  should be set. If not set, then it would be encoded as an inner content //  type of CMSG_DATA. // //  dwInnerContentType is normally set to 0. It needs to be set if the //  ToBeEncrypted input is the encoded output of another cryptographic //  message, such as, an CMSG_SIGNED. When set, it's one of the cryptographic //  message types, for example, CMSG_SIGNED. // //  If the inner content of a nested cryptographic message is data (CMSG_DATA //  the default), then, neither dwFlags or dwInnerContentType need to be set. //-------------------------------------------------------------------------- type  PCRYPT_ENCRYPT_MESSAGE_PARA = ^CRYPT_ENCRYPT_MESSAGE_PARA;  CRYPT_ENCRYPT_MESSAGE_PARA = record    cbSize WORD;    dwMsgEncodingType WORD;    hCryptProv :HCRYPTPROV;    ContentEncryptionAlgorithm :CRYPT_ALGORITHM_IDENTIFIER;    pvEncryptionAuxInfo VOID;    dwFlags WORD;    dwInnerContentType WORD;  end; //+------------------------------------------------------------------------- //  The CRYPT_DECRYPT_MESSAGE_PARA are used for decrypting messages. // //  The CertContext to use for decrypting a message is obtained from one //  of the specified cert stores. An encrypted message can have one or //  more recipients. The recipients are identified by their CertId (Issuer //  and SerialNumber). The cert stores are searched to find the CertContext //  corresponding to the CertId. // //  Only CertContexts in the store with either //  the CERT_KEY_PROV_HANDLE_PROP_ID or CERT_KEY_PROV_INFO_PROP_ID set //  can be used. Either property specifies the private exchange key to use. // //  cbSize must be set to the sizeof(CRYPT_DECRYPT_MESSAGE_PARA) or else //  LastError will be updated with E_INVALIDARG. //-------------------------------------------------------------------------- type  PCRYPT_DECRYPT_MESSAGE_PARA = ^CRYPT_DECRYPT_MESSAGE_PARA;  CRYPT_DECRYPT_MESSAGE_PARA = record    cbSize WORD;    dwMsgAndCertEncodingType WORD;    cCertStore WORD;    rghCertStore HCERTSTORE;  end; //+------------------------------------------------------------------------- //  The CRYPT_HASH_MESSAGE_PARA are used for hashing or unhashing //  messages. // //  hCryptProv is used to compute the hash. // //  pvHashAuxInfo currently isn't used and must be set to NULL. // //  cbSize must be set to the sizeof(CRYPT_HASH_MESSAGE_PARA) or else //  LastError will be updated with E_INVALIDARG. //-------------------------------------------------------------------------- type  PCRYPT_HASH_MESSAGE_PARA = ^CRYPT_HASH_MESSAGE_PARA;  CRYPT_HASH_MESSAGE_PARA = record    cbSize WORD;    dwMsgEncodingType WORD;    hCryptProv :HCRYPTPROV;    HashAlgorithm :CRYPT_ALGORITHM_IDENTIFIER;    pvHashAuxInfo VOID;  end; //+------------------------------------------------------------------------- //  The CRYPT_KEY_SIGN_MESSAGE_PARA are used for signing messages until a //  certificate has been created for the signature key. // //  pvHashAuxInfo currently isn't used and must be set to NULL. // //  If PubKeyAlgorithm isn't set, defaults to szOID_RSA_RSA. // //  cbSize must be set to the sizeof(CRYPT_KEY_SIGN_MESSAGE_PARA) or else //  LastError will be updated with E_INVALIDARG. //-------------------------------------------------------------------------- type  PCRYPT_KEY_SIGN_MESSAGE_PARA = ^CRYPT_KEY_SIGN_MESSAGE_PARA;  CRYPT_KEY_SIGN_MESSAGE_PARA = record    cbSize WORD;    dwMsgAndCertEncodingType WORD;    hCryptProv :HCRYPTPROV;    dwKeySpec WORD;    HashAlgorithm :CRYPT_ALGORITHM_IDENTIFIER;    pvHashAuxInfo VOID;    PubKeyAlgorithm :CRYPT_ALGORITHM_IDENTIFIER;  end; //+------------------------------------------------------------------------- //  The CRYPT_KEY_VERIFY_MESSAGE_PARA are used to verify signed messages without //  a certificate for the signer. // //  Normally used until a certificate has been created for the key. // //  hCryptProv is used to do hashing and signature verification. // //  cbSize must be set to the sizeof(CRYPT_KEY_VERIFY_MESSAGE_PARA) or else //  LastError will be updated with E_INVALIDARG. //-------------------------------------------------------------------------- type  PCRYPT_KEY_VERIFY_MESSAGE_PARA = ^CRYPT_KEY_VERIFY_MESSAGE_PARA;  CRYPT_KEY_VERIFY_MESSAGE_PARA = record    cbSize WORD;    dwMsgEncodingType WORD;    hCryptProv :HCRYPTPROV;  end; //+------------------------------------------------------------------------- //  Sign the message. // //  If fDetachedSignature is TRUE, the "to be signed" content isn't included //  in the encoded signed blob. //-------------------------------------------------------------------------- function CryptSignMessage(pSignPara CRYPT_SIGN_MESSAGE_PARA;                          fDetachedSignature :BOOL;                          cToBeSigned WORD;                    const rgpbToBeSigned :array of PBYTE;                          rgcbToBeSigned :array of DWORD;                          pbSignedBlob BYTE;                          pcbSignedBlob DWORD):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Verify a signed message. // //  If pbDecoded == NULL, then, *pcbDecoded is implicitly set to 0 on input. //  For *pcbDecoded == 0 && ppSignerCert == NULL on input, the signer isn't //  verified. // //  A message might have more than one signer. Set dwSignerIndex to iterate //  through all the signers. dwSignerIndex == 0 selects the first signer. // //  pVerifyPara's pfnGetSignerCertificate is called to get the signer's //  certificate. // //  For a verified signer and message, *ppSignerCert is updated //  with the CertContext of the signer. It must be freed by calling //  CertFreeCertificateContext. Otherwise, *ppSignerCert is set to NULL. // //  ppSignerCert can be NULL, indicating the caller isn't interested //  in getting the CertContext of the signer. // //  pcbDecoded can be NULL, indicating the caller isn't interested in getting //  the decoded content. Furthermore, if the message doesn't contain any //  content or signers, then, pcbDecoded must be set to NULL, to allow the //  pVerifyPara->pfnGetCertificate to be called. Normally, this would be //  the case when the signed message contains only certficates and CRLs. //  If pcbDecoded is NULL and the message doesn't have the indicated signer, //  pfnGetCertificate is called with pSignerId set to NULL. // //  If the message doesn't contain any signers || dwSignerIndex > message's //  SignerCount, then, an error is returned with LastError set to //  CRYPT_E_NO_SIGNER. Also, for CRYPT_E_NO_SIGNER, pfnGetSignerCertificate //  is still called with pSignerId set to NULL. // //  Note, an alternative way to get the certificates and CRLs from a //  signed message is to call CryptGetMessageCertificates. //-------------------------------------------------------------------------- function CryptVerifyMessageSignature(pVerifyPara CRYPT_VERIFY_MESSAGE_PARA;                                     dwSignerIndex WORD;                               const pbSignedBlob BYTE;                                     cbSignedBlob WORD;                                     pbDecoded BYTE;                                     pcbDecoded WORD;                                     ppSignerCert CCERT_CONTEXT                                     ):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Returns the count of signers in the signed message. For no signers, returns //  0. For an error returns -1 with LastError updated accordingly. //-------------------------------------------------------------------------- function CryptGetMessageSignerCount(dwMsgEncodingType WORD;                              const pbSignedBlob BYTE;                                    cbSignedBlob WORD):LONG ; stdcall; //+------------------------------------------------------------------------- //  Returns the cert store containing the message's certs and CRLs. //  For an error, returns NULL with LastError updated. //-------------------------------------------------------------------------- function CryptGetMessageCertificates(dwMsgAndCertEncodingType WORD;                                     hCryptProv :HCRYPTPROV; // passed to CertOpenStore                                     dwFlags WORD;  // passed to CertOpenStore                               const pbSignedBlob BYTE;                                     cbSignedBlob WORD):HCERTSTORE ; stdcall; //+------------------------------------------------------------------------- //  Verify a signed message containing detached signature(s). //  The "to be signed" content is passed in separately. No //  decoded output. Otherwise, identical to CryptVerifyMessageSignature. //-------------------------------------------------------------------------- function CryptVerifyDetachedMessageSignature(pVerifyPara CRYPT_VERIFY_MESSAGE_PARA;                                             dwSignerIndex WORD;                                       const pbDetachedSignBlob BYTE;                                             cbDetachedSignBlob WORD;                                             cToBeSigned WORD;                                       const rgpbToBeSigned :array of PBYTE;                                             rgcbToBeSigned :array of DWORD;                                             ppSignerCert PCCERT_CONTEXT):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Encrypts the message for the recipient(s). //-------------------------------------------------------------------------- function CryptEncryptMessage(pEncryptPara CRYPT_ENCRYPT_MESSAGE_PARA;                             cRecipientCert WORD;                             rgpRecipientCert :array of PCCERT_CONTEXT;                             const pbToBeEncrypted BYTE;                             cbToBeEncrypted WORD;                             pbEncryptedBlob BYTE;                             pcbEncryptedBlob DWORD):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Decrypts the message. // //  If pbDecrypted == NULL, then, *pcbDecrypted is implicitly set to 0 on input. //  For *pcbDecrypted == 0 && ppXchgCert == NULL on input, the message isn't //  decrypted. // //  For a successfully decrypted message, *ppXchgCert is updated //  with the CertContext used to decrypt. It must be freed by calling //  CertStoreFreeCert. Otherwise, *ppXchgCert is set to NULL. // //  ppXchgCert can be NULL, indicating the caller isn't interested //  in getting the CertContext used to decrypt. //-------------------------------------------------------------------------- function CryptDecryptMessage(pDecryptPara CRYPT_DECRYPT_MESSAGE_PARA;                       const pbEncryptedBlob BYTE;                             cbEncryptedBlob WORD;                             pbDecrypted BYTE;                             pcbDecrypted DWORD;                             ppXchgCert PCCERT_CONTEXT):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Sign the message and encrypt for the recipient(s). Does a CryptSignMessage //  followed with a CryptEncryptMessage. // //  Note: this isn't the CMSG_SIGNED_AND_ENVELOPED. Its a CMSG_SIGNED //  inside of an CMSG_ENVELOPED. //-------------------------------------------------------------------------- function CryptSignAndEncryptMessage(pSignPara CRYPT_SIGN_MESSAGE_PARA;                                    pEncryptPara CRYPT_ENCRYPT_MESSAGE_PARA;                                    cRecipientCert WORD;                                    rgpRecipientCert :array of PCCERT_CONTEXT;                              const pbToBeSignedAndEncrypted BYTE;                                    cbToBeSignedAndEncrypted WORD;                                    pbSignedAndEncryptedBlob BYTE;                                    pcbSignedAndEncryptedBlob DWORD                                   &nbsp:BOOL ; stdcall; //+------------------------------------------------------------------------- //  Decrypts the message and verifies the signer. Does a CryptDecryptMessage //  followed with a CryptVerifyMessageSignature. // //  If pbDecrypted == NULL, then, *pcbDecrypted is implicitly set to 0 on input. //  For *pcbDecrypted == 0 && ppSignerCert == NULL on input, the signer isn't //  verified. // //  A message might have more than one signer. Set dwSignerIndex to iterate //  through all the signers. dwSignerIndex == 0 selects the first signer. // //  The pVerifyPara's VerifySignerPolicy is called to verify the signer's //  certificate. // //  For a successfully decrypted and verified message, *ppXchgCert and //  *ppSignerCert are updated. They must be freed by calling //  CertStoreFreeCert. Otherwise, they are set to NULL. // //  ppXchgCert and/or ppSignerCert can be NULL, indicating the //  caller isn't interested in getting the CertContext. // //  Note: this isn't the CMSG_SIGNED_AND_ENVELOPED. Its a CMSG_SIGNED //  inside of an CMSG_ENVELOPED. // //  The message always needs to be decrypted to allow access to the //  signed message. Therefore, if ppXchgCert != NULL, its always updated. //-------------------------------------------------------------------------- function CryptDecryptAndVerifyMessageSignature(pDecryptPara CRYPT_DECRYPT_MESSAGE_PARA;                                               pVerifyPara CRYPT_VERIFY_MESSAGE_PARA;                                               dwSignerIndex WORD;                                         const pbEncryptedBlob BYTE;                                               cbEncryptedBlob WORD;                                               pbDecrypted BYTE;                                               pcbDecrypted DWORD;                                           var ppXchgCert :array of PCCERT_CONTEXT;                                           var ppSignerCert :array of PCCERT_CONTEXT                                               ):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Decodes a cryptographic message which may be one of the following types: //    CMSG_DATA //    CMSG_SIGNED //    CMSG_ENVELOPED //    CMSG_SIGNED_AND_ENVELOPED //    CMSG_HASHED // //  dwMsgTypeFlags specifies the set of allowable messages. For example, to //  decode either SIGNED or ENVELOPED messages, set dwMsgTypeFlags to: //      CMSG_SIGNED_FLAG | CMSG_ENVELOPED_FLAG. // //  dwProvInnerContentType is only applicable when processing nested //  crytographic messages. When processing an outer crytographic message //  it must be set to 0. When decoding a nested cryptographic message //  its the dwInnerContentType returned by a previous CryptDecodeMessage //  of the outer message. The InnerContentType can be any of the CMSG types, //  for example, CMSG_DATA, CMSG_SIGNED, ... // //  The optional *pdwMsgType is updated with the type of message. // //  The optional *pdwInnerContentType is updated with the type of the inner //  message. Unless there is cryptographic message nesting, CMSG_DATA //  is returned. // //  For CMSG_DATA: returns decoded content. //  For CMSG_SIGNED: same as CryptVerifyMessageSignature. //  For CMSG_ENVELOPED: same as CryptDecryptMessage. //  For CMSG_SIGNED_AND_ENVELOPED: same as CryptDecryptMessage plus //      CryptVerifyMessageSignature. //  For CMSG_HASHED: verifies the hash and returns decoded content. //-------------------------------------------------------------------------- function CryptDecodeMessage(dwMsgTypeFlags WORD;                            pDecryptPara   CRYPT_DECRYPT_MESSAGE_PARA;                            pVerifyPara    CRYPT_VERIFY_MESSAGE_PARA ;                            dwSignerIndex  WORD;                      const pbEncodedBlob  BYTE;                            cbEncodedBlob  WORD;                            dwPrevInnerContentType WORD;                            pdwMsgType     DWORD;                            pdwInnerContentType DWORD;                            pbDecoded      BYTE;                            pcbDecoded     DWORD;                        var ppXchgCert     :array of PCCERT_CONTEXT;                        var ppSignerCert   :array of PCCERT_CONTEXT                           &nbsp:BOOL ; stdcall; //+------------------------------------------------------------------------- //  Hash the message. // //  If fDetachedHash is TRUE, only the ComputedHash is encoded in the //  pbHashedBlob. Otherwise, both the ToBeHashed and ComputedHash //  are encoded. // //  pcbHashedBlob or pcbComputedHash can be NULL, indicating the caller //  isn't interested in getting the output. //-------------------------------------------------------------------------- function CryptHashMessage(pHashPara CRYPT_HASH_MESSAGE_PARA;                          fDetachedHash :BOOL;                          cToBeHashed WORD;                    const rgpbToBeHashed :array of PBYTE;                          rgcbToBeHashed :array of DWORD;                          pbHashedBlob BYTE;                          pcbHashedBlob DWORD;                          pbComputedHash BYTE;                          pcbComputedHash DWORD):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Verify a hashed message. // //  pcbToBeHashed or pcbComputedHash can be NULL, //  indicating the caller isn't interested in getting the output. //-------------------------------------------------------------------------- function CryptVerifyMessageHash(pHashPara CRYPT_HASH_MESSAGE_PARA;                                pbHashedBlob BYTE;                                cbHashedBlob WORD;                                pbToBeHashed BYTE;                                pcbToBeHashed DWORD;                                pbComputedHash BYTE;                                pcbComputedHash DWORD):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Verify a hashed message containing a detached hash. //  The "to be hashed" content is passed in separately. No //  decoded output. Otherwise, identical to CryptVerifyMessageHash. // //  pcbComputedHash can be NULL, indicating the caller isn't interested //  in getting the output. //-------------------------------------------------------------------------- function CryptVerifyDetachedMessageHash(pHashPara CRYPT_HASH_MESSAGE_PARA;                                        pbDetachedHashBlob BYTE;                                        cbDetachedHashBlob WORD;                                        cToBeHashed WORD;                                        rgpbToBeHashed :array of PBYTE;                                        rgcbToBeHashed :array of DWORD;                                        pbComputedHash BYTE;                                        pcbComputedHash DWORD):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Sign the message using the provider's private key specified in the //  parameters. A dummy SignerId is created and stored in the message. // //  Normally used until a certificate has been created for the key. //-------------------------------------------------------------------------- function CryptSignMessageWithKey(pSignPara CRYPT_KEY_SIGN_MESSAGE_PARA;                           const pbToBeSigned BYTE;                                 cbToBeSigned WORD;                                 pbSignedBlob BYTE;                                 pcbSignedBlob DWORD):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Verify a signed message using the specified public key info. // //  Normally called by a CA until it has created a certificate for the //  key. // //  pPublicKeyInfo contains the public key to use to verify the signed //  message. If NULL, the signature isn't verified (for instance, the decoded //  content may contain the PublicKeyInfo). // //  pcbDecoded can be NULL, indicating the caller isn't interested //  in getting the decoded content. //-------------------------------------------------------------------------- function CryptVerifyMessageSignatureWithKey(pVerifyPara CRYPT_KEY_VERIFY_MESSAGE_PARA;                                            pPublicKeyInfo CERT_PUBLIC_KEY_INFO;                                      const pbSignedBlob BYTE;                                            cbSignedBlob WORD;                                            pbDecoded BYTE;                                            pcbDecoded DWORD):BOOL ; stdcall; //+========================================================================= //  System Certificate Store Data Structures and APIs //========================================================================== //+------------------------------------------------------------------------- //  Get a system certificate store based on a subsystem protocol. // //  Current examples of subsystems protocols are: //      "MY"    Cert Store hold certs with associated Private Keys //      "CA"    Certifying Authority certs //      "ROOT"  Root Certs //      "SPC"   Software publisher certs // // //  If hProv is NULL the default provider "1" is opened for you. //  When the store is closed the provider is release. Otherwise //  if hProv is not NULL, no provider is created or released. // //  The returned Cert Store can be searched for an appropriate Cert //  using the Cert Store API's (see certstor.h) // //  When done, the cert store should be closed using CertStoreClose //-------------------------------------------------------------------------- function CertOpenSystemStoreA(hProv :HCRYPTPROV;                              szSubsystemProtocol :LPCSTR):HCERTSTORE ; stdcall; function CertOpenSystemStoreW(hProv :HCRYPTPROV;                              szSubsystemProtocol :LPCWSTR):HCERTSTORE ; stdcall; function CertOpenSystemStore(hProv :HCRYPTPROV;                             szSubsystemProtocol :LPAWSTR):HCERTSTORE ; stdcall; function CertAddEncodedCertificateToSystemStoreA(szCertStoreName :LPCSTR;                                           const pbCertEncoded BYTE;                                                cbCertEncoded WORD):BOOL ; stdcall; function CertAddEncodedCertificateToSystemStoreW(szCertStoreName :LPCWSTR;                                           const pbCertEncoded BYTE;                                                 cbCertEncoded WORD):BOOL ; stdcall; function CertAddEncodedCertificateToSystemStore(szCertStoreName :LPAWSTR;                                          const pbCertEncoded BYTE;                                                cbCertEncoded WORD):BOOL ; stdcall; //+------------------------------------------------------------------------- //  Find all certificate chains tying the given issuer name to any certificate //  that the current user has a private key for. // //  If no certificate chain is found, FALSE is returned with LastError set //  to CRYPT_E_NOT_FOUND and the counts zeroed. // //  IE 3.0 ASSUMPTION: //   The client certificates are in the "My" system store. The issuer //   cerificates may be in the "Root", "CA" or "My" system stores. //-------------------------------------------------------------------------- type  PCERT_CHAIN = ^CERT_CHAIN;  CERT_CHAIN = record    cCerts WORD;     // number of certs in chain    certs CERT_BLOB;      // pointer to array of cert chain blobs representing the certs    keyLocatorInfo :CRYPT_KEY_PROV_INFO; // key locator for cert  end; // WINCRYPT32API    This is not exported by crypt32, it is exported by softpub function FindCertsByIssuer(pCertChains CERT_CHAIN;                           pcbCertChains DWORD;                           pcCertChains DWORD;       // count of certificates chains returned                           pbEncodedIssuerName BYTE;   // DER encoded issuer name                           cbEncodedIssuerName WORD; // count in bytes of encoded issuer name                           pwszPurpose :LPCWSTR; // "ClientAuth" or "CodeSigning"                           dwKeySpec WORD  // only return signers supporting this keyspec                           ):HRESULT ; stdcall; //////////////////////////// VERSION 2 //////////////////////////////////////////////////////////////////// implementation {Macro inplementation} function GET_ALG_CLASS(x:integer) :integer; begin  Result:=(x and (7 shl 13)); end; function GET_ALG_TYPE(x:integer) :integer; begin  Result:=(x and (15 shl 9)); end; function GET_ALG_SID(x:integer) :integer; begin  Result:=(x and (511)); end; function RCRYPT_SUCCEEDED(rt:BOOL):BOOL; begin  Result:= rt = CRYPT_SUCCEED; end; function RCRYPT_FAILED(rt:BOOL):BOOL; begin  Result:= rt = CRYPT_FAILED; end ; function  GET_CERT_UNICODE_RDN_ERR_INDEX(X :integer):integer; begin    Result :=  ((X shr CERT_UNICODE_RDN_ERR_INDEX_SHIFT) and CERT_UNICODE_RDN_ERR_INDEX_MASK); end; function  GET_CERT_UNICODE_ATTR_ERR_INDEX(X :integer):integer; begin    Result := ((X shr CERT_UNICODE_ATTR_ERR_INDEX_SHIFT) and CERT_UNICODE_ATTR_ERR_INDEX_MASK); end; function  GET_CERT_UNICODE_VALUE_ERR_INDEX(X :integer):integer; begin    Result := (X and CERT_UNICODE_VALUE_ERR_INDEX_MASK); end; function GET_CERT_ALT_NAME_ENTRY_ERR_INDEX(X WORD)WORD; begin    Result := ((X shr CERT_ALT_NAME_ENTRY_ERR_INDEX_SHIFT) and CERT_ALT_NAME_ENTRY_ERR_INDEX_MASK); end; function GET_CERT_ALT_NAME_VALUE_ERR_INDEX(X WORD)WORD; begin    Result := (X and CERT_ALT_NAME_VALUE_ERR_INDEX_MASK); end; function GET_CRL_DIST_POINT_ERR_INDEX(X WORD)WORD; begin Result := ((X shr CRL_DIST_POINT_ERR_INDEX_SHIFT) and CRL_DIST_POINT_ERR_INDEX_MASK); end; function IS_CRL_DIST_POINT_ERR_CRL_ISSUER(X WORD):BOOL; begin    Result := (0 <> (X and CRL_DIST_POINT_ERR_CRL_ISSUER_BIT)); end; ///////////////////////////////////////version 2 ///////////////////////// function IS_CERT_RDN_CHAR_STRING(X WORD) :BOOL; begin    Result :=BOOL(X >= CERT_RDN_NUMERIC_STRING); end; function GET_CERT_ENCODING_TYPE(X WORD)WORD; begin    Result := (X and CERT_ENCODING_TYPE_MASK); end; function GET_CMSG_ENCODING_TYPE(X WORD)WORD; begin    Result := (X and CMSG_ENCODING_TYPE_MASK); end; function IS_CERT_HASH_PROP_ID( X WORD):BOOL ; begin    if (X = CERT_SHA1_HASH_PROP_ID) or (X = CERT_MD5_HASH_PROP_ID) then        Result := True    else        Result := False; end; {end Macro} function CryptAcquireContextA    ;external ADVAPI32 name 'CryptAcquireContextA'; {$IFDEF UNICODE} function CryptAcquireContext     ;external ADVAPI32 name 'CryptAcquireContextW'; {$ELSE} function CryptAcquireContext     ;external ADVAPI32 name 'CryptAcquireContextA'; {$ENDIF} function CryptAcquireContextW    ;external ADVAPI32 name 'CryptAcquireContextW'; function CryptReleaseContext     ;external ADVAPI32 name 'CryptReleaseContext'; function CryptGenKey             ;external ADVAPI32 name 'CryptGenKey'; function CryptDeriveKey          ;external ADVAPI32 name 'CryptDeriveKey'; function CryptDestroyKey         ;external ADVAPI32 name 'CryptDestroyKey'; function CryptSetKeyParam        ;external ADVAPI32 name 'CryptSetKeyParam'; function CryptGetKeyParam        ;external ADVAPI32 name 'CryptGetKeyParam'; function CryptSetHashParam       ;external ADVAPI32 name 'CryptSetHashParam'; function CryptGetHashParam       ;external ADVAPI32 name 'CryptGetHashParam'; function CryptSetProvParam       ;external ADVAPI32 name 'CryptSetProvParam'; function CryptGetProvParam       ;external ADVAPI32 name 'CryptGetProvParam'; function CryptGenRandom          ;external ADVAPI32 name 'CryptGenRandom'; function CryptGetUserKey         ;external ADVAPI32 name 'CryptGetUserKey'; function CryptExportKey          ;external ADVAPI32 name 'CryptExportKey'; function CryptImportKey          ;external ADVAPI32 name 'CryptImportKey'; function CryptEncrypt            ;external ADVAPI32 name 'CryptEncrypt'; function CryptDecrypt            ;external ADVAPI32 name 'CryptDecrypt'; function CryptCreateHash         ;external ADVAPI32 name 'CryptCreateHash'; function CryptHashData           ;external ADVAPI32 name 'CryptHashData'; function CryptHashSessionKey     ;external ADVAPI32 name 'CryptHashSessionKey'; function CryptDestroyHash        ;external ADVAPI32 name 'CryptDestroyHash'; function CryptSignHashA          ;external ADVAPI32 name 'CryptSignHashA'; function CryptSignHashW          ;external ADVAPI32 name 'CryptSignHashW'; function CryptSignHashU          ;external CRYPT32 name 'CryptSignHashU'; {$IFDEF UNICODE} function CryptSignHash           ;external ADVAPI32 name 'CryptSignHashW'; {$ELSE} function CryptSignHash           ;external ADVAPI32 name 'CryptSignHashA'; {$ENDIF} function CryptVerifySignatureA   ;external ADVAPI32 name 'CryptVerifySignatureA'; function CryptVerifySignatureW   ;external ADVAPI32 name 'CryptVerifySignatureW'; {$IFDEF UNICODE} function CryptVerifySignature    ;external ADVAPI32 name 'CryptVerifySignatureW'; {$ELSE} function CryptVerifySignature    ;external ADVAPI32 name 'CryptVerifySignatureA'; {$ENDIF} function CryptSetProviderW       ;external ADVAPI32 name 'CryptSetProviderW'; function CryptSetProviderA       ;external ADVAPI32 name 'CryptSetProviderA'; function CryptSetProviderU       ;external CRYPT32 name 'CryptSetProviderU'; {$IFDEF UNICODE} function CryptSetProvider        ;external ADVAPI32 name 'CryptSetProviderW'; {$ELSE} function CryptSetProvider        ;external ADVAPI32 name 'CryptSetProviderA'; {$ENDIF} {$IFDEF NT5} function CryptSetProviderExA ;external ADVAPI32NT5 name 'CryptSetProviderExA';//nt5 advapi32 function CryptSetProviderExW ;external ADVAPI32NT5 name 'CryptSetProviderExW'; {$IFDEF UNICODE} function CryptSetProviderEx ;external ADVAPI32NT5 name 'CryptSetProviderExW'; {$ELSE} function  CryptSetProviderEx  ;external ADVAPI32NT5 name 'CryptSetProviderExA'; {$ENDIF} // !UNICODE function CryptGetDefaultProviderA ; external ADVAPI32NT5 name 'CryptGetDefaultProviderA';//nt5 advapi32 function CryptGetDefaultProviderW ; external ADVAPI32NT5 name 'CryptGetDefaultProviderW'; {$IFDEF UNICODE} function CryptGetDefaultProvider ; external ADVAPI32NT5 name 'CryptGetDefaultProviderW'; {$ELSE} function CryptGetDefaultProvider; external ADVAPI32NT5 name 'CryptGetDefaultProviderA'; {$ENDIF} // !UNICODE function CryptEnumProviderTypesA ; external ADVAPI32NT5 name 'CryptEnumProviderTypesA';//nt5 advapi32 function CryptEnumProviderTypesW ; external ADVAPI32NT5 name 'CryptEnumProviderTypesW'; {$IFDEF UNICODE} function CryptEnumProviderTypes ; external ADVAPI32NT5 name 'CryptEnumProviderTypesW'; {$ELSE} function CryptEnumProviderTypes ; external ADVAPI32NT5 name 'CryptEnumProviderTypesA'; {$ENDIF} // !UNICODE function CryptEnumProvidersA; external ADVAPI32NT5 name 'CryptEnumProvidersA';//nt5 advapi32 function CryptEnumProvidersW; external ADVAPI32NT5 name 'CryptEnumProvidersW'; {$IFDEF UNICODE} function CryptEnumProviders; external ADVAPI32NT5 name 'CryptEnumProvidersW'; {$ELSE} function CryptEnumProviders; external ADVAPI32NT5 name 'CryptEnumProvidersA'; {$ENDIF} // !UNICODE function CryptContextAddRef; external ADVAPI32NT5 name 'CryptContextAddRef';//nt5 advapi32 function CryptDuplicateKey; external ADVAPI32NT5 name 'CryptDuplicateKey';//nt5 advapi32 function CryptDuplicateHash; external ADVAPI32NT5 name 'CryptDuplicateHash';//nt5 advapi32 {$ENDIF NT5} function CryptEnumProvidersU; external CRYPT32 name 'CryptEnumProvidersU'; function CryptFormatObject; external CRYPT32 name 'CryptFormatObject'; function CryptEncodeObject; external CRYPT32 name 'CryptEncodeObject'; function CryptDecodeObject; external CRYPT32 name 'CryptDecodeObject'; function CryptInstallOIDFunctionAddress; external CRYPT32 name 'CryptInstallOIDFunctionAddress'; function CryptInitOIDFunctionSet; external CRYPT32 name 'CryptInitOIDFunctionSet'; function CryptGetOIDFunctionAddress; external CRYPT32 name 'CryptGetOIDFunctionAddress'; function CryptGetDefaultOIDDllList; external CRYPT32 name 'CryptGetDefaultOIDDllList'; function CryptGetDefaultOIDFunctionAddress; external CRYPT32 name 'CryptGetDefaultOIDFunctionAddress'; function CryptFreeOIDFunctionAddress; external CRYPT32 name 'CryptFreeOIDFunctionAddress'; function CryptRegisterOIDFunction; external CRYPT32 name 'CryptRegisterOIDFunction'; function CryptUnregisterOIDFunction; external CRYPT32 name 'CryptUnregisterOIDFunction'; function CryptRegisterDefaultOIDFunction; external CRYPT32 name 'CryptRegisterDefaultOIDFunction'; function CryptUnregisterDefaultOIDFunction; external CRYPT32 name 'CryptUnregisterDefaultOIDFunction'; function CryptSetOIDFunctionValue; external CRYPT32 name 'CryptSetOIDFunctionValue'; function CryptGetOIDFunctionValue; external CRYPT32 name 'CryptGetOIDFunctionValue'; function CryptEnumOIDFunction; external CRYPT32 name 'CryptEnumOIDFunction'; function CryptFindOIDInfo; external CRYPT32 name 'CryptFindOIDInfo'; function CryptRegisterOIDInfo; external CRYPT32 name 'CryptRegisterOIDInfo'; function CryptUnregisterOIDInfo; external CRYPT32 name 'CryptUnregisterOIDInfo'; function CryptMsgOpenToEncode; external CRYPT32 name 'CryptMsgOpenToEncode'; function CryptMsgCalculateEncodedLength; external CRYPT32 name 'CryptMsgCalculateEncodedLength'; function CryptMsgOpenToDecode; external CRYPT32 name 'CryptMsgOpenToDecode'; function CryptMsgClose; external CRYPT32 name 'CryptMsgClose'; function CryptMsgUpdate; external CRYPT32 name 'CryptMsgUpdate'; function CryptMsgControl; external CRYPT32 name 'CryptMsgControl'; function CryptMsgVerifyCountersignatureEncoded; external CRYPT32 name 'CryptMsgVerifyCountersignatureEncoded'; function CryptMsgCountersign; external CRYPT32 name 'CryptMsgCountersign'; function CryptMsgCountersignEncoded; external CRYPT32 name 'CryptMsgCountersignEncoded'; function CryptMsgGetParam; external CRYPT32 name 'CryptMsgGetParam'; function CertOpenStore; external CRYPT32 name 'CertOpenStore'; function CertDuplicateStore; external CRYPT32 name 'CertDuplicateStore'; function CertSaveStore; external CRYPT32 name 'CertSaveStore'; function CertCloseStore; external CRYPT32 name 'CertCloseStore'; function CertGetSubjectCertificateFromStore; external CRYPT32 name 'CertGetSubjectCertificateFromStore'; function CertEnumCertificatesInStore; external CRYPT32 name 'CertEnumCertificatesInStore'; function CertFindCertificateInStore; external CRYPT32 name 'CertFindCertificateInStore'; function CertGetIssuerCertificateFromStore; external CRYPT32 name 'CertGetIssuerCertificateFromStore'; function CertVerifySubjectCertificateContext; external CRYPT32 name 'CertVerifySubjectCertificateContext'; function CertDuplicateCertificateContext; external CRYPT32 name 'CertDuplicateCertificateContext'; function CertCreateCertificateContext; external CRYPT32 name 'CertCreateCertificateContext'; function CertFreeCertificateContext; external CRYPT32 name 'CertFreeCertificateContext'; function CertSetCertificateContextProperty; external CRYPT32 name 'CertSetCertificateContextProperty'; function CertGetCertificateContextProperty; external CRYPT32 name 'CertGetCertificateContextProperty'; function CertEnumCertificateContextProperties; external CRYPT32 name 'CertEnumCertificateContextProperties'; function CertGetCRLFromStore; external CRYPT32 name 'CertGetCRLFromStore'; function CertDuplicateCRLContext; external CRYPT32 name 'CertDuplicateCRLContext'; function CertCreateCRLContext; external CRYPT32 name 'CertCreateCRLContext'; function CertFreeCRLContext; external CRYPT32 name 'CertFreeCRLContext'; function CertSetCRLContextProperty; external CRYPT32 name 'CertSetCRLContextProperty'; function CertGetCRLContextProperty; external CRYPT32 name 'CertGetCRLContextProperty'; function CertEnumCRLContextProperties; external CRYPT32 name 'CertEnumCRLContextProperties'; function CertAddEncodedCertificateToStore; external CRYPT32 name 'CertAddEncodedCertificateToStore'; function CertAddCertificateContextToStore; external CRYPT32 name 'CertAddCertificateContextToStore'; function CertAddSerializedElementToStore; external CRYPT32 name 'CertAddSerializedElementToStore'; function CertDeleteCertificateFromStore; external CRYPT32 name 'CertDeleteCertificateFromStore'; function CertAddEncodedCRLToStore; external CRYPT32 name 'CertAddEncodedCRLToStore'; function CertAddCRLContextToStore; external CRYPT32 name 'CertAddCRLContextToStore'; function CertDeleteCRLFromStore; external CRYPT32 name 'CertDeleteCRLFromStore'; function CertSerializeCertificateStoreElement; external CRYPT32 name 'CertSerializeCertificateStoreElement'; function CertSerializeCRLStoreElement; external CRYPT32 name 'CertSerializeCRLStoreElement'; function CertDuplicateCTLContext; external CRYPT32 name 'CertDuplicateCTLContext'; function CertCreateCTLContext; external CRYPT32 name 'CertCreateCTLContext'; function CertFreeCTLContext; external CRYPT32 name 'CertFreeCTLContext'; function CertSetCTLContextProperty; external CRYPT32 name 'CertSetCTLContextProperty'; function CertGetCTLContextProperty; external CRYPT32 name 'CertGetCTLContextProperty'; function CertEnumCTLContextProperties; external CRYPT32 name 'CertEnumCTLContextProperties'; function CertEnumCTLsInStore; external CRYPT32 name 'CertEnumCTLsInStore'; function CertFindSubjectInCTL; external CRYPT32 name 'CertFindSubjectInCTL'; function CertFindCTLInStore; external CRYPT32 name 'CertFindCTLInStore'; function CertAddEncodedCTLToStore; external CRYPT32 name 'CertAddEncodedCTLToStore'; function CertAddCTLContextToStore; external CRYPT32 name 'CertAddCTLContextToStore'; function CertSerializeCTLStoreElement; external CRYPT32 name 'CertSerializeCTLStoreElement'; function CertDeleteCTLFromStore; external CRYPT32 name 'CertDeleteCTLFromStore'; function CertGetEnhancedKeyUsage; external CRYPT32 name 'CertGetEnhancedKeyUsage'; function CertSetEnhancedKeyUsage; external CRYPT32 name 'CertSetEnhancedKeyUsage'; function CertAddEnhancedKeyUsageIdentifier; external CRYPT32 name 'CertAddEnhancedKeyUsageIdentifier'; function CertRemoveEnhancedKeyUsageIdentifier; external CRYPT32 name 'CertRemoveEnhancedKeyUsageIdentifier'; function CryptMsgGetAndVerifySigner; external CRYPT32 name 'CryptMsgGetAndVerifySigner'; function CryptMsgSignCTL; external CRYPT32 name 'CryptMsgSignCTL'; function CryptMsgEncodeAndSignCTL; external CRYPT32 name 'CryptMsgEncodeAndSignCTL'; function CertVerifyCTLUsage; external CRYPT32 name 'CertVerifyCTLUsage'; function CertVerifyRevocation; external CRYPT32 name 'CertVerifyRevocation'; function CertCompareIntegerBlob; external CRYPT32 name 'CertCompareIntegerBlob'; function CertCompareCertificate; external CRYPT32 name 'CertCompareCertificate'; function CertCompareCertificateName; external CRYPT32 name 'CertCompareCertificateName'; function CertIsRDNAttrsInCertificateName; external CRYPT32 name 'CertIsRDNAttrsInCertificateName'; function CertComparePublicKeyInfo; external CRYPT32 name 'CertComparePublicKeyInfo'; function CertGetPublicKeyLength; external CRYPT32 name 'CertGetPublicKeyLength'; function CryptVerifyCertificateSignature; external CRYPT32 name 'CryptVerifyCertificateSignature'; function CryptHashToBeSigned; external CRYPT32 name 'CryptHashToBeSigned'; function CryptHashCertificate; external CRYPT32 name 'CryptHashCertificate'; function CryptSignCertificate; external CRYPT32 name 'CryptSignCertificate'; function CryptSignAndEncodeCertificate; external CRYPT32 name 'CryptSignAndEncodeCertificate'; function CertVerifyTimeValidity; external CRYPT32 name 'CertVerifyTimeValidity'; function CertVerifyCRLTimeValidity; external CRYPT32 name 'CertVerifyCRLTimeValidity'; function CertVerifyValidityNesting; external CRYPT32 name 'CertVerifyValidityNesting'; function CertVerifyCRLRevocation; external CRYPT32 name 'CertVerifyCRLRevocation'; function CertAlgIdToOID; external CRYPT32 name 'CertAlgIdToOID'; function CertOIDToAlgId; external CRYPT32 name 'CertOIDToAlgId'; function CertFindExtension; external CRYPT32 name 'CertFindExtension'; function CertFindAttribute; external CRYPT32 name 'CertFindAttribute'; function CertFindRDNAttr; external CRYPT32 name 'CertFindRDNAttr'; function CertGetIntendedKeyUsage; external CRYPT32 name 'CertGetIntendedKeyUsage'; function CryptExportPublicKeyInfo; external CRYPT32 name 'CryptExportPublicKeyInfo'; function CryptExportPublicKeyInfoEx; external CRYPT32 name 'CryptExportPublicKeyInfoEx'; function CryptImportPublicKeyInfo; external CRYPT32 name 'CryptImportPublicKeyInfo'; function CryptImportPublicKeyInfoEx; external CRYPT32 name 'CryptImportPublicKeyInfoEx'; function CryptHashPublicKeyInfo; external CRYPT32 name 'CryptHashPublicKeyInfo'; function CertRDNValueToStrA; external CRYPT32 name 'CertRDNValueToStrA'; function CertRDNValueToStrW; external CRYPT32 name 'CertRDNValueToStrW'; {$IFDEF UNICODE} function CertRDNValueToStr; external CRYPT32 name 'CertRDNValueToStrW'; {$ELSE} function CertRDNValueToStr; external CRYPT32 name 'CertRDNValueToStrA'; {$ENDIF} // !UNICODE function CertNameToStrA; external CRYPT32 name 'CertNameToStrA'; function CertNameToStrW; external CRYPT32 name 'CertNameToStrW'; {$IFDEF UNICODE} function CertNameToStr; external CRYPT32 name 'CertNameToStrW'; {$ELSE} function CertNameToStr; external CRYPT32 name 'CertNameToStrA'; {$ENDIF} // !UNICODE function CertStrToNameW; external CRYPT32 name 'CertStrToNameW'; function CertStrToNameA; external CRYPT32 name 'CertStrToNameA'; {$IFDEF UNICODE} function CertStrToName; external CRYPT32 name 'CertStrToNameW'; {$ELSE} function CertStrToName; external CRYPT32 name 'CertStrToNameA'; {$ENDIF} // !UNICODE function CryptSignMessage; external CRYPT32 name 'CryptSignMessage'; //function CryptSignMessageWithKey; external CRYPT32 name 'CryptSignMessageWithKey'; function CryptVerifyMessageSignature; external CRYPT32 name 'CryptVerifyMessageSignature'; //function CryptVerifyMessageSignatureWithKey; external CRYPT32 name 'CryptVerifyMessageSignatureWithKey'; function CryptGetMessageSignerCount; external CRYPT32 name 'CryptGetMessageSignerCount'; function CryptGetMessageCertificates; external CRYPT32 name 'CryptGetMessageCertificates'; function CryptVerifyDetachedMessageSignature; external CRYPT32 name 'CryptVerifyDetachedMessageSignature'; function CryptEncryptMessage; external CRYPT32 name 'CryptEncryptMessage'; function CryptDecryptMessage; external CRYPT32 name 'CryptDecryptMessage'; function CryptSignAndEncryptMessage; external CRYPT32 name 'CryptSignAndEncryptMessage'; function CryptDecryptAndVerifyMessageSignature; external CRYPT32 name 'CryptDecryptAndVerifyMessageSignature'; function CryptDecodeMessage; external CRYPT32 name 'CryptDecodeMessage'; function CryptHashMessage; external CRYPT32 name 'CryptHashMessage'; function CryptVerifyMessageHash; external CRYPT32 name 'CryptVerifyMessageHash'; function CryptVerifyDetachedMessageHash; external CRYPT32 name 'CryptVerifyDetachedMessageHash'; function CryptSignMessageWithKey; external CRYPT32 name 'CryptSignMessageWithKey'; function CryptVerifyMessageSignatureWithKey; external CRYPT32 name 'CryptVerifyMessageSignatureWithKey'; function CertOpenSystemStoreA; external CRYPT32 name 'CertOpenSystemStoreA'; function CertOpenSystemStoreW; external CRYPT32 name 'CertOpenSystemStoreW'; {$IFDEF UNICODE} function CertOpenSystemStore; external CRYPT32 name 'CertOpenSystemStoreW'; {$ELSE} function CertOpenSystemStore; external CRYPT32 name 'CertOpenSystemStoreA'; {$ENDIF} // !UNICODE function CertAddEncodedCertificateToSystemStoreA; external CRYPT32 name 'CertAddEncodedCertificateToSystemStoreA'; function CertAddEncodedCertificateToSystemStoreW; external CRYPT32 name 'CertAddEncodedCertificateToSystemStoreW'; {$IFDEF UNICODE} function CertAddEncodedCertificateToSystemStore; external CRYPT32 name 'CertAddEncodedCertificateToSystemStoreW'; {$ELSE} function CertAddEncodedCertificateToSystemStore; external CRYPT32 name 'CertAddEncodedCertificateToSystemStoreA'; {$ENDIF} // !UNICODE function FindCertsByIssuer; external SOFTPUB name 'FindCertsByIssuer'; end.

请问如何使用delphi调用cryptoapi？我想要使用哈希算法加密(100分)

kaiery

Unregistered / Unconfirmed

xianguo

Unregistered / Unconfirmed

Similar threads