Module

wcrypt2

Path

C:\CPRS\CPRS30\XuDigSig\Wcrypt2.pas

Last Modified

7/15/2014 3:26:44 PM

Comments

Borland Delphi Runtime Library                                   
 Cryptographic API interface unit                                 
                                                                  
 Portions created by Microsoft are                                
 Copyright (C) 1993-1998 Microsoft Corporation.                   
 All Rights Reserved.                                             
                                                                  
 The original file is: wincrypt.h, 1992 - 1997                    
 The original Pascal code is: wcrypt2.pas, released 01 Jan 1998   
 The initial developer of the Pascal code is                      
  Massimo Maria Ghisalberti  (nissl@dada.it)                      
                                                                  
 Portions created by Massimo Maria Ghisalberti are                
 Copyright (C) 1997-1998 Massimo Maria Ghisalberti                
                                                                  
 Contributor(s):                                                  
     Peter Tang (peter.tang@citicorp.com)                         
     Phil Shrimpton (phil@shrimpton.co.uk)                        
                                                                  
 Obtained through:                                                
                                                                  
 Joint Endeavour of Delphi Innovators (Project JEDI)              
                                                                  
 You may retrieve the latest version of this file at the Project  
 JEDI home page, located at http://delphi-jedi.org                
                                                                  
 The contents of this file are used with permission, subject to   
 the Mozilla Public License Version 1.1 (the "License"); you may  
 not use this file except in compliance with the License. You may 
 obtain a copy of the License at                                  
 http://www.mozilla.org/MPL/MPL-1.1.html                          
                                                                  
 Software distributed under the License is distributed on an      
 "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or   
 implied. See the License for the specific language governing     
 rights and limitations under the License.                        
                                                                  


 {.DEFINE NT5}

Functions

Name Owner Declaration Scope Comments
CertAddCertificateContextToStore - function CertAddCertificateContextToStore(hCertStore :HCERTSTORE; pCertContext :PCCERT_CONTEXT; dwAddDisposition :DWORD; var ppStoreContext :PCCERT_CONTEXT Interfaced
+-------------------------------------------------------------------------
  Add the certificate context to the store according to the specified
  disposition action.
  In addition to the encoded certificate, the context's properties are
  also copied.  Note, the CERT_KEY_CONTEXT_PROP_ID property (and its
  CERT_KEY_PROV_HANDLE_PROP_ID or CERT_KEY_SPEC_PROP_ID) isn't copied.
  Makes a copy of the certificate context before adding to the store.
  dwAddDispostion specifies the action to take if the certificate
  already exists in the store. This parameter must be one of the following
  values:
    CERT_STORE_ADD_NEW
      Fails if the certificate already exists in the store. LastError
      is set to CRYPT_E_EXISTS.
    CERT_STORE_ADD_USE_EXISTING
      If the certifcate already exists, then, its used and if ppStoreContext
      is non-NULL, the existing context is duplicated. Iterates
      through pCertContext's properties and only copies the properties
      that don't already exist. The SHA1 and MD5 hash properties aren't
      copied.
    CERT_STORE_ADD_REPLACE_EXISTING
      If the certificate already exists, then, the existing certificate
      context is deleted before creating and adding a new context.
      Properties are copied before doing the add.
    CERT_STORE_ADD_ALWAYS
      No check is made to see if the certificate already exists. A
      new certificate context is always created and added. This may lead to
      duplicates in the store. Properties are
      copied before doing the add.
  CertGetSubjectCertificateFromStore is called to determine if the
  certificate already exists in the store.
  ppStoreContext can be NULL, indicating the caller isn't interested
  in getting the CERT_CONTEXT of the added or existing certificate.
--------------------------------------------------------------------------
CertAddCRLContextToStore - function CertAddCRLContextToStore(hCertStore :HCERTSTORE; pCrlContext :PCCRL_CONTEXT; dwAddDisposition :DWORD; var ppStoreContext :PCCRL_CONTEXT ):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Add the CRL context to the store according to the specified
  disposition option.
  In addition to the encoded CRL, the context's properties are
  also copied.  Note, the CERT_KEY_CONTEXT_PROP_ID property (and its
  CERT_KEY_PROV_HANDLE_PROP_ID or CERT_KEY_SPEC_PROP_ID) isn't copied.
  Makes a copy of the encoded CRL before adding to the store.
  dwAddDispostion specifies the action to take if the CRL
  already exists in the store. See CertAddCertificateContextToStore for a
  list of and actions taken.
  Compares the CRL's Issuer, ThisUpdate and NextUpdate to determine
  if the CRL already exists in the store.
  ppStoreContext can be NULL, indicating the caller isn't interested
  in getting the CRL_CONTEXT of the added or existing CRL.
--------------------------------------------------------------------------
CertAddCTLContextToStore - function CertAddCTLContextToStore(hCertStore :HCERTSTORE; pCtlContext :PCCTL_CONTEXT; dwAddDisposition :DWORD; var ppStoreContext :PCCTL_CONTEXT ):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Add the CTL context to the store according to the specified
  disposition option.
  In addition to the encoded CTL, the context's properties are
  also copied.  Note, the CERT_KEY_CONTEXT_PROP_ID property (and its
  CERT_KEY_PROV_HANDLE_PROP_ID or CERT_KEY_SPEC_PROP_ID) isn't copied.
  Makes a copy of the encoded CTL before adding to the store.
  dwAddDispostion specifies the action to take if the CTL
  already exists in the store. See CertAddCertificateContextToStore for a
  list of and actions taken.
  Compares the CTL's SubjectUsage, ListIdentifier and any of its signers
  to determine if the CTL already exists in the store.
  ppStoreContext can be NULL, indicating the caller isn't interested
  in getting the CTL_CONTEXT of the added or existing CTL.
--------------------------------------------------------------------------
CertAddEncodedCertificateToStore - function CertAddEncodedCertificateToStore(hCertStore :HCERTSTORE; dwCertEncodingType :DWORD; const pbCertEncoded :PBYTE; cbCertEncoded :DWORD; dwAddDisposition :DWORD; var ppCertContext :PCCERT_CONTEXT):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Add the encoded certificate to the store according to the specified
  disposition action.
  Makes a copy of the encoded certificate before adding to the store.
  dwAddDispostion specifies the action to take if the certificate
  already exists in the store. This parameter must be one of the following
  values:
    CERT_STORE_ADD_NEW
      Fails if the certificate already exists in the store. LastError
      is set to CRYPT_E_EXISTS.
    CERT_STORE_ADD_USE_EXISTING
      If the certifcate already exists, then, its used and if ppCertContext
      is non-NULL, the existing context is duplicated.
    CERT_STORE_ADD_REPLACE_EXISTING
      If the certificate already exists, then, the existing certificate
      context is deleted before creating and adding the new context.
    CERT_STORE_ADD_ALWAYS
      No check is made to see if the certificate already exists. A
      new certificate context is always created. This may lead to
      duplicates in the store.
  CertGetSubjectCertificateFromStore is called to determine if the
  certificate already exists in the store.
  ppCertContext can be NULL, indicating the caller isn't interested
  in getting the CERT_CONTEXT of the added or existing certificate.
--------------------------------------------------------------------------
CertAddEncodedCertificateToSystemStore - function CertAddEncodedCertificateToSystemStore(szCertStoreName :LPAWSTR; const pbCertEncoded :PBYTE; cbCertEncoded :DWORD):BOOL ; stdcall; Interfaced -
CertAddEncodedCertificateToSystemStoreA - function CertAddEncodedCertificateToSystemStoreA(szCertStoreName :LPCSTR; const pbCertEncoded :PBYTE; cbCertEncoded :DWORD):BOOL ; stdcall; Interfaced !UNICODE
CertAddEncodedCertificateToSystemStoreW - function CertAddEncodedCertificateToSystemStoreW(szCertStoreName :LPCWSTR; const pbCertEncoded :PBYTE; cbCertEncoded :DWORD):BOOL ; stdcall; Interfaced -
CertAddEncodedCRLToStore - function CertAddEncodedCRLToStore(hCertStore :HCERTSTORE; dwCertEncodingType :DWORD; pbCrlEncoded :PBYTE; cbCrlEncoded :DWORD; dwAddDisposition :DWORD; var ppCrlContext :PCCRL_CONTEXT ):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Add the encoded CRL to the store according to the specified
  disposition option.
  Makes a copy of the encoded CRL before adding to the store.
  dwAddDispostion specifies the action to take if the CRL
  already exists in the store. See CertAddEncodedCertificateToStore for a
  list of and actions taken.
  Compares the CRL's Issuer to determine if the CRL already exists in the
  store.
  ppCrlContext can be NULL, indicating the caller isn't interested
  in getting the CRL_CONTEXT of the added or existing CRL.
--------------------------------------------------------------------------
CertAddEncodedCTLToStore - function CertAddEncodedCTLToStore(hCertStore :HCERTSTORE; dwMsgAndCertEncodingType :DWORD; const pbCtlEncoded :PBYTE; cbCtlEncoded :DWORD; dwAddDisposition :DWORD; var ppCtlContext :PCCTL_CONTEXT Interfaced
+-------------------------------------------------------------------------
  Add the encoded CTL to the store according to the specified
  disposition option.
  Makes a copy of the encoded CTL before adding to the store.
  dwAddDispostion specifies the action to take if the CTL
  already exists in the store. See CertAddEncodedCertificateToStore for a
  list of and actions taken.
  Compares the CTL's SubjectUsage, ListIdentifier and any of its signers
  to determine if the CTL already exists in the store.
  ppCtlContext can be NULL, indicating the caller isn't interested
  in getting the CTL_CONTEXT of the added or existing CTL.
--------------------------------------------------------------------------
CertAddEnhancedKeyUsageIdentifier - function CertAddEnhancedKeyUsageIdentifier(pCertContext :PCCERT_CONTEXT; pszUsageIdentifier :LPCSTR ):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Add the usage identifier to the certificate's enhanced key usage property.
--------------------------------------------------------------------------
CertAddSerializedElementToStore - function CertAddSerializedElementToStore(hCertStore :HCERTSTORE; pbElement :PBYTE; cbElement :DWORD; dwAddDisposition :DWORD; dwFlags :DWORD; dwContextTypeFlags :DWORD; pdwContextType :PDWORD; var ppvContext : array of PVOID):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Add the serialized certificate or CRL element to the store.
  The serialized element contains the encoded certificate, CRL or CTL and
  its properties, such as, CERT_KEY_PROV_INFO_PROP_ID.
  If hCertStore is NULL, creates a certificate, CRL or CTL context not
  residing in any store.
  dwAddDispostion specifies the action to take if the certificate or CRL
  already exists in the store. See CertAddCertificateContextToStore for a
  list of and actions taken.
  dwFlags currently isn't used and should be set to 0.
  dwContextTypeFlags specifies the set of allowable contexts. For example, to
  add either a certificate or CRL, set dwContextTypeFlags to:
      CERT_STORE_CERTIFICATE_CONTEXT_FLAG | CERT_STORE_CRL_CONTEXT_FLAG
  *pdwContextType is updated with the type of the context returned in
  *ppvContxt. pdwContextType or ppvContext can be NULL, indicating the
  caller isn't interested in getting the output. If *ppvContext is
  returned it must be freed by calling CertFreeCertificateContext or
  CertFreeCRLContext.
--------------------------------------------------------------------------
CertAlgIdToOID - function CertAlgIdToOID(dwAlgId :DWORD):LPCSTR ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Convert the CAPI AlgId to the ASN.1 Object Identifier string
  Returns NULL if there isn't an ObjId corresponding to the AlgId.
--------------------------------------------------------------------------
CertCloseStore - function CertCloseStore(hCertStore :HCERTSTORE; dwFlags :DWORD):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Close a cert store handle.
  There needs to be a corresponding close for each open and duplicate.
  Even on the final close, the cert store isn't freed until all of its
  certificate and CRL contexts have also been freed.
  On the final close, the hCryptProv passed to CertStoreOpen is
  CryptReleaseContext'ed.
  To force the closure of the store with all of its memory freed, set the
  CERT_STORE_CLOSE_FORCE_FLAG. This flag should be set when the caller does
  its own reference counting and wants everything to vanish.
  To check if all the store's certificates and CRLs have been freed and that
  this is the last CertCloseStore, set the CERT_CLOSE_STORE_CHECK_FLAG. If
  set and certs, CRLs or stores still need to be freed/closed, FALSE is
  returned with LastError set to CRYPT_E_PENDING_CLOSE. Note, for FALSE,
  the store is still closed. This is a diagnostic flag.
  LastError is preserved unless CERT_CLOSE_STORE_CHECK_FLAG is set and FALSE
  is returned.
--------------------------------------------------------------------------
CertCompareCertificate - function CertCompareCertificate(dwCertEncodingType :DWORD; pCertId1 :PCERT_INFO; pCertId2 :PCERT_INFO):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Compare two certificates to see if they are identical.
  Since a certificate is uniquely identified by its Issuer and SerialNumber,
  these are the only fields needing to be compared.
  Returns TRUE if the certificates are identical.
--------------------------------------------------------------------------
CertCompareCertificateName - function CertCompareCertificateName(dwCertEncodingType :DWORD; pCertName1 :PCERT_NAME_BLOB; pCertName2 :PCERT_NAME_BLOB):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Compare two certificate names to see if they are identical.
  Returns TRUE if the names are identical.
--------------------------------------------------------------------------
CertCompareIntegerBlob - function CertCompareIntegerBlob(pInt1 :PCRYPT_INTEGER_BLOB; pInt2 :PCRYPT_INTEGER_BLOB ):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Compare two multiple byte integer blobs to see if they are identical.
  Before doing the comparison, leading zero bytes are removed from a
  positive number and leading 0xFF bytes are removed from a negative
  number.
  The multiple byte integers are treated as Little Endian. pbData[0] is the
  least significant byte and pbData[cbData - 1] is the most significant
  byte.
  Returns TRUE if the integer blobs are identical after removing leading
  0 or 0xFF bytes.
--------------------------------------------------------------------------
CertComparePublicKeyInfo - function CertComparePublicKeyInfo(dwCertEncodingType :DWORD; pPublicKey1 :PCERT_PUBLIC_KEY_INFO; pPublicKey2 :PCERT_PUBLIC_KEY_INFO ):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Compare two public keys to see if they are identical.
  Returns TRUE if the keys are identical.
--------------------------------------------------------------------------
CertCreateCertificateChainEngine - function CertCreateCertificateChainEngine ( pConfig: PCERT_CHAIN_ENGINE_CONFIG; var phChainEngine: HCERTCHAINENGINE): bool; stdcall; Interfaced -
CertCreateCertificateContext - function CertCreateCertificateContext(dwCertEncodingType :DWORD; pbCertEncoded :PBYTE; cbCertEncoded :DWORD):PCCERT_CONTEXT ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Create a certificate context from the encoded certificate. The created
  context isn't put in a store.
  Makes a copy of the encoded certificate in the created context.
  If unable to decode and create the certificate context, NULL is returned.
  Otherwise, a pointer to a read only CERT_CONTEXT is returned.
  CERT_CONTEXT must be freed by calling CertFreeCertificateContext.
  CertDuplicateCertificateContext can be called to make a duplicate.
  CertSetCertificateContextProperty and CertGetCertificateContextProperty can be called
  to store properties for the certificate.
--------------------------------------------------------------------------
CertCreateCRLContext - function CertCreateCRLContext(dwCertEncodingType :DWORD; pbCrlEncoded :PBYTE; cbCrlEncoded :DWORD):PCCRL_CONTEXT ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Create a CRL context from the encoded CRL. The created
  context isn't put in a store.
  Makes a copy of the encoded CRL in the created context.
  If unable to decode and create the CRL context, NULL is returned.
  Otherwise, a pointer to a read only CRL_CONTEXT is returned.
  CRL_CONTEXT must be freed by calling CertFreeCRLContext.
  CertDuplicateCRLContext can be called to make a duplicate.
  CertSetCRLContextProperty and CertGetCRLContextProperty can be called
  to store properties for the CRL.
--------------------------------------------------------------------------
CertCreateCTLContext - function CertCreateCTLContext(dwMsgAndCertEncodingType :DWORD; const pbCtlEncoded :PBYTE; cbCtlEncoded :DWORD):PCCTL_CONTEXT ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Create a CTL context from the encoded CTL. The created
  context isn't put in a store.
  Makes a copy of the encoded CTL in the created context.
  If unable to decode and create the CTL context, NULL is returned.
  Otherwise, a pointer to a read only CTL_CONTEXT is returned.
  CTL_CONTEXT must be freed by calling CertFreeCTLContext.
  CertDuplicateCTLContext can be called to make a duplicate.
  CertSetCTLContextProperty and CertGetCTLContextProperty can be called
  to store properties for the CTL.
--------------------------------------------------------------------------
CertDeleteCertificateFromStore - function CertDeleteCertificateFromStore(pCertContext :PCCERT_CONTEXT):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Delete the specified certificate from the store.
  All subsequent gets or finds for the certificate will fail. However,
  memory allocated for the certificate isn't freed until all of its contexts
  have also been freed.
  The pCertContext is obtained from a get, enum, find or duplicate.
  Some store provider implementations might also delete the issuer's CRLs
  if this is the last certificate for the issuer in the store.
  NOTE: the pCertContext is always CertFreeCertificateContext'ed by
  this function, even for an error.
--------------------------------------------------------------------------
CertDeleteCRLFromStore - function CertDeleteCRLFromStore(pCrlContext :PCCRL_CONTEXT):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Delete the specified CRL from the store.
  All subsequent gets for the CRL will fail. However,
  memory allocated for the CRL isn't freed until all of its contexts
  have also been freed.
  The pCrlContext is obtained from a get or duplicate.
  NOTE: the pCrlContext is always CertFreeCRLContext'ed by
  this function, even for an error.
--------------------------------------------------------------------------
CertDeleteCTLFromStore - function CertDeleteCTLFromStore(pCtlContext :PCCTL_CONTEXT):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Delete the specified CTL from the store.
  All subsequent gets for the CTL will fail. However,
  memory allocated for the CTL isn't freed until all of its contexts
  have also been freed.
  The pCtlContext is obtained from a get or duplicate.
  NOTE: the pCtlContext is always CertFreeCTLContext'ed by
  this function, even for an error.
--------------------------------------------------------------------------
CertDuplicateCertificateChain - function CertDuplicateCertificateChain ( pChainContext: PCCERT_CHAIN_CONTEXT): PCCERT_CHAIN_CONTEXT; stdcall; Interfaced Duplicate (add a reference to) a certificate chain
CertDuplicateCertificateContext - function CertDuplicateCertificateContext(pCertContext :PCCERT_CONTEXT):PCCERT_CONTEXT ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Duplicate a certificate context
--------------------------------------------------------------------------
CertDuplicateCRLContext - function CertDuplicateCRLContext(pCrlContext :PCCRL_CONTEXT):PCCRL_CONTEXT ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Duplicate a CRL context
--------------------------------------------------------------------------
CertDuplicateCTLContext - function CertDuplicateCTLContext(pCtlContext :PCCTL_CONTEXT):PCCTL_CONTEXT ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Duplicate a CTL context
--------------------------------------------------------------------------
CertDuplicateStore - function CertDuplicateStore(hCertStore :HCERTSTORE):HCERTSTORE ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Duplicate a cert store handle
--------------------------------------------------------------------------
CertEnumCertificateContextProperties - function CertEnumCertificateContextProperties(pCertContext :PCCERT_CONTEXT; dwPropId :DWORD):DWORD ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Enumerate the properties for the specified certificate context.
  To get the first property, set dwPropId to 0. The ID of the first
  property is returned. To get the next property, set dwPropId to the
  ID returned by the last call. To enumerate all the properties continue
  until 0 is returned.
  CertGetCertificateContextProperty is called to get the property's data.
  Note, since, the CERT_KEY_PROV_HANDLE_PROP_ID and CERT_KEY_SPEC_PROP_ID
  properties are stored as fields in the CERT_KEY_CONTEXT_PROP_ID
  property, they aren't enumerated individually.
--------------------------------------------------------------------------
CertEnumCertificatesInStore - function CertEnumCertificatesInStore(hCertStore :HCERTSTORE; pPrevCertContext :PCCERT_CONTEXT ):PCCERT_CONTEXT ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Enumerate the certificate contexts in the store.
  If a certificate isn't found, NULL is returned.
  Otherwise, a pointer to a read only CERT_CONTEXT is returned. CERT_CONTEXT
  must be freed by calling CertFreeCertificateContext or is freed when passed as the
  pPrevCertContext on a subsequent call. CertDuplicateCertificateContext
  can be called to make a duplicate.
  pPrevCertContext MUST BE NULL to enumerate the first
  certificate in the store. Successive certificates are enumerated by setting
  pPrevCertContext to the CERT_CONTEXT returned by a previous call.
  NOTE: a NON-NULL pPrevCertContext is always CertFreeCertificateContext'ed by
  this function, even for an error.
--------------------------------------------------------------------------
CertEnumCRLContextProperties - function CertEnumCRLContextProperties(pCrlContext :PCCRL_CONTEXT; dwPropId :DWORD):DWORD ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Enumerate the properties for the specified CRL context.
  To get the first property, set dwPropId to 0. The ID of the first
  property is returned. To get the next property, set dwPropId to the
  ID returned by the last call. To enumerate all the properties continue
  until 0 is returned.
  CertGetCRLContextProperty is called to get the property's data.
--------------------------------------------------------------------------
CertEnumCRLsInStore - function CertEnumCRLsInStore(hCertStore: HCERTSTORE; pPrevCrlContext: PCCRL_CONTEXT): PCCRL_CONTEXT; stdcall; Interfaced
+-------------------------------------------------------------------------
  Enumerate the CRL contexts in the store.
  If a CRL isn't found, NULL is returned.
  Otherwise, a pointer to a read only CRL_CONTEXT is returned. CRL_CONTEXT
  must be freed by calling CertFreeCRLContext or is freed when passed as the
  pPrevCrlContext on a subsequent call. CertDuplicateCRLContext
  can be called to make a duplicate.
  pPrevCrlContext MUST BE NULL to enumerate the first
  CRL in the store. Successive CRLs are enumerated by setting
  pPrevCrlContext to the CRL_CONTEXT returned by a previous call.
  NOTE: a NON-NULL pPrevCrlContext is always CertFreeCRLContext'ed by
  this function, even for an error.
--------------------------------------------------------------------------
CertEnumCTLContextProperties - function CertEnumCTLContextProperties(pCtlContext :PCCTL_CONTEXT; dwPropId :DWORD):DWORD ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Enumerate the properties for the specified CTL context.
--------------------------------------------------------------------------
CertEnumCTLsInStore - function CertEnumCTLsInStore(hCertStore :HCERTSTORE; pPrevCtlContext :PCCTL_CONTEXT ):PCCTL_CONTEXT ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Enumerate the CTL contexts in the store.
  If a CTL isn't found, NULL is returned.
  Otherwise, a pointer to a read only CTL_CONTEXT is returned. CTL_CONTEXT
  must be freed by calling CertFreeCTLContext or is freed when passed as the
  pPrevCtlContext on a subsequent call. CertDuplicateCTLContext
  can be called to make a duplicate.
  pPrevCtlContext MUST BE NULL to enumerate the first
  CTL in the store. Successive CTLs are enumerated by setting
  pPrevCtlContext to the CTL_CONTEXT returned by a previous call.
  NOTE: a NON-NULL pPrevCtlContext is always CertFreeCTLContext'ed by
  this function, even for an error.
--------------------------------------------------------------------------
CertFindAttribute - function CertFindAttribute(pszObjId :LPCSTR; cAttr :DWORD; rgAttr :array of CRYPT_ATTRIBUTE):PCRYPT_ATTRIBUTE ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Find the first attribute identified by its Object Identifier.
  If found, returns pointer to the attribute. Otherwise, returns NULL.
--------------------------------------------------------------------------
CertFindCertificateInStore - function CertFindCertificateInStore(hCertStore :HCERTSTORE; dwCertEncodingType :DWORD; dwFindFlags :DWORD; dwFindType :DWORD; const pvFindPara :PVOID; pPrevCertContext :PCCERT_CONTEXT ):PCCERT_CONTEXT ; stdcall; Interfaced
Function CertEnumCertificatesInStore(hCertStore :HCERTSTORE;
                                     pPrevCertContext :pointer
                                     ):pointer ; stdcall;

+-------------------------------------------------------------------------
  Find the first or next certificate context in the store.
  The certificate is found according to the dwFindType and its pvFindPara.
  See below for a list of the find types and its parameters.
  Currently dwFindFlags is only used for CERT_FIND_SUBJECT_ATTR,
  CERT_FIND_ISSUER_ATTR or CERT_FIND_CTL_USAGE. Otherwise, must be set to 0.
  Usage of dwCertEncodingType depends on the dwFindType.
  If the first or next certificate isn't found, NULL is returned.
  Otherwise, a pointer to a read only CERT_CONTEXT is returned. CERT_CONTEXT
  must be freed by calling CertFreeCertificateContext or is freed when passed as the
  pPrevCertContext on a subsequent call. CertDuplicateCertificateContext
  can be called to make a duplicate.
  pPrevCertContext MUST BE NULL on the first
  call to find the certificate. To find the next certificate, the
  pPrevCertContext is set to the CERT_CONTEXT returned by a previous call.
  NOTE: a NON-NULL pPrevCertContext is always CertFreeCertificateContext'ed by
  this function, even for an error.
--------------------------------------------------------------------------
CertFindChainInStore - function CertFindChainInStore( hCertStore: HCERTSTORE; dwCertEncodingType: DWORD; dwFindFlags: DWORD; dwFindType: DWORD; const pvFindPara: pointer; pPrevChainContext: PCCERT_CHAIN_CONTEXT): bool; stdcall; Interfaced
+-------------------------------------------------------------------------
  Find the first or next certificate chain context in the store.
  The chain context is found according to the dwFindFlags, dwFindType and
  its pvFindPara. See below for a list of the find types and its parameters.
  If the first or next chain context isn't found, NULL is returned.
  Otherwise, a pointer to a read only CERT_CHAIN_CONTEXT is returned.
  CERT_CHAIN_CONTEXT must be freed by calling CertFreeCertificateChain
  or is freed when passed as the
  pPrevChainContext on a subsequent call. CertDuplicateCertificateChain
  can be called to make a duplicate.
  pPrevChainContext MUST BE NULL on the first
  call to find the chain context. To find the next chain context, the
  pPrevChainContext is set to the CERT_CHAIN_CONTEXT returned by a previous
  call.
  NOTE: a NON-NULL pPrevChainContext is always CertFreeCertificateChain'ed by
  this function, even for an error.
--------------------------------------------------------------------------
CertFindCTLInStore - function CertFindCTLInStore(hCertStore :HCERTSTORE; dwMsgAndCertEncodingType :DWORD; dwFindFlags :DWORD; dwFindType :DWORD; const pvFindPara :PVOID; pPrevCtlContext :PCCTL_CONTEXT):PCCTL_CONTEXT ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Find the first or next CTL context in the store.
  The CTL is found according to the dwFindType and its pvFindPara.
  See below for a list of the find types and its parameters.
  Currently dwFindFlags isn't used and must be set to 0.
  Usage of dwMsgAndCertEncodingType depends on the dwFindType.
  If the first or next CTL isn't found, NULL is returned.
  Otherwise, a pointer to a read only CTL_CONTEXT is returned. CTL_CONTEXT
  must be freed by calling CertFreeCTLContext or is freed when passed as the
  pPrevCtlContext on a subsequent call. CertDuplicateCTLContext
  can be called to make a duplicate.
  pPrevCtlContext MUST BE NULL on the first
  call to find the CTL. To find the next CTL, the
  pPrevCtlContext is set to the CTL_CONTEXT returned by a previous call.
  NOTE: a NON-NULL pPrevCtlContext is always CertFreeCTLContext'ed by
  this function, even for an error.
--------------------------------------------------------------------------
CertFindExtension - function CertFindExtension(pszObjId :LPCSTR; cExtensions :DWORD; rgExtensions :PPVOID Interfaced
+-------------------------------------------------------------------------
  Find an extension identified by its Object Identifier.
  If found, returns pointer to the extension. Otherwise, returns NULL.
--------------------------------------------------------------------------
CertFindRDNAttr - function CertFindRDNAttr(pszObjId :LPCSTR; pName :PCERT_NAME_INFO ):PCERT_RDN_ATTR ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Find the first CERT_RDN attribute identified by its Object Identifier in
  the name's list of Relative Distinguished Names.
  If found, returns pointer to the attribute. Otherwise, returns NULL.
--------------------------------------------------------------------------
CertFindSubjectInCTL - function CertFindSubjectInCTL(dwEncodingType :DWORD; dwSubjectType :DWORD; pvSubject :PVOID; pCtlContext :PCCTL_CONTEXT; dwFlags :DWORD):PCTL_ENTRY ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Attempt to find the specified subject in the CTL.
  For CTL_CERT_SUBJECT_TYPE, pvSubject points to a CERT_CONTEXT. The CTL's
  SubjectAlgorithm is examined to determine the representation of the
  subject's identity. Initially, only SHA1 or MD5 hash will be supported.
  The appropriate hash property is obtained from the CERT_CONTEXT.
  For CTL_ANY_SUBJECT_TYPE, pvSubject points to the CTL_ANY_SUBJECT_INFO
  structure which contains the SubjectAlgorithm to be matched in the CTL
  and the SubjectIdentifer to be matched in one of the CTL entries.
  The certificate's hash or the CTL_ANY_SUBJECT_INFO's SubjectIdentifier
  is used as the key in searching the subject entries. A binary
  memory comparison is done between the key and the entry's SubjectIdentifer.
  dwEncodingType isn't used for either of the above SubjectTypes.
--------------------------------------------------------------------------
CertFreeCertificateChain - function CertFreeCertificateChain ( pChainContext: PCCERT_CHAIN_CONTEXT): bool; stdcall; Interfaced Free a certificate chain
CertFreeCertificateChainEngine - function CertFreeCertificateChainEngine ( hChainEngine: HCERTCHAINENGINE): bool; stdcall; Interfaced Free a certificate trust engine
CertFreeCertificateContext - function CertFreeCertificateContext(pCertContext :PCCERT_CONTEXT):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Free a certificate context
  There needs to be a corresponding free for each context obtained by a
  get, find, duplicate or create.
--------------------------------------------------------------------------
CertFreeCRLContext - function CertFreeCRLContext(pCrlContext :PCCRL_CONTEXT):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Free a CRL context
  There needs to be a corresponding free for each context obtained by a
  get, duplicate or create.
--------------------------------------------------------------------------
CertFreeCTLContext - function CertFreeCTLContext(pCtlContext :PCCTL_CONTEXT):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Free a CTL context
  There needs to be a corresponding free for each context obtained by a
  get, duplicate or create.
--------------------------------------------------------------------------
CertGetCertificateChain - function CertGetCertificateChain ( hChainEngine: HCERTCHAINENGINE; pCertContext: PCCERT_CONTEXT; pTime: PFILETIME; hAdditionalStore: HCERTSTORE; pChainPara: PCERT_CHAIN_PARA; dwFlags: DWORD; pvReserved: pointer; Interfaced -
CertGetCertificateContextProperty - function CertGetCertificateContextProperty(pCertContext :PCCERT_CONTEXT; dwPropId :DWORD; pvData :PVOID; pcbData :PDWORD):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Get the property for the specified certificate context.
  For CERT_KEY_PROV_HANDLE_PROP_ID, pvData points to a HCRYPTPROV.
  For CERT_KEY_PROV_INFO_PROP_ID, pvData points to a CRYPT_KEY_PROV_INFO structure.
  Elements pointed to by fields in the pvData structure follow the
  structure. Therefore, *pcbData may exceed the size of the structure.
  For CERT_KEY_CONTEXT_PROP_ID, pvData points to a CERT_KEY_CONTEXT structure.
  For CERT_KEY_SPEC_PROP_ID, pvData points to a DWORD containing the KeySpec.
  If the CERT_KEY_CONTEXT_PROP_ID exists, the KeySpec is obtained from there.
  Otherwise, if the CERT_KEY_PROV_INFO_PROP_ID exists, its the source
  of the KeySpec.
  For CERT_SHA1_HASH_PROP_ID or CERT_MD5_HASH_PROP_ID, if the hash
  doesn't already exist, then, its computed via CryptHashCertificate()
  and then set. pvData points to the computed hash. Normally, the length
  is 20 bytes for SHA and 16 for MD5.
  For all other PROP_IDs, pvData points to an encoded array of bytes.
--------------------------------------------------------------------------
CertGetCRLContextProperty - function CertGetCRLContextProperty(pCrlContext :PCCRL_CONTEXT; dwPropId :DWORD; pvData :PVOID; pcbData :PDWORD):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Get the property for the specified CRL context.
  Same Property Ids and semantics as CertGetCertificateContextProperty.
  CERT_SHA1_HASH_PROP_ID or CERT_MD5_HASH_PROP_ID is the predefined
  property of most interest.
--------------------------------------------------------------------------
CertGetCRLFromStore - function CertGetCRLFromStore(hCertStore :HCERTSTORE; pIssuerContext :PCCERT_CONTEXT; Interfaced
+-------------------------------------------------------------------------
  Get the first or next CRL context from the store for the specified
  issuer certificate. Perform the enabled verification checks on the CRL.
  If the first or next CRL isn't found, NULL is returned.
  Otherwise, a pointer to a read only CRL_CONTEXT is returned. CRL_CONTEXT
  must be freed by calling CertFreeCRLContext. However, the free must be
  pPrevCrlContext on a subsequent call. CertDuplicateCRLContext
  can be called to make a duplicate.
  The pIssuerContext may have been obtained from this store, another store
  or created by the caller application. When created by the caller, the
  CertCreateCertificateContext function must have been called.
  If pIssuerContext == NULL, finds all the CRLs in the store.
  An issuer may have multiple CRLs. For example, it generates delta CRLs
  using a X.509 v3 extension. pPrevCrlContext MUST BE NULL on the first
  call to get the CRL. To get the next CRL for the issuer, the
  pPrevCrlContext is set to the CRL_CONTEXT returned by a previous call.
  NOTE: a NON-NULL pPrevCrlContext is always CertFreeCRLContext'ed by
  this function, even for an error.
  The following flags can be set in *pdwFlags to enable verification checks
  on the returned CRL:
      CERT_STORE_SIGNATURE_FLAG     - use the public key in the
                                      issuer's certificate to verify the
                                      signature on the returned CRL.
                                      Note, if pIssuerContext->hCertStore ==
                                      hCertStore, the store provider might
                                      be able to eliminate a redo of
                                      the signature verify.
      CERT_STORE_TIME_VALIDITY_FLAG - get the current time and verify that
                                      its within the CRL's ThisUpdate and
                                      NextUpdate validity period.
  If an enabled verification check fails, then, its flag is set upon return.
  If pIssuerContext == NULL, then, an enabled CERT_STORE_SIGNATURE_FLAG
  always fails and the CERT_STORE_NO_ISSUER_FLAG is also set.
  For a verification check failure, a pointer to the first or next
  CRL_CONTEXT is still returned and SetLastError isn't updated.
--------------------------------------------------------------------------
CertGetCTLContextProperty - function CertGetCTLContextProperty(pCtlContext :PCCTL_CONTEXT; dwPropId :DWORD; pvData :PVOID; pcbData :PDWORD):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Get the property for the specified CTL context.
  Same Property Ids and semantics as CertGetCertificateContextProperty.
  CERT_SHA1_HASH_PROP_ID or CERT_NEXT_UPDATE_LOCATION_PROP_ID are the
  predefined properties of most interest.
--------------------------------------------------------------------------
CertGetEnhancedKeyUsage - function CertGetEnhancedKeyUsage(pCertContext :PCCERT_CONTEXT; dwFlags :DWORD; pUsage :PCERT_ENHKEY_USAGE; pcbUsage :PDWORD):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Get the enhanced key usage extension or property from the certificate
  and decode.
  If the CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG is set, then, only get the
  extension.
  If the CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG is set, then, only get the
  property.
--------------------------------------------------------------------------
CertGetIntendedKeyUsage - function CertGetIntendedKeyUsage(dwCertEncodingType :DWORD; pCertInfo :PCERT_INFO; pbKeyUsage :PBYTE; cbKeyUsage :DWORD):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Get the intended key usage bytes from the certificate.
  If the certificate doesn't have any intended key usage bytes, returns FALSE
  and *pbKeyUsage is zeroed. Otherwise, returns TRUE and up through
  cbKeyUsage bytes are copied into *pbKeyUsage. Any remaining uncopied
  bytes are zeroed.
--------------------------------------------------------------------------
CertGetIssuerCertificateFromStore - function CertGetIssuerCertificateFromStore(hCertStore :HCERTSTORE; pSubjectContext :PCCERT_CONTEXT; pPrevIssuerContext :PCCERT_CONTEXT; Interfaced
+-------------------------------------------------------------------------
  Get the certificate context from the store for the first or next issuer
  of the specified subject certificate. Perform the enabled
  verification checks on the subject. (Note, the checks are on the subject
  using the returned issuer certificate.)
  If the first or next issuer certificate isn't found, NULL is returned.
  Otherwise, a pointer to a read only CERT_CONTEXT is returned. CERT_CONTEXT
  must be freed by calling CertFreeCertificateContext or is freed when passed as the
  pPrevIssuerContext on a subsequent call. CertDuplicateCertificateContext
  can be called to make a duplicate.
  For a self signed subject certificate, NULL is returned with LastError set
  to CERT_STORE_SELF_SIGNED. The enabled verification checks are still done.
  The pSubjectContext may have been obtained from this store, another store
  or created by the caller application. When created by the caller, the
  CertCreateCertificateContext function must have been called.
  An issuer may have multiple certificates. This may occur when the validity
  period is about to change. pPrevIssuerContext MUST BE NULL on the first
  call to get the issuer. To get the next certificate for the issuer, the
  pPrevIssuerContext is set to the CERT_CONTEXT returned by a previous call.
  NOTE: a NON-NULL pPrevIssuerContext is always CertFreeCertificateContext'ed by
  this function, even for an error.
  The following flags can be set in *pdwFlags to enable verification checks
  on the subject certificate context:
      CERT_STORE_SIGNATURE_FLAG     - use the public key in the returned
                                      issuer certificate to verify the
                                      signature on the subject certificate.
                                      Note, if pSubjectContext->hCertStore ==
                                      hCertStore, the store provider might
                                      be able to eliminate a redo of
                                      the signature verify.
      CERT_STORE_TIME_VALIDITY_FLAG - get the current time and verify that
                                      its within the subject certificate's
                                      validity period
      CERT_STORE_REVOCATION_FLAG    - check if the subject certificate is on
                                      the issuer's revocation list
  If an enabled verification check fails, then, its flag is set upon return.
  If CERT_STORE_REVOCATION_FLAG was enabled and the issuer doesn't have a
  CRL in the store, then, CERT_STORE_NO_CRL_FLAG is set in addition to
  the CERT_STORE_REVOCATION_FLAG.
  If CERT_STORE_SIGNATURE_FLAG or CERT_STORE_REVOCATION_FLAG is set, then,
  CERT_STORE_NO_ISSUER_FLAG is set if it doesn't have an issuer certificate
  in the store.
  For a verification check failure, a pointer to the issuer's CERT_CONTEXT
  is still returned and SetLastError isn't updated.
--------------------------------------------------------------------------
CertGetNameString - function CertGetNameString(pCertContext: PCCERT_CONTEXT; dwType: DWORD; dwFlags: DWORD; pvTypePara: DWORD; pNameString: PChar; cchNameString: DWORD): BOOL; stdcall; Interfaced JLI
CertGetPublicKeyLength - function CertGetPublicKeyLength(dwCertEncodingType :DWORD; pPublicKey :PCERT_PUBLIC_KEY_INFO ):DWORD ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Get the public/private key's bit length.
  Returns 0 if unable to determine the key's length.
--------------------------------------------------------------------------
CertGetSubjectCertificateFromStore - function CertGetSubjectCertificateFromStore(hCertStore :HCERTSTORE; dwCertEncodingType :DWORD; pCertId :PCERT_INFO Interfaced
+-------------------------------------------------------------------------
  Get the subject certificate context uniquely identified by its Issuer and
  SerialNumber from the store.
  If the certificate isn't found, NULL is returned. Otherwise, a pointer to
  a read only CERT_CONTEXT is returned. CERT_CONTEXT must be freed by calling
  CertFreeCertificateContext. CertDuplicateCertificateContext can be called to make a
  duplicate.
  The returned certificate might not be valid. Normally, it would be
  verified when getting its issuer certificate (CertGetIssuerCertificateFromStore).
--------------------------------------------------------------------------
CertIsRDNAttrsInCertificateName - function CertIsRDNAttrsInCertificateName(dwCertEncodingType :DWORD; dwFlags :DWORD; pCertName :PCERT_NAME_BLOB; pRDN :PCERT_RDN):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Compare the attributes in the certificate name with the specified
  Relative Distinguished Name's (CERT_RDN) array of attributes.
  The comparison iterates through the CERT_RDN attributes and looks for an
  attribute match in any of the certificate name's RDNs.
  Returns TRUE if all the attributes are found and match.
  The CERT_RDN_ATTR fields can have the following special values:
    pszObjId == NULL              - ignore the attribute object identifier
    dwValueType == RDN_ANY_TYPE   - ignore the value type
  Currently only an exact, case sensitive match is supported.
  CERT_UNICODE_IS_RDN_ATTRS_FLAG should be set if the pRDN was initialized
  with unicode strings as for CryptEncodeObject(X509_UNICODE_NAME).
--------------------------------------------------------------------------
CertNameToStr - function CertNameToStr(dwCertEncodingType :DWORD; pName :PCERT_NAME_BLOB; dwStrType :DWORD; psz :LPAWSTR; Interfaced -
CertNameToStrA - function CertNameToStrA(dwCertEncodingType :DWORD; pName :PCERT_NAME_BLOB; dwStrType :DWORD; psz :LPSTR; Interfaced
+-------------------------------------------------------------------------
--------------------------------------------------------------------------
!UNICODE
CertNameToStrW - function CertNameToStrW(dwCertEncodingType :DWORD; pName :PCERT_NAME_BLOB; dwStrType :DWORD; psz :LPWSTR; Interfaced
+-------------------------------------------------------------------------
--------------------------------------------------------------------------
CertOIDToAlgId - function CertOIDToAlgId(pszObjId :LPCSTR):DWORD ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Convert the ASN.1 Object Identifier string to the CAPI AlgId.
  Returns 0 if there isn't an AlgId corresponding to the ObjId.
--------------------------------------------------------------------------
CertOpenStore - function CertOpenStore(lpszStoreProvider :LPCSTR; dwEncodingType :DWORD; hCryptProv :HCRYPTPROV; dwFlags :DWORD; const pvPara :PVOID):HCERTSTORE ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Open the cert store using the specified store provider.
  hCryptProv specifies the crypto provider to use to create the hash
  properties or verify the signature of a subject certificate or CRL.
  The store doesn't need to use a private
  key. If the CERT_STORE_NO_CRYPT_RELEASE_FLAG isn't set, hCryptProv is
  CryptReleaseContext'ed on the final CertCloseStore.
  Note, if the open fails, hCryptProv is released if it would have been
  released when the store was closed.
  If hCryptProv is zero, then, the default provider and container for the
  PROV_RSA_FULL provider type is CryptAcquireContext'ed with
  CRYPT_VERIFYCONTEXT access. The CryptAcquireContext is deferred until
  the first create hash or verify signature. In addition, once acquired,
  the default provider isn't released until process exit when crypt32.dll
  is unloaded. The acquired default provider is shared across all stores
  and threads.
  After initializing the store's data structures and optionally acquiring a
  default crypt provider, CertOpenStore calls CryptGetOIDFunctionAddress to
  get the address of the CRYPT_OID_OPEN_STORE_PROV_FUNC specified by
  lpszStoreProvider. Since a store can contain certificates with different
  encoding types, CryptGetOIDFunctionAddress is called with dwEncodingType
  set to 0 and not the dwEncodingType passed to CertOpenStore.
  PFN_CERT_DLL_OPEN_STORE_FUNC specifies the signature of the provider's
  open function. This provider open function is called to load the
  store's certificates and CRLs. Optionally, the provider may return an
  array of functions called before a certificate or CRL is added or deleted
  or has a property that is set.
  Use of the dwEncodingType parameter is provider dependent. The type
  definition for pvPara also depends on the provider.
  Store providers are installed or registered via
  CryptInstallOIDFunctionAddress or CryptRegisterOIDFunction, where,
  dwEncodingType is 0 and pszFuncName is CRYPT_OID_OPEN_STORE_PROV_FUNC.
  Here's a list of the predefined provider types (implemented in crypt32.dll):
  CERT_STORE_PROV_MSG:
      Gets the certificates and CRLs from the specified cryptographic message.
      dwEncodingType contains the message and certificate encoding types.
      The message's handle is passed in pvPara. Given,
          HCRYPTMSG hCryptMsg; pvPara = (const void *) hCryptMsg;
  CERT_STORE_PROV_MEMORY
  sz_CERT_STORE_PROV_MEMORY:
      Opens a store without any initial certificates or CRLs. pvPara
      isn't used.
  CERT_STORE_PROV_FILE:
      Reads the certificates and CRLs from the specified file. The file's
      handle is passed in pvPara. Given,
          HANDLE hFile; pvPara = (const void *) hFile;
      For a successful open, the file pointer is advanced past
      the certificates and CRLs and their properties read from the file.
      Note, only expects a serialized store and not a file containing
      either a PKCS #7 signed message or a single encoded certificate.
      The hFile isn't closed.
  CERT_STORE_PROV_REG:
      Reads the certificates and CRLs from the registry. The registry's
      key handle is passed in pvPara. Given,
          HKEY hKey; pvPara = (const void *) hKey;
      The input hKey isn't closed by the provider. Before returning, the
      provider opens/creates "Certificates" and "CRLs" subkeys. These
      subkeys remain open until the store is closed.
      If CERT_STORE_READONLY_FLAG is set, then, the registry subkeys are
      RegOpenKey'ed with KEY_READ_ACCESS. Otherwise, the registry subkeys
      are RegCreateKey'ed with KEY_ALL_ACCESS.
      This provider returns the array of functions for reading, writing,
      deleting and property setting certificates and CRLs.
      Any changes to the opened store are immediately pushed through to
      the registry. However, if CERT_STORE_READONLY_FLAG is set, then,
      writing, deleting or property setting results in a
      SetLastError(E_ACCESSDENIED).
      Note, all the certificates and CRLs are read from the registry
      when the store is opened. The opened store serves as a write through
      cache. However, the opened store isn't notified of other changes
      made to the registry. Note, RegNotifyChangeKeyValue is supported
      on NT but not supported on Windows95.
  CERT_STORE_PROV_PKCS7:
  sz_CERT_STORE_PROV_PKCS7:
      Gets the certificates and CRLs from the encoded PKCS #7 signed message.
      dwEncodingType specifies the message and certificate encoding types.
      The pointer to the encoded message's blob is passed in pvPara. Given,
          CRYPT_DATA_BLOB EncodedMsg; pvPara = (const void *) &EncodedMsg;
      Note, also supports the IE3.0 special version of a
      PKCS #7 signed message referred to as a "SPC" formatted message.
  CERT_STORE_PROV_SERIALIZED:
  sz_CERT_STORE_PROV_SERIALIZED:
      Gets the certificates and CRLs from memory containing a serialized
      store.  The pointer to the serialized memory blob is passed in pvPara.
      Given,
          CRYPT_DATA_BLOB Serialized; pvPara = (const void *) &Serialized;
  CERT_STORE_PROV_FILENAME_A:
  CERT_STORE_PROV_FILENAME_W:
  CERT_STORE_PROV_FILENAME:
  sz_CERT_STORE_PROV_FILENAME_W:
  sz_CERT_STORE_PROV_FILENAME:
      Opens the file and first attempts to read as a serialized store. Then,
      as a PKCS #7 signed message. Finally, as a single encoded certificate.
      The filename is passed in pvPara. The filename is UNICODE for the
      "_W" provider and ASCII for the "_A" provider. For "_W": given,
          LPCWSTR pwszFilename; pvPara = (const void *) pwszFilename;
      For "_A": given,
          LPCSTR pszFilename; pvPara = (const void *) pszFilename;
      Note, the default (without "_A" or "_W") is unicode.
      Note, also supports the reading of the IE3.0 special version of a
      PKCS #7 signed message file referred to as a "SPC" formatted file.
  CERT_STORE_PROV_SYSTEM_A:
  CERT_STORE_PROV_SYSTEM_W:
  CERT_STORE_PROV_SYSTEM:
  sz_CERT_STORE_PROV_SYSTEM_W:
  sz_CERT_STORE_PROV_SYSTEM:
      Opens the specified "system" store. Currently, all the system
      stores are stored in the registry. The upper word of the dwFlags
      parameter is used to specify the location of the system store. It
      should be set to either CERT_SYSTEM_STORE_CURRENT_USER for
      HKEY_CURRENT_USER or CERT_SYSTEM_STORE_LOCAL_MACHINE for
      HKEY_LOCAL_MACHINE.
      After opening the registry key associated with the system name,
      the CERT_STORE_PROV_REG provider is called to complete the open.
      The system store name is passed in pvPara. The name is UNICODE for the
      "_W" provider and ASCII for the "_A" provider. For "_W": given,
          LPCWSTR pwszSystemName; pvPara = (const void *) pwszSystemName;
      For "_A": given,
          LPCSTR pszSystemName; pvPara = (const void *) pszSystemName;
      Note, the default (without "_A" or "_W") is UNICODE.
      If CERT_STORE_READONLY_FLAG is set, then, the registry is
      RegOpenKey'ed with KEY_READ_ACCESS. Otherwise, the registry is
      RegCreateKey'ed with KEY_ALL_ACCESS.
      The "root" store is treated differently from the other system
      stores. Before a certificate is added to or deleted from the "root"
      store, a pop up message box is displayed. The certificate's subject,
      issuer, serial number, time validity, sha1 and md5 thumbprints are
      displayed. The user is given the option to do the add or delete.
      If they don't allow the operation, LastError is set to E_ACCESSDENIED.
--------------------------------------------------------------------------
CertOpenSystemStore - function CertOpenSystemStore(hProv :HCRYPTPROV; szSubsystemProtocol :LPAWSTR):HCERTSTORE ; stdcall; Interfaced -
CertOpenSystemStoreA - function CertOpenSystemStoreA(hProv :HCRYPTPROV; szSubsystemProtocol :LPCSTR):HCERTSTORE ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Get a system certificate store based on a subsystem protocol.
  Current examples of subsystems protocols are:
      "MY"    Cert Store hold certs with associated Private Keys
      "CA"    Certifying Authority certs
      "ROOT"  Root Certs
      "SPC"   Software publisher certs
  If hProv is NULL the default provider "1" is opened for you.
  When the store is closed the provider is release. Otherwise
  if hProv is not NULL, no provider is created or released.
  The returned Cert Store can be searched for an appropriate Cert
  using the Cert Store API's (see certstor.h)
  When done, the cert store should be closed using CertStoreClose
--------------------------------------------------------------------------
CertOpenSystemStoreW - function CertOpenSystemStoreW(hProv :HCRYPTPROV; szSubsystemProtocol :LPCWSTR):HCERTSTORE ; stdcall; Interfaced -
CertRDNValueToStr - function CertRDNValueToStr(dwValueType :DWORD; pValue :PCERT_RDN_VALUE_BLOB; psz :LPAWSTR; Interfaced -
CertRDNValueToStrA - function CertRDNValueToStrA(dwValueType :DWORD; pValue :PCERT_RDN_VALUE_BLOB; psz :LPSTR; Interfaced
+-------------------------------------------------------------------------
  Convert a Name Value to a null terminated char string
  Returns the number of characters converted including the terminating null
  character. If psz is NULL or csz is 0, returns the required size of the
  destination string (including the terminating null char).
  If psz != NULL && csz != 0, returned psz is always NULL terminated.
  Note: csz includes the NULL char.
--------------------------------------------------------------------------
CertRDNValueToStrW - function CertRDNValueToStrW(dwValueType :DWORD; pValue :PCERT_RDN_VALUE_BLOB; psz :LPWSTR; Interfaced
+-------------------------------------------------------------------------
  Convert a Name Value to a null terminated char string
  Returns the number of characters converted including the terminating null
  character. If psz is NULL or csz is 0, returns the required size of the
  destination string (including the terminating null char).
  If psz != NULL && csz != 0, returned psz is always NULL terminated.
  Note: csz includes the NULL char.
--------------------------------------------------------------------------
CertRemoveEnhancedKeyUsageIdentifier - function CertRemoveEnhancedKeyUsageIdentifier(pCertContext :PCCERT_CONTEXT; pszUsageIdentifier :LPCSTR ):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Remove the usage identifier from the certificate's enhanced key usage
  property.
--------------------------------------------------------------------------
CertResyncCertificateChainEngine - function CertResyncCertificateChainEngine ( hChainEngine: HCERTCHAINENGINE):bool; stdcall; Interfaced
Resync the certificate chain engine.  This resync's the stores backing
 the engine and updates the engine caches.
CertSaveStore - function CertSaveStore(hCertStore :HCERTSTORE; dwEncodingType :DWORD; dwSaveAs :DWORD; dwSaveTo :DWORD; pvSaveToPara :PVOID; dwFlags :DWORD):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Save the cert store. Extended version with lots of options.
  According to the dwSaveAs parameter, the store can be saved as a
  serialized store (CERT_STORE_SAVE_AS_STORE) containing properties in
  addition to encoded certificates, CRLs and CTLs or the store can be saved
  as a PKCS #7 signed message (CERT_STORE_SAVE_AS_PKCS7) which doesn't
  include the properties or CTLs.
  Note, the CERT_KEY_CONTEXT_PROP_ID property (and its
  CERT_KEY_PROV_HANDLE_PROP_ID or CERT_KEY_SPEC_PROP_ID) isn't saved into
  a serialized store.
  For CERT_STORE_SAVE_AS_PKCS7, the dwEncodingType specifies the message
  encoding type. The dwEncodingType parameter isn't used for
  CERT_STORE_SAVE_AS_STORE.
  The dwFlags parameter currently isn't used and should be set to 0.
  The dwSaveTo and pvSaveToPara parameters specify where to save the
  store as follows:
    CERT_STORE_SAVE_TO_FILE:
      Saves to the specified file. The file's handle is passed in
      pvSaveToPara. Given,
          HANDLE hFile; pvSaveToPara = (void *) hFile;
      For a successful save, the file pointer is positioned after the
      last write.
    CERT_STORE_SAVE_TO_MEMORY:
      Saves to the specified memory blob. The pointer to
      the memory blob is passed in pvSaveToPara. Given,
          CRYPT_DATA_BLOB SaveBlob; pvSaveToPara = (void *) &SaveBlob;
      Upon entry, the SaveBlob's pbData and cbData need to be initialized.
      Upon return, cbData is updated with the actual length.
      For a length only calculation, pbData should be set to NULL. If
      pbData is non-NULL and cbData isn't large enough, FALSE is returned
      with a last error of ERRROR_MORE_DATA.
    CERT_STORE_SAVE_TO_FILENAME_A:
    CERT_STORE_SAVE_TO_FILENAME_W:
    CERT_STORE_SAVE_TO_FILENAME:
      Opens the file and saves to it. The filename is passed in pvSaveToPara.
      The filename is UNICODE for the "_W" option and ASCII for the "_A"
      option. For "_W": given,
          LPCWSTR pwszFilename; pvSaveToPara = (void *) pwszFilename;
      For "_A": given,
          LPCSTR pszFilename; pvSaveToPara = (void *) pszFilename;
      Note, the default (without "_A" or "_W") is UNICODE.
--------------------------------------------------------------------------
CertSerializeCertificateStoreElement - function CertSerializeCertificateStoreElement(pCertContext :PCCERT_CONTEXT; dwFlags :DWORD; pbElement :PBYTE; pcbElement :PDWORD):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Serialize the certificate context's encoded certificate and its
  properties.
--------------------------------------------------------------------------
CertSerializeCRLStoreElement - function CertSerializeCRLStoreElement(pCrlContext :PCCRL_CONTEXT; dwFlags :DWORD; pbElement :PBYTE; pcbElement :PDWORD):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Serialize the CRL context's encoded CRL and its properties.
--------------------------------------------------------------------------
CertSerializeCTLStoreElement - function CertSerializeCTLStoreElement(pCtlContext :PCCTL_CONTEXT; dwFlags :DWORD; pbElement :PBYTE; pcbElement :PDWORD):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Serialize the CTL context's encoded CTL and its properties.
--------------------------------------------------------------------------
CertSetCertificateContextProperty - function CertSetCertificateContextProperty(pCertContext :PCCERT_CONTEXT; dwPropId :DWORD; dwFlags :DWORD; pvData :PVOID):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Set the property for the specified certificate context.
  The type definition for pvData depends on the dwPropId value. There are
  five predefined types:
      CERT_KEY_PROV_HANDLE_PROP_ID - a HCRYPTPROV for the certificate's
      private key is passed in pvData. Updates the hCryptProv field
      of the CERT_KEY_CONTEXT_PROP_ID. If the CERT_KEY_CONTEXT_PROP_ID
      doesn't exist, its created with all the other fields zeroed out. If
      CERT_STORE_NO_CRYPT_RELEASE_FLAG isn't set, HCRYPTPROV is implicitly
      released when either the property is set to NULL or on the final
      free of the CertContext.
      CERT_KEY_PROV_INFO_PROP_ID - a PCRYPT_KEY_PROV_INFO for the certificate's
      private key is passed in pvData.
      CERT_SHA1_HASH_PROP_ID -
      CERT_MD5_HASH_PROP_ID  - normally, either property is implicitly
      set by doing a CertGetCertificateContextProperty. pvData points to a
      CRYPT_HASH_BLOB.
      CERT_KEY_CONTEXT_PROP_ID - a PCERT_KEY_CONTEXT for the certificate's
      private key is passed in pvData. The CERT_KEY_CONTEXT contains both the
      hCryptProv and dwKeySpec for the private key.
      See the CERT_KEY_PROV_HANDLE_PROP_ID for more information about
      the hCryptProv field and dwFlags settings. Note, more fields may
      be added for this property. The cbSize field value will be adjusted
      accordingly.
      CERT_KEY_SPEC_PROP_ID - the dwKeySpec for the private key. pvData
      points to a DWORD containing the KeySpec
      CERT_ENHKEY_USAGE_PROP_ID - enhanced key usage definition for the
      certificate. pvData points to a CRYPT_DATA_BLOB containing an
      ASN.1 encoded CERT_ENHKEY_USAGE (encoded via
      CryptEncodeObject(X509_ENHANCED_KEY_USAGE).
      CERT_NEXT_UPDATE_LOCATION_PROP_ID - location of the next update.
      Currently only applicable to CTLs. pvData points to a CRYPT_DATA_BLOB
      containing an ASN.1 encoded CERT_ALT_NAME_INFO (encoded via
      CryptEncodeObject(X509_ALTERNATE_NAME)).
      CERT_FRIENDLY_NAME_PROP_ID - friendly name for the cert, CRL or CTL.
      pvData points to a CRYPT_DATA_BLOB. pbData is a pointer to a NULL
      terminated unicode, wide character string.
      cbData = (wcslen((LPWSTR) pbData) + 1) * sizeof(WCHAR).
  For all the other PROP_IDs: an encoded PCRYPT_DATA_BLOB is passed in pvData.
  If the property already exists, then, the old value is deleted and silently
  replaced. Setting, pvData to NULL, deletes the property.
--------------------------------------------------------------------------
CertSetCRLContextProperty - function CertSetCRLContextProperty(pCrlContext :PCCRL_CONTEXT; dwPropId :DWORD; dwFlags :DWORD; const pvData :PVOID):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Set the property for the specified CRL context.
  Same Property Ids and semantics as CertSetCertificateContextProperty.
--------------------------------------------------------------------------
CertSetCTLContextProperty - function CertSetCTLContextProperty(pCtlContext :PCCTL_CONTEXT; dwPropId :DWORD; dwFlags :DWORD; const pvData :PVOID):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Set the property for the specified CTL context.
  Same Property Ids and semantics as CertSetCertificateContextProperty.
--------------------------------------------------------------------------
CertSetEnhancedKeyUsage - function CertSetEnhancedKeyUsage(pCertContext :PCCERT_CONTEXT; pUsage :PCERT_ENHKEY_USAGE ):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Set the enhanced key usage property for the certificate.
--------------------------------------------------------------------------
CertStrToName - function CertStrToName(dwCertEncodingType :DWORD; pszX500 :LPAWSTR; dwStrType :DWORD; pvReserved :PVOID; pbEncoded :PBYTE; pcbEncoded :PDWORD; var ppszError :array of LPAWSTR):BOOL ; stdcall; Interfaced -
CertStrToNameA - function CertStrToNameA(dwCertEncodingType :DWORD; pszX500 :LPCSTR; dwStrType :DWORD; pvReserved :PVOID; pbEncoded :PBYTE; pcbEncoded :PDWORD; var ppszError :array of LPCSTR):BOOL ; stdcall; {--max-- iniziato qui} Interfaced
+-------------------------------------------------------------------------
--------------------------------------------------------------------------
CertStrToNameW - function CertStrToNameW(dwCertEncodingType :DWORD; pszX500 :LPCWSTR; dwStrType :DWORD; pvReserved :PVOID; pbEncoded :PBYTE; pcbEncoded :PDWORD; var ppszError :array of LPWSTR):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
--------------------------------------------------------------------------
!UNICODE
CertVerifyCertificateChainPolicy - function CertVerifyCertificateChainPolicy( pszPolicyOID: LPCSTR; pChainContext: PCCERT_CHAIN_CONTEXT; pPolicyPara: PCERT_CHAIN_POLICY_PARA; var pPolicyStatus: PCERT_CHAIN_POLICY_STATUS): bool; stdcall; Interfaced
+-------------------------------------------------------------------------
  Verify that the certificate chain satisfies the specified policy
  requirements. If we were able to verify the chain policy, TRUE is returned
  and the dwError field of the pPolicyStatus is updated. A dwError of 0
  (ERROR_SUCCESS, S_OK) indicates the chain satisfies the specified policy.
  If dwError applies to the entire chain context, both lChainIndex and
  lElementIndex are set to -1. If dwError applies to a simple chain,
  lElementIndex is set to -1 and lChainIndex is set to the index of the
  first offending chain having the error. If dwError applies to a
  certificate element, lChainIndex and lElementIndex are updated to
  index the first offending certificate having the error, where, the
  the certificate element is at:
      pChainContext->rgpChain[lChainIndex]->rgpElement[lElementIndex].
  The dwFlags in pPolicyPara can be set to change the default policy checking
  behaviour. In addition, policy specific parameters can be passed in
  the pvExtraPolicyPara field of pPolicyPara.
  In addition to returning dwError, in pPolicyStatus, policy OID specific
  extra status may be returned via pvExtraPolicyStatus.
--------------------------------------------------------------------------
CertVerifyCRLRevocation - function CertVerifyCRLRevocation(dwCertEncodingType :DWORD; pCertId :PCERT_INFO; Interfaced
+-------------------------------------------------------------------------
  Verify that the subject certificate isn't on its issuer CRL.
  Returns true if the certificate isn't on the CRL.
--------------------------------------------------------------------------

The next was an "array of PCRL_INFO" but
changed to PPVOID to get it to work *RWF
CertVerifyCRLTimeValidity - function CertVerifyCRLTimeValidity(pTimeToVerify :PFILETIME; pCrlInfo :PCRL_INFO):LONG ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Verify the time validity of a CRL.
  Returns -1 if before ThisUpdate, +1 if after NextUpdate and otherwise 0 for
  a valid CRL
  If pTimeToVerify is NULL, uses the current time.
--------------------------------------------------------------------------
CertVerifyCTLUsage - function CertVerifyCTLUsage(dwEncodingType :DWORD; dwSubjectType :DWORD; pvSubject :PVOID; pSubjectUsage :PCTL_USAGE; dwFlags :DWORD; pVerifyUsagePara :PCTL_VERIFY_USAGE_PARA; pVerifyUsageStatus:PCTL_VERIFY_USAGE_STATUS ):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Verify that a subject is trusted for the specified usage by finding a
  signed and time valid CTL with the usage identifiers and containing the
  the subject. A subject can be identified by either its certificate context
  or any identifier such as its SHA1 hash.
  See CertFindSubjectInCTL for definition of dwSubjectType and pvSubject
  parameters.
  Via pVerifyUsagePara, the caller can specify the stores to be searched
  to find the CTL. The caller can also specify the stores containing
  acceptable CTL signers. By setting the ListIdentifier, the caller
  can also restrict to a particular signer CTL list.
  Via pVerifyUsageStatus, the CTL containing the subject, the subject's
  index into the CTL's array of entries, and the signer of the CTL
  are returned. If the caller is not interested, ppCtl and ppSigner can be set
  to NULL. Returned contexts must be freed via the store's free context APIs.
  If the CERT_VERIFY_INHIBIT_CTL_UPDATE_FLAG isn't set, then, a time
  invalid CTL in one of the CtlStores may be replaced. When replaced, the
  CERT_VERIFY_UPDATED_CTL_FLAG is set in pVerifyUsageStatus->dwFlags.
  If the CERT_VERIFY_TRUSTED_SIGNERS_FLAG is set, then, only the
  SignerStores specified in pVerifyUsageStatus are searched to find
  the signer. Otherwise, the SignerStores provide additional sources
  to find the signer's certificate.
  If CERT_VERIFY_NO_TIME_CHECK_FLAG is set, then, the CTLs aren't checked
  for time validity.
  If CERT_VERIFY_ALLOW_MORE_USAGE_FLAG is set, then, the CTL may contain
  additional usage identifiers than specified by pSubjectUsage. Otherwise,
  the found CTL will contain the same usage identifers and no more.
  CertVerifyCTLUsage will be implemented as a dispatcher to OID installable
  functions. First, it will try to find an OID function matching the first
  usage object identifier in the pUsage sequence. Next, it will dispatch
  to the default CertDllVerifyCTLUsage functions.
  If the subject is trusted for the specified usage, then, TRUE is
  returned. Otherwise, FALSE is returned with dwError set to one of the
  following:
      CRYPT_E_NO_VERIFY_USAGE_DLL
      CRYPT_E_NO_VERIFY_USAGE_CHECK
      CRYPT_E_VERIFY_USAGE_OFFLINE
      CRYPT_E_NOT_IN_CTL
      CRYPT_E_NO_TRUSTED_SIGNER
--------------------------------------------------------------------------
CertVerifyRevocation - function CertVerifyRevocation(dwEncodingType :DWORD; dwRevType :DWORD; cContext :DWORD; Interfaced
+-------------------------------------------------------------------------
  Verifies the array of contexts for revocation. The dwRevType parameter
  indicates the type of the context data structure passed in rgpvContext.
  Currently only the revocation of certificates is defined.
  If the CERT_VERIFY_REV_CHAIN_FLAG flag is set, then, CertVerifyRevocation
  is verifying a chain of certs where, rgpvContext[i + 1] is the issuer
  of rgpvContext[i]. Otherwise, CertVerifyRevocation makes no assumptions
  about the order of the contexts.
  To assist in finding the issuer, the pRevPara may optionally be set. See
  the CERT_REVOCATION_PARA data structure for details.
  The contexts must contain enough information to allow the
  installable or registered revocation DLLs to find the revocation server. For
  certificates, this information would normally be conveyed in an
  extension such as the IETF's AuthorityInfoAccess extension.
  CertVerifyRevocation returns TRUE if all of the contexts were successfully
  checked and none were revoked. Otherwise, returns FALSE and updates the
  returned pRevStatus data structure as follows:
    dwIndex
      Index of the first context that was revoked or unable to
      be checked for revocation
    dwError
      Error status. LastError is also set to this error status.
      dwError can be set to one of the following error codes defined
      in winerror.h:
        ERROR_SUCCESS - good context
        CRYPT_E_REVOKED - context was revoked. dwReason contains the
           reason for revocation
        CRYPT_E_REVOCATION_OFFLINE - unable to connect to the
           revocation server
        CRYPT_E_NOT_IN_REVOCATION_DATABASE - the context to be checked
           was not found in the revocation server's database.
        CRYPT_E_NO_REVOCATION_CHECK - the called revocation function
           wasn't able to do a revocation check on the context
        CRYPT_E_NO_REVOCATION_DLL - no installed or registered Dll was
           found to verify revocation
    dwReason
      The dwReason is currently only set for CRYPT_E_REVOKED and contains
      the reason why the context was revoked. May be one of the following
      CRL reasons defined by the CRL Reason Code extension ("2.5.29.21")
          CRL_REASON_UNSPECIFIED              0
          CRL_REASON_KEY_COMPROMISE           1
          CRL_REASON_CA_COMPROMISE            2
          CRL_REASON_AFFILIATION_CHANGED      3
          CRL_REASON_SUPERSEDED               4
          CRL_REASON_CESSATION_OF_OPERATION   5
          CRL_REASON_CERTIFICATE_HOLD         6
  For each entry in rgpvContext, CertVerifyRevocation iterates
  through the CRYPT_OID_VERIFY_REVOCATION_FUNC
  function set's list of installed DEFAULT functions.
  CryptGetDefaultOIDFunctionAddress is called with pwszDll = NULL. If no
  installed functions are found capable of doing the revocation verification,
  CryptVerifyRevocation iterates through CRYPT_OID_VERIFY_REVOCATION_FUNC's
  list of registered DEFAULT Dlls. CryptGetDefaultOIDDllList is called to
  get the list. CryptGetDefaultOIDFunctionAddress is called to load the Dll.
  The called functions have the same signature as CertVerifyRevocation. A
  called function returns TRUE if it was able to successfully check all of
  the contexts and none were revoked. Otherwise, the called function returns
  FALSE and updates pRevStatus. dwIndex is set to the index of
  the first context that was found to be revoked or unable to be checked.
  dwError and LastError are updated. For CRYPT_E_REVOKED, dwReason
  is updated. Upon input to the called function, dwIndex, dwError and
  dwReason have been zero'ed. cbSize has been checked to be >=
  sizeof(CERT_REVOCATION_STATUS).
  If the called function returns FALSE, and dwError isn't set to
  CRYPT_E_REVOKED, then, CertVerifyRevocation either continues on to the
  next DLL in the list for a returned dwIndex of 0 or for a returned
  dwIndex > 0, restarts the process of finding a verify function by
  advancing the start of the context array to the returned dwIndex and
  decrementing the count of remaining contexts.
--------------------------------------------------------------------------

The next was a "array of PVOID" changed to a PPVOID; *RWF
CertVerifySubjectCertificateContext - function CertVerifySubjectCertificateContext(pSubject :PCCERT_CONTEXT; pIssuer :PCCERT_CONTEXT; Interfaced
+-------------------------------------------------------------------------
  Perform the enabled verification checks on the subject certificate
  using the issuer. Same checks and flags definitions as for the above
  CertGetIssuerCertificateFromStore.
  If you are only checking CERT_STORE_TIME_VALIDITY_FLAG, then, the
  issuer can be NULL.
  For a verification check failure, SUCCESS is still returned.
--------------------------------------------------------------------------
CertVerifyTimeValidity - function CertVerifyTimeValidity(pTimeToVerify :PFILETIME; pCertInfo :PCERT_INFO):LONG ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Verify the time validity of a certificate.
  Returns -1 if before NotBefore, +1 if after NotAfter and otherwise 0 for
  a valid certificate
  If pTimeToVerify is NULL, uses the current time.
--------------------------------------------------------------------------
CertVerifyValidityNesting - function CertVerifyValidityNesting(pSubjectInfo :PCERT_INFO; pIssuerInfo :PCERT_INFO):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Verify that the subject's time validity nests within the issuer's time
  validity.
  Returns TRUE if it nests. Otherwise, returns FALSE.
--------------------------------------------------------------------------
CryptAcquireContext - function CryptAcquireContext(phProv :PHCRYPTPROV; pszContainer :LPAWSTR; pszProvider :LPAWSTR; dwProvType :DWORD; dwFlags :DWORD) :BOOL;stdcall; Interfaced -
CryptAcquireContextA - function CryptAcquireContextA(phProv :PHCRYPTPROV; pszContainer :PAnsiChar; pszProvider :PAnsiChar; dwProvType :DWORD; dwFlags :DWORD) :BOOL;stdcall; Interfaced End Macro
CryptAcquireContextW - function CryptAcquireContextW(phProv :PHCRYPTPROV; pszContainer :PWideChar; pszProvider :PWideChar; dwProvType :DWORD; dwFlags :DWORD) :BOOL ;stdcall; Interfaced -
CryptContextAddRef - function CryptContextAddRef(hProv :HCRYPTPROV; pdwReserved :PDWORD; dwFlags :DWORD):BOOL ; stdcall; Interfaced
!UNICODE

nt5 advapi32
CryptCreateHash - function CryptCreateHash(hProv :HCRYPTPROV; Algid :ALG_ID; hKey :HCRYPTKEY; dwFlags :DWORD; phHash :PHCRYPTHASH) :BOOL;stdcall; Interfaced -
CryptDecodeMessage - function CryptDecodeMessage(dwMsgTypeFlags :DWORD; pDecryptPara :PCRYPT_DECRYPT_MESSAGE_PARA; pVerifyPara :PCRYPT_VERIFY_MESSAGE_PARA ; dwSignerIndex :DWORD; const pbEncodedBlob :PBYTE; cbEncodedBlob :DWORD; dwPrevInnerContentType :DWORD; pdwMsgType :PDWORD; pdwInnerContentType :PDWORD; pbDecoded :PBYTE; pcbDecoded :PDWORD; var ppXchgCert :array of PCCERT_CONTEXT; var ppSignerCert :array of PCCERT_CONTEXT ):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Decodes a cryptographic message which may be one of the following types:
    CMSG_DATA
    CMSG_SIGNED
    CMSG_ENVELOPED
    CMSG_SIGNED_AND_ENVELOPED
    CMSG_HASHED
  dwMsgTypeFlags specifies the set of allowable messages. For example, to
  decode either SIGNED or ENVELOPED messages, set dwMsgTypeFlags to:
      CMSG_SIGNED_FLAG | CMSG_ENVELOPED_FLAG.
  dwProvInnerContentType is only applicable when processing nested
  crytographic messages. When processing an outer crytographic message
  it must be set to 0. When decoding a nested cryptographic message
  its the dwInnerContentType returned by a previous CryptDecodeMessage
  of the outer message. The InnerContentType can be any of the CMSG types,
  for example, CMSG_DATA, CMSG_SIGNED, ...
  The optional *pdwMsgType is updated with the type of message.
  The optional *pdwInnerContentType is updated with the type of the inner
  message. Unless there is cryptographic message nesting, CMSG_DATA
  is returned.
  For CMSG_DATA: returns decoded content.
  For CMSG_SIGNED: same as CryptVerifyMessageSignature.
  For CMSG_ENVELOPED: same as CryptDecryptMessage.
  For CMSG_SIGNED_AND_ENVELOPED: same as CryptDecryptMessage plus
      CryptVerifyMessageSignature.
  For CMSG_HASHED: verifies the hash and returns decoded content.
--------------------------------------------------------------------------
CryptDecodeObject - function CryptDecodeObject(dwCertEncodingType :DWORD; lpszStructType :LPCSTR; const pbEncoded :PBYTE; cbEncoded :DWORD; dwFlags :DWORD; pvStructInfo :PVOID; pcbStructInfo :PDWORD):BOOL ; stdcall; Interfaced -
CryptDecrypt - function CryptDecrypt(hKey :HCRYPTKEY; hHash :HCRYPTHASH; Final :BOOL; dwFlags :DWORD; pbData :PBYTE; pdwDataLen :PDWORD) :BOOL;stdcall; Interfaced -
CryptDecryptAndVerifyMessageSignature - function CryptDecryptAndVerifyMessageSignature(pDecryptPara :PCRYPT_DECRYPT_MESSAGE_PARA; pVerifyPara :PCRYPT_VERIFY_MESSAGE_PARA; dwSignerIndex :DWORD; const pbEncryptedBlob :PBYTE; cbEncryptedBlob :DWORD; pbDecrypted :PBYTE; pcbDecrypted :PDWORD; var ppXchgCert :array of PCCERT_CONTEXT; var ppSignerCert :array of PCCERT_CONTEXT ):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Decrypts the message and verifies the signer. Does a CryptDecryptMessage
  followed with a CryptVerifyMessageSignature.
  If pbDecrypted == NULL, then, *pcbDecrypted is implicitly set to 0 on input.
  For *pcbDecrypted == 0 && ppSignerCert == NULL on input, the signer isn't
  verified.
  A message might have more than one signer. Set dwSignerIndex to iterate
  through all the signers. dwSignerIndex == 0 selects the first signer.
  The pVerifyPara's VerifySignerPolicy is called to verify the signer's
  certificate.
  For a successfully decrypted and verified message, *ppXchgCert and
  *ppSignerCert are updated. They must be freed by calling
  CertStoreFreeCert. Otherwise, they are set to NULL.
  ppXchgCert and/or ppSignerCert can be NULL, indicating the
  caller isn't interested in getting the CertContext.
  Note: this isn't the CMSG_SIGNED_AND_ENVELOPED. Its a CMSG_SIGNED
  inside of an CMSG_ENVELOPED.
  The message always needs to be decrypted to allow access to the
  signed message. Therefore, if ppXchgCert != NULL, its always updated.
--------------------------------------------------------------------------
CryptDecryptMessage - function CryptDecryptMessage(pDecryptPara :PCRYPT_DECRYPT_MESSAGE_PARA; const pbEncryptedBlob :PBYTE; cbEncryptedBlob :DWORD; pbDecrypted :PBYTE; pcbDecrypted :PDWORD; ppXchgCert :PPCCERT_CONTEXT):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Decrypts the message.
  If pbDecrypted == NULL, then, *pcbDecrypted is implicitly set to 0 on input.
  For *pcbDecrypted == 0 && ppXchgCert == NULL on input, the message isn't
  decrypted.
  For a successfully decrypted message, *ppXchgCert is updated
  with the CertContext used to decrypt. It must be freed by calling
  CertStoreFreeCert. Otherwise, *ppXchgCert is set to NULL.
  ppXchgCert can be NULL, indicating the caller isn't interested
  in getting the CertContext used to decrypt.
--------------------------------------------------------------------------
CryptDeriveKey - function CryptDeriveKey(hProv :HCRYPTPROV; Algid :ALG_ID; hBaseData :HCRYPTHASH; dwFlags :DWORD; phKey :PHCRYPTKEY) :BOOL;stdcall ; Interfaced -
CryptDestroyHash - function CryptDestroyHash(hHash :HCRYPTHASH) :BOOL;stdcall; Interfaced -
CryptDestroyKey - function CryptDestroyKey(hKey :HCRYPTKEY) :BOOL;stdcall ; Interfaced -
CryptDuplicateHash - function CryptDuplicateHash(hHash :HCRYPTHASH; pdwReserved :PDWORD; dwFlags :DWORD; phHash :PHCRYPTHASH):BOOL ; stdcall; Interfaced Nt5 advapi32
CryptDuplicateKey - function CryptDuplicateKey(hKey :HCRYPTKEY; pdwReserved :PDWORD; dwFlags :DWORD; phKey :PHCRYPTKEY):BOOL ; stdcall; Interfaced Nt5 advapi32
CryptEncodeObject - function CryptEncodeObject(dwCertEncodingType :DWORD; lpszStructType :LPCSTR; const pvStructInfo :PVOID; pbEncoded :PBYTE; pcbEncoded :PDWORD ):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Encode / decode the specified data structure according to the certificate
  encoding type.
  See below for a list of the predefined data structures.
--------------------------------------------------------------------------
CryptEncrypt - function CryptEncrypt(hKey :HCRYPTKEY; hHash :HCRYPTHASH; Final :BOOL; dwFlags :DWORD; pbData :PBYTE; pdwDataLen :PDWORD; dwBufLen :DWORD) :BOOL;stdcall; Interfaced -
CryptEncryptMessage - function CryptEncryptMessage(pEncryptPara :PCRYPT_ENCRYPT_MESSAGE_PARA; cRecipientCert :DWORD; rgpRecipientCert :array of PCCERT_CONTEXT; const pbToBeEncrypted :PBYTE; cbToBeEncrypted :DWORD; pbEncryptedBlob :PBYTE; pcbEncryptedBlob :PDWORD):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Encrypts the message for the recipient(s).
--------------------------------------------------------------------------
CryptEnumOIDFunction - function CryptEnumOIDFunction(dwEncodingType :DWORD; pszFuncName :LPCSTR; Interfaced
+-------------------------------------------------------------------------
  Enumerate the OID functions identified by their encoding type,
  function name and OID.
  pfnEnumOIDFunc is called for each registry key matching the input
  parameters. Setting dwEncodingType to CRYPT_MATCH_ANY_ENCODING_TYPE matches
  any. Setting pszFuncName or pszOID to NULL matches any.
  Set pszOID == CRYPT_DEFAULT_OID to restrict the enumeration to only the
  DEFAULT functions
  String types are UNICODE.
--------------------------------------------------------------------------
CryptEnumProviders - function CryptEnumProviders(dwIndex :DWORD; pdwReserved :PDWORD; dwFlags :DWORD; pdwProvType :PDWORD; pszProvName :LPAWSTR; pcbProvName :PDWORD):BOOL ; stdcall; Interfaced See http://msdn.microsoft.com/en-us/library/aa379929.aspx
CryptEnumProvidersA - function CryptEnumProvidersA(dwIndex :DWORD; pdwReserved :PDWORD; dwFlags :DWORD; pdwProvType :PDWORD; pszProvName :LPSTR; pcbProvName :PDWORD):BOOL ; stdcall; Interfaced
!UNICODE

nt5 advapi32
CryptEnumProvidersU - function CryptEnumProvidersU(dwIndex :DWORD; pdwReserved :PDWORD; dwFlags :DWORD; pdwProvType :PDWORD; pszProvName :LPWSTR; pcbProvName :PDWORD):BOOL ; stdcall; Interfaced -
CryptEnumProvidersW - function CryptEnumProvidersW(dwIndex :DWORD; pdwReserved :PDWORD; dwFlags :DWORD; pdwProvType :PDWORD; pszProvName :LPWSTR; pcbProvName :PDWORD):BOOL ; stdcall; Interfaced -
CryptEnumProviderTypes - function CryptEnumProviderTypes(dwIndex :DWORD; pdwReserved :PDWORD; dwFlags :DWORD; pdwProvType :PDWORD; pszTypeName :LPAWSTR; pcbTypeName :PDWORD):BOOL ; stdcall; Interfaced -
CryptEnumProviderTypesA - function CryptEnumProviderTypesA(dwIndex :DWORD; pdwReserved :PDWORD; dwFlags :DWORD; pdwProvType :PDWORD; pszTypeName :LPSTR; pcbTypeName :PDWORD):BOOL ; stdcall; Interfaced
!UNICODE

nt5 advapi32
CryptEnumProviderTypesW - function CryptEnumProviderTypesW(dwIndex :DWORD; pdwReserved :PDWORD; dwFlags :DWORD; pdwProvType :PDWORD; pszTypeName :LPWSTR; pcbTypeName :PDWORD):BOOL ; stdcall; Interfaced -
CryptExportKey - function CryptExportKey(hKey :HCRYPTKEY; hExpKey :HCRYPTKEY; dwBlobType :DWORD; dwFlags :DWORD; pbData :PBYTE; pdwDataLen :PDWORD) :BOOL;stdcall; Interfaced -
CryptExportPublicKeyInfo - function CryptExportPublicKeyInfo(hCryptProv :HCRYPTPROV; dwKeySpec :DWORD; dwCertEncodingType :DWORD; pInfo :PCERT_PUBLIC_KEY_INFO; pcbInfo :PDWORD):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Export the public key info associated with the provider's corresponding
  private key.
  Calls CryptExportPublicKeyInfo with pszPublicKeyObjId = szOID_RSA_RSA,
  dwFlags = 0 and pvAuxInfo = NULL.
--------------------------------------------------------------------------
CryptExportPublicKeyInfoEx - function CryptExportPublicKeyInfoEx(hCryptProv :HCRYPTPROV; dwKeySpec :DWORD; dwCertEncodingType :DWORD; pszPublicKeyObjId :LPSTR; dwFlags :DWORD; pvAuxInfo :PVOID; pInfo :PCERT_PUBLIC_KEY_INFO; pcbInfo :PDWORD):BOOL ; stdcall; Interfaced -
CryptFindOIDInfo - function CryptFindOIDInfo(dwKeyType :DWORD; pvKey :PVOID; dwGroupId :DWORD):PCCRYPT_OID_INFO ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Find OID information. Returns NULL if unable to find any information
  for the specified key and group. Note, returns a pointer to a constant
  data structure. The returned pointer MUST NOT be freed.
  dwKeyType's:
    CRYPT_OID_INFO_OID_KEY, pvKey points to a szOID
    CRYPT_OID_INFO_NAME_KEY, pvKey points to a wszName
    CRYPT_OID_INFO_ALGID_KEY, pvKey points to an ALG_ID
    CRYPT_OID_INFO_SIGN_KEY, pvKey points to an array of two ALG_ID's:
      ALG_ID[0] - Hash Algid
      ALG_ID[1] - PubKey Algid
  Setting dwGroupId to 0, searches all groups according to the dwKeyType.
  Otherwise, only the dwGroupId is searched.
--------------------------------------------------------------------------
CryptFormatObject - function CryptFormatObject(dwCertEncodingType :DWORD; dwFormatType :DWORD; dwFormatStrType :DWORD; pFormatStruct :PVOID; lpszStructType :LPCSTR; const pbEncoded :PBYTE; cbEncoded :DWORD; pbFormat :PVOID; pcbFormat :PDWORD):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  format the specified data structure according to the certificate
  encoding type.
--------------------------------------------------------------------------
CryptFreeOIDFunctionAddress - function CryptFreeOIDFunctionAddress(hFuncAddr :HCRYPTOIDFUNCADDR; dwFlags :DWORD):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Releases the handle AddRef'ed and returned by CryptGetOIDFunctionAddress
  or CryptGetDefaultOIDFunctionAddress.
  If a Dll was loaded for the function its unloaded. However, before doing
  the unload, the DllCanUnloadNow function exported by the loaded Dll is
  called. It should return S_FALSE to inhibit the unload or S_TRUE to enable
  the unload. If the Dll doesn't export DllCanUnloadNow, the Dll is unloaded.
  DllCanUnloadNow has the following signature:
      STDAPI  DllCanUnloadNow(void);
--------------------------------------------------------------------------
CryptGenKey - function CryptGenKey(hProv :HCRYPTPROV; Algid :ALG_ID; dwFlags :DWORD; phKey :PHCRYPTKEY) :BOOL;stdcall ; Interfaced -
CryptGenRandom - function CryptGenRandom(hProv :HCRYPTPROV; dwLen :DWORD; pbBuffer :PBYTE) :BOOL;stdcall; Interfaced -
CryptGetDefaultOIDDllList - function CryptGetDefaultOIDDllList(hFuncSet :HCRYPTOIDFUNCSET; dwEncodingType :DWORD; pwszDllList :LPWSTR; pcchDllList :PDWORD):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Get the list of registered default Dll entries for the specified
  function set and encoding type.
  The returned list consists of none, one or more null terminated Dll file
  names. The list is terminated with an empty (L"\0") Dll file name.
  For example: L"first.dll" L"\0" L"second.dll" L"\0" L"\0"
--------------------------------------------------------------------------
CryptGetDefaultOIDFunctionAddress - function CryptGetDefaultOIDFunctionAddress(hFuncSet :HCRYPTOIDFUNCSET; dwEncodingType :DWORD; pwszDll :DWORD; dwFlags :LPCWSTR; var ppvFuncAddr :array of PVOID; var phFuncAddr :HCRYPTOIDFUNCADDR):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Either: get the first or next installed DEFAULT function OR
  load the Dll containing the DEFAULT function.
  If pwszDll is NULL, search the list of installed DEFAULT functions.
  *phFuncAddr must be set to NULL to get the first installed function.
  Successive installed functions are returned by setting *phFuncAddr
  to the hFuncAddr returned by the previous call.
  If pwszDll is NULL, the input *phFuncAddr
  is always CryptFreeOIDFunctionAddress'ed by this function, even for
  an error.
  If pwszDll isn't NULL, then, attempts to load the Dll and the DEFAULT
  function. *phFuncAddr is ignored upon entry and isn't
  CryptFreeOIDFunctionAddress'ed.
  For success, returns TRUE with *ppvFuncAddr updated with the function's
  address and *phFuncAddr updated with the function address's handle.
  The function's handle is AddRef'ed. CryptFreeOIDFunctionAddress needs to
  be called to release it or CryptGetDefaultOIDFunctionAddress can also
  be called for a NULL pwszDll.
--------------------------------------------------------------------------
CryptGetDefaultProvider - function CryptGetDefaultProvider(dwProvType :DWORD; pdwReserved :DWORD; dwFlags :DWORD; pszProvName :LPAWSTR; pcbProvName :PDWORD):BOOL ; stdcall; Interfaced -
CryptGetDefaultProviderA - function CryptGetDefaultProviderA(dwProvType :DWORD; pdwReserved :DWORD; dwFlags :DWORD; pszProvName :LPSTR; pcbProvName :PDWORD):BOOL ; stdcall; Interfaced
!UNICODE

nt5 advapi32
CryptGetDefaultProviderW - function CryptGetDefaultProviderW(dwProvType :DWORD; pdwReserved :DWORD; dwFlags :DWORD; pszProvName :LPWSTR; pcbProvName :PDWORD):BOOL ; stdcall; Interfaced -
CryptGetHashParam - function CryptGetHashParam(hHash :HCRYPTHASH; dwParam :DWORD; pbData :PBYTE; pdwDataLen :PDWORD; dwFlags :DWORD) :BOOL;stdcall; Interfaced -
CryptGetKeyParam - function CryptGetKeyParam(hKey :HCRYPTKEY; dwParam :DWORD; pbData :PBYTE; pdwDataLen :PDWORD; dwFlags :DWORD) :BOOL;stdcall; Interfaced -
CryptGetMessageCertificates - function CryptGetMessageCertificates(dwMsgAndCertEncodingType :DWORD; hCryptProv :HCRYPTPROV; Interfaced
+-------------------------------------------------------------------------
  Returns the cert store containing the message's certs and CRLs.
  For an error, returns NULL with LastError updated.
--------------------------------------------------------------------------
CryptGetMessageSignerCount - function CryptGetMessageSignerCount(dwMsgEncodingType :DWORD; const pbSignedBlob :PBYTE; cbSignedBlob :DWORD):LONG ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Returns the count of signers in the signed message. For no signers, returns
  0. For an error returns -1 with LastError updated accordingly.
--------------------------------------------------------------------------
function CryptVerifyMessageSignatureWithKey; external CRYPT32 name 'CryptVerifyMessageSignatureWithKey';
CryptGetOIDFunctionAddress - function CryptGetOIDFunctionAddress(hFuncSet :HCRYPTOIDFUNCSET; dwEncodingType :DWORD; pszOID :LPCSTR; dwFlags :DWORD; var ppvFuncAddr :array of PVOID; var phFuncAddr :HCRYPTOIDFUNCADDR):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Search the list of installed functions for an encoding type and OID match.
  If not found, search the registry.
  For success, returns TRUE with *ppvFuncAddr updated with the function's
  address and *phFuncAddr updated with the function address's handle.
  The function's handle is AddRef'ed. CryptFreeOIDFunctionAddress needs to
  be called to release it.
  For a registry match, the Dll containing the function is loaded.
--------------------------------------------------------------------------
CryptGetOIDFunctionValue - function CryptGetOIDFunctionValue(dwEncodingType :DWORD; pszFuncName :LPCSTR; pwszValueName :LPCSTR; pszOID :LPCWSTR; pdwValueType :PDWORD; pbValueData :PBYTE; pcbValueData :PDWORD):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Get the value for the specified encoding type, function name, OID and
  value name.
  See RegEnumValue for the possible value types.
  String types are UNICODE.
--------------------------------------------------------------------------
CryptGetProvParam - function CryptGetProvParam(hProv :HCRYPTPROV; dwParam :DWORD; pbData :PBYTE; pdwDataLen :PDWORD; dwFlags :DWORD) :BOOL;stdcall; Interfaced -
CryptGetUserKey - function CryptGetUserKey(hProv :HCRYPTPROV; dwKeySpec :DWORD; phUserKey :PHCRYPTKEY) :BOOL;stdcall; Interfaced -
CryptHashCertificate - function CryptHashCertificate(hCryptProv :HCRYPTPROV; Algid :ALG_ID; dwFlags :DWORD; const pbEncoded :PBYTE; cbEncoded :DWORD; pbComputedHash :PBYTE; pcbComputedHash :PDWORD):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Hash the encoded content.
  hCryptProv specifies the crypto provider to use to compute the hash.
  It doesn't need to use a private key.
  Algid specifies the CAPI hash algorithm to use. If Algid is 0, then, the
  default hash algorithm (currently SHA1) is used.
--------------------------------------------------------------------------
CryptHashData - function CryptHashData(hHash :HCRYPTHASH; const pbData :PBYTE; dwDataLen :DWORD; dwFlags :DWORD) :BOOL;stdcall; Interfaced -
CryptHashMessage - function CryptHashMessage(pHashPara :PCRYPT_HASH_MESSAGE_PARA; fDetachedHash :BOOL; cToBeHashed :DWORD; const rgpbToBeHashed :array of PBYTE; rgcbToBeHashed :array of DWORD; pbHashedBlob :PBYTE; pcbHashedBlob :PDWORD; pbComputedHash :PBYTE; pcbComputedHash :PDWORD):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Hash the message.
  If fDetachedHash is TRUE, only the ComputedHash is encoded in the
  pbHashedBlob. Otherwise, both the ToBeHashed and ComputedHash
  are encoded.
  pcbHashedBlob or pcbComputedHash can be NULL, indicating the caller
  isn't interested in getting the output.
--------------------------------------------------------------------------
CryptHashPublicKeyInfo - function CryptHashPublicKeyInfo(hCryptProv :HCRYPTPROV; Algid :ALG_ID; dwFlags :DWORD; dwCertEncodingType :DWORD; pInfo :PCERT_PUBLIC_KEY_INFO; pbComputedHash :PBYTE; pcbComputedHash :PDWORD):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Compute the hash of the encoded public key info.
  The public key info is encoded and then hashed.
--------------------------------------------------------------------------
CryptHashSessionKey - function CryptHashSessionKey(hHash :HCRYPTHASH; hKey :HCRYPTKEY; dwFlags :DWORD) :BOOL;stdcall; Interfaced -
CryptHashToBeSigned - function CryptHashToBeSigned(hCryptProv :HCRYPTPROV; dwCertEncodingType :DWORD; const pbEncoded :PBYTE; cbEncoded :DWORD; pbComputedHash :PBYTE; pcbComputedHash :PDWORD):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Compute the hash of the "to be signed" information in the encoded
  signed content (CERT_SIGNED_CONTENT_INFO).
  hCryptProv specifies the crypto provider to use to compute the hash.
  It doesn't need to use a private key.
--------------------------------------------------------------------------
CryptImportKey - function CryptImportKey(hProv :HCRYPTPROV; pbData :PBYTE; dwDataLen :DWORD; hPubKey :HCRYPTKEY; dwFlags :DWORD; phKey :PHCRYPTKEY) :BOOL;stdcall; Interfaced -
CryptImportPublicKeyInfo - function CryptImportPublicKeyInfo(hCryptProv :HCRYPTPROV; dwCertEncodingType :DWORD; pInfo :PCERT_PUBLIC_KEY_INFO; phKey :PHCRYPTKEY):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Convert and import the public key info into the provider and return a
  handle to the public key.
  Calls CryptImportPublicKeyInfoEx with aiKeyAlg = 0, dwFlags = 0 and
  pvAuxInfo = NULL.
--------------------------------------------------------------------------
CryptImportPublicKeyInfoEx - function CryptImportPublicKeyInfoEx(hCryptProv :HCRYPTPROV; dwCertEncodingType :DWORD; pInfo :PCERT_PUBLIC_KEY_INFO; aiKeyAlg :ALG_ID; dwFlags :DWORD; pvAuxInfo :PVOID; phKey :PHCRYPTKEY ):BOOL ; stdcall; Interfaced -
CryptInitOIDFunctionSet - function CryptInitOIDFunctionSet(pszFuncName :LPCSTR; dwFlags :DWORD ):HCRYPTOIDFUNCSET ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Initialize and return handle to the OID function set identified by its
  function name.
  If the set already exists, a handle to the existing set is returned.
--------------------------------------------------------------------------
CryptInstallOIDFunctionAddress - function CryptInstallOIDFunctionAddress(hModule :HMODULE; Interfaced
+-------------------------------------------------------------------------
  Install a set of callable OID function addresses.
  By default the functions are installed at end of the list.
  Set CRYPT_INSTALL_OID_FUNC_BEFORE_FLAG to install at beginning of list.
  hModule should be updated with the hModule passed to DllMain to prevent
  the Dll containing the function addresses from being unloaded by
  CryptGetOIDFuncAddress/CryptFreeOIDFunctionAddress. This would be the
  case when the Dll has also regsvr32'ed OID functions via
  CryptRegisterOIDFunction.
  DEFAULT functions are installed by setting rgFuncEntry[].pszOID =
  CRYPT_DEFAULT_OID.
--------------------------------------------------------------------------

 hModule passed to DllMain
CryptMsgCalculateEncodedLength - function CryptMsgCalculateEncodedLength(dwMsgEncodingType :DWORD; dwFlags :DWORD; dwMsgType :DWORD; pvMsgEncodeInfo :PVOID; pszInnerContentObjID :LPSTR; Interfaced
+-------------------------------------------------------------------------
  Calculate the length of an encoded cryptographic message.
  Calculates the length of the encoded message given the
  message type, encoding parameters and total length of
  the data to be updated. Note, this might not be the exact length. However,
  it will always be greater than or equal to the actual length.
--------------------------------------------------------------------------
CryptMsgClose - function CryptMsgClose(hCryptMsg :HCRYPTMSG):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Close a cryptographic message handle
  LastError is preserved unless FALSE is returned.
--------------------------------------------------------------------------
CryptMsgControl - function CryptMsgControl(hCryptMsg :HCRYPTMSG; dwFlags :DWORD; dwCtrlType :DWORD; pvCtrlPara :PVOID):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Perform a special "control" function after the final CryptMsgUpdate of a
  encoded/decoded cryptographic message.
  The dwCtrlType parameter specifies the type of operation to be performed.
  The pvCtrlPara definition depends on the dwCtrlType value.
  See below for a list of the control operations and their pvCtrlPara
  type definition.
--------------------------------------------------------------------------
CryptMsgCountersign - function CryptMsgCountersign(hCryptMsg :HCRYPTMSG; dwIndex :DWORD; cCountersigners :DWORD; rgCountersigners :PCMSG_SIGNER_ENCODE_INFO):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Countersign an already-existing signature in a message
  dwIndex is a zero-based index of the SignerInfo to be countersigned.
--------------------------------------------------------------------------
CryptMsgCountersignEncoded - function CryptMsgCountersignEncoded(dwEncodingType :DWORD; pbSignerInfo :PBYTE; cbSignerInfo :DWORD; cCountersigners :DWORD; rgCountersigners :PCMSG_SIGNER_ENCODE_INFO; pbCountersignature :PBYTE; pcbCountersignature :PDWORD):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Countersign an already-existing signature (encoded SignerInfo).
  Output an encoded SignerInfo blob, suitable for use as a countersignature
  attribute in the unauthenticated attributes of a signed-data or
  signed-and-enveloped-data message.
--------------------------------------------------------------------------
CryptMsgEncodeAndSignCTL - function CryptMsgEncodeAndSignCTL(dwMsgEncodingType :DWORD; pCtlInfo :PCTL_INFO; pSignInfo :PCMSG_SIGNED_ENCODE_INFO; dwFlags :DWORD; pbEncoded :PBYTE; pcbEncoded :PDWORD):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Encode the CTL and create a signed message containing the encoded CTL.
--------------------------------------------------------------------------
CryptMsgGetAndVerifySigner - function CryptMsgGetAndVerifySigner(hCryptMsg :HCRYPTMSG; cSignerStore :DWORD; var rghSignerStore :HCERTSTORE; dwFlags :DWORD; var ppSigner :PCCERT_CONTEXT; pdwSignerIndex :PDWORD):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Get and verify the signer of a cryptographic message.
  To verify a CTL, the hCryptMsg is obtained from the CTL_CONTEXT's
  hCryptMsg field.
  If CMSG_TRUSTED_SIGNER_FLAG is set, then, treat the Signer stores as being
  trusted and only search them to find the certificate corresponding to the
  signer's issuer and serial number.  Otherwise, the SignerStores are
  optionally provided to supplement the message's store of certificates.
  If a signer certificate is found, its public key is used to verify
  the message signature. The CMSG_SIGNER_ONLY_FLAG can be set to
  return the signer without doing the signature verify.
  If CMSG_USE_SIGNER_INDEX_FLAG is set, then, only get the signer specified
  by *pdwSignerIndex. Otherwise, iterate through all the signers
  until a signer verifies or no more signers.
  For a verified signature, *ppSigner is updated with certificate context
  of the signer and *pdwSignerIndex is updated with the index of the signer.
  ppSigner and/or pdwSignerIndex can be NULL, indicating the caller isn't
  interested in getting the CertContext and/or index of the signer.
--------------------------------------------------------------------------
CryptMsgGetParam - function CryptMsgGetParam(hCryptMsg :HCRYPTMSG; dwParamType :DWORD; dwIndex :DWORD; pvData :PVOID; pcbData :PDWORD):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Get a parameter after encoding/decoding a cryptographic message. Called
  after the final CryptMsgUpdate. Only the CMSG_CONTENT_PARAM and
  CMSG_COMPUTED_HASH_PARAM are valid for an encoded message.
  For an encoded HASHED message, the CMSG_COMPUTED_HASH_PARAM can be got
  before any CryptMsgUpdates to get its length.
  The pvData type definition depends on the dwParamType value.
  Elements pointed to by fields in the pvData structure follow the
  structure. Therefore, *pcbData may exceed the size of the structure.
  Upon input, if *pcbData == 0, then, *pcbData is updated with the length
  of the data and the pvData parameter is ignored.
  Upon return, *pcbData is updated with the length of the data.
  The OBJID BLOBs returned in the pvData structures point to
  their still encoded representation. The appropriate functions
  must be called to decode the information.
  See below for a list of the parameters to get.
--------------------------------------------------------------------------
CryptMsgOpenToDecode - function CryptMsgOpenToDecode(dwMsgEncodingType :DWORD; dwFlags :DWORD; dwMsgType :DWORD; hCryptProv :HCRYPTPROV; pRecipientInfo :PCERT_INFO; Interfaced
+-------------------------------------------------------------------------
  Open a cryptographic message for decoding
  For PKCS #7: if the inner ContentType isn't Data, then, the inner
  ContentInfo consisting of both ContentType and Content is output.
  To also enable ContentInfo output for the Data ContentType, then,
  the CMSG_ENCODED_CONTENT_INFO_FLAG should be set
  in dwFlags. If not set, then, only the content portion of the inner
  ContentInfo is output for the Data ContentType.
  To only calculate the length of the decoded message, set the
  CMSG_LENGTH_ONLY_FLAG in dwFlags. After the final CryptMsgUpdate get the
  MSG_CONTENT_PARAM. Note, this might not be the exact length. However,
  it will always be greater than or equal to the actual length.
  hCryptProv specifies the crypto provider to use for hashing and/or
  decrypting the message. For enveloped messages, hCryptProv also specifies
  the private exchange key to use. For signed messages, hCryptProv is used
  when CryptMsgVerifySigner is called.
  For enveloped messages, the pRecipientInfo contains the Issuer and
  SerialNumber identifying the RecipientInfo in the message.
  Note, the pRecipientInfo should correspond to the provider's private
  exchange key.
  If pRecipientInfo is NULL, then, the message isn't decrypted. To decrypt
  the message, CryptMsgControl(CMSG_CTRL_DECRYPT) is called after the final
  CryptMsgUpdate.
  The pStreamInfo parameter needs to be set to stream the decoded content
  output. Note, if pRecipientInfo is NULL, then, the streamed output isn't
  decrypted.
--------------------------------------------------------------------------
CryptMsgOpenToEncode - function CryptMsgOpenToEncode(dwMsgEncodingType :DWORD; dwFlags :DWORD; dwMsgType :DWORD; pvMsgEncodeInfo :PVOID; pszInnerContentObjID :LPSTR; Interfaced
+-------------------------------------------------------------------------
  Open a cryptographic message for encoding
  For PKCS #7:
  If the content to be passed to CryptMsgUpdate has already
  been message encoded (the input to CryptMsgUpdate is the streamed output
  from another message encode), then, the CMSG_ENCODED_CONTENT_INFO_FLAG should
  be set in dwFlags. If not set, then, the inner ContentType is Data and
  the input to CryptMsgUpdate is treated as the inner Data type's Content,
  a string of bytes.
  If CMSG_BARE_CONTENT_FLAG is specified for a streamed message,
  the streamed output will not have an outer ContentInfo wrapper. This
  makes it suitable to be streamed into an enclosing message.
  The pStreamInfo parameter needs to be set to stream the encoded message
  output.
--------------------------------------------------------------------------
CryptMsgSignCTL - function CryptMsgSignCTL(dwMsgEncodingType :DWORD; pbCtlContent :PBYTE; cbCtlContent :DWORD; pSignInfo :PCMSG_SIGNED_ENCODE_INFO; dwFlags :DWORD; pbEncoded :PBYTE; pcbEncoded :PDWORD):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Sign an encoded CTL.
  The pbCtlContent can be obtained via a CTL_CONTEXT's pbCtlContent
  field or via a CryptEncodeObject(PKCS_CTL).
--------------------------------------------------------------------------
CryptMsgUpdate - function CryptMsgUpdate(hCryptMsg :HCRYPTMSG; const pbData :PBYTE; cbData :DWORD; fFinal :BOOL):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Update the content of a cryptographic message. Depending on how the
  message was opened, the content is either encoded or decoded.
  This function is repetitively called to append to the message content.
  fFinal is set to identify the last update. On fFinal, the encode/decode
  is completed. The encoded/decoded content and the decoded parameters
  are valid until the open and all duplicated handles are closed.
--------------------------------------------------------------------------
CryptMsgVerifyCountersignatureEncoded - function CryptMsgVerifyCountersignatureEncoded(hCryptProv :HCRYPTPROV; dwEncodingType :DWORD; pbSignerInfo :PBYTE; cbSignerInfo :DWORD; pbSignerInfoCountersignature :PBYTE; cbSignerInfoCountersignature :DWORD; pciCountersigner :PCERT_INFO):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Verify a countersignature, at the SignerInfo level.
  ie. verify that pbSignerInfoCountersignature contains the encrypted
  hash of the encryptedDigest field of pbSignerInfo.
  hCryptProv is used to hash the encryptedDigest field of pbSignerInfo.
  The only fields referenced from pciCountersigner are SerialNumber, Issuer,
  and SubjectPublicKeyInfo.
--------------------------------------------------------------------------
CryptRegisterDefaultOIDFunction - function CryptRegisterDefaultOIDFunction(dwEncodingType :DWORD; pszFuncName :LPCSTR; dwIndex :DWORD; pwszDll :LPCWSTR):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Register the Dll containing the default function to be called for the
  specified encoding type and function name.
  Unlike CryptRegisterOIDFunction, you can't override the function name
  needing to be exported by the Dll.
  The Dll is inserted before the entry specified by dwIndex.
    dwIndex == 0, inserts at the beginning.
    dwIndex == CRYPT_REGISTER_LAST_INDEX, appends at the end.
  pwszDll may contain environment-variable strings
  which are ExpandEnvironmentStrings()'ed before loading the Dll.
--------------------------------------------------------------------------
CryptRegisterOIDFunction - function CryptRegisterOIDFunction(dwEncodingType :DWORD; pszFuncName :LPCSTR; pszOID :LPCSTR; Interfaced
+-------------------------------------------------------------------------
  Register the Dll containing the function to be called for the specified
  encoding type, function name and OID.
  pwszDll may contain environment-variable strings
  which are ExpandEnvironmentStrings()'ed before loading the Dll.
  In addition to registering the DLL, you may override the
  name of the function to be called. For example,
      pszFuncName = "CryptDllEncodeObject",
      pszOverrideFuncName = "MyEncodeXyz".
  This allows a Dll to export multiple OID functions for the same
  function name without needing to interpose its own OID dispatcher function.
--------------------------------------------------------------------------
CryptRegisterOIDInfo - function CryptRegisterOIDInfo(pInfo :PCCRYPT_OID_INFO; dwFlags:DWORD):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Register OID information. The OID information specified in the
  CCRYPT_OID_INFO structure is persisted to the registry.
  crypt32.dll contains information for the commonly known OIDs. This function
  allows applications to augment crypt32.dll's OID information. During
  CryptFindOIDInfo's first call, the registered OID information is installed.
  By default the registered OID information is installed after crypt32.dll's
  OID entries. Set CRYPT_INSTALL_OID_INFO_BEFORE_FLAG to install before.
--------------------------------------------------------------------------
CryptReleaseContext - function CryptReleaseContext(hProv :HCRYPTPROV; dwFlags :DWORD) :BOOL;stdcall; Interfaced -
CryptSetHashParam - function CryptSetHashParam(hHash :HCRYPTHASH; dwParam :DWORD; pbData :PBYTE; dwFlags :DWORD) :BOOL;stdcall; Interfaced -
CryptSetKeyParam - function CryptSetKeyParam(hKey :HCRYPTKEY; dwParam :DWORD; pbData :PBYTE; dwFlags :DWORD) :BOOL;stdcall; Interfaced -
CryptSetOIDFunctionValue - function CryptSetOIDFunctionValue(dwEncodingType :DWORD; pszFuncName :LPCSTR; pszOID :LPCSTR; pwszValueName :LPCWSTR; dwValueType :DWORD; const pbValueData :PBYTE; cbValueData :DWORD):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Set the value for the specified encoding type, function name, OID and
  value name.
  See RegSetValueEx for the possible value types.
  String types are UNICODE.
--------------------------------------------------------------------------
CryptSetProvider - function CryptSetProvider(pszProvName :LPAWSTR; dwProvType :DWORD) :BOOL;stdcall; Interfaced -
CryptSetProviderA - function CryptSetProviderA(pszProvName :PAnsiChar; dwProvType :DWORD) :BOOL;stdcall; Interfaced -
CryptSetProviderEx - function CryptSetProviderEx(pszProvName :LPAWSTR; dwProvType :DWORD; pdwReserved :PDWORD; dwFlags :DWORD):BOOL;stdcall; Interfaced -
CryptSetProviderExA - function CryptSetProviderExA(pszProvName :LPCSTR; dwProvType :DWORD; pdwReserved :PDWORD; dwFlags :DWORD):BOOL;stdcall; Interfaced Nt5 advapi32
CryptSetProviderExW - function CryptSetProviderExW(pszProvName :LPCWSTR; dwProvType :DWORD; pdwReserved :PDWORD; dwFlags :DWORD):BOOL;stdcall; Interfaced -
CryptSetProviderU - function CryptSetProviderU(pszProvName :PWideChar; dwProvType :DWORD) :BOOL;stdcall; Interfaced -
CryptSetProviderW - function CryptSetProviderW(pszProvName :PWideChar; dwProvType :DWORD) :BOOL;stdcall; Interfaced -
CryptSetProvParam - function CryptSetProvParam(hProv :HCRYPTPROV; dwParam :DWORD; pbData :PBYTE; dwFlags :DWORD) :BOOL;stdcall; Interfaced -
CryptSignAndEncodeCertificate - function CryptSignAndEncodeCertificate(hCryptProv :HCRYPTPROV; dwKeySpec :DWORD; dwCertEncodingType :DWORD; const lpszStructType :LPCSTR; Interfaced
+-------------------------------------------------------------------------
  Encode the "to be signed" information. Sign the encoded "to be signed".
  Encode the "to be signed" and the signature.
  hCryptProv specifies the crypto provider to use to do the signature.
  It uses the specified private key.
--------------------------------------------------------------------------
CryptSignAndEncryptMessage - function CryptSignAndEncryptMessage(pSignPara :PCRYPT_SIGN_MESSAGE_PARA; pEncryptPara :PCRYPT_ENCRYPT_MESSAGE_PARA; cRecipientCert :DWORD; rgpRecipientCert :array of PCCERT_CONTEXT; const pbToBeSignedAndEncrypted :PBYTE; cbToBeSignedAndEncrypted :DWORD; pbSignedAndEncryptedBlob :PBYTE; pcbSignedAndEncryptedBlob :PDWORD ):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Sign the message and encrypt for the recipient(s). Does a CryptSignMessage
  followed with a CryptEncryptMessage.
  Note: this isn't the CMSG_SIGNED_AND_ENVELOPED. Its a CMSG_SIGNED
  inside of an CMSG_ENVELOPED.
--------------------------------------------------------------------------
CryptSignCertificate - function CryptSignCertificate(hCryptProv :HCRYPTPROV; dwKeySpec :DWORD; dwCertEncodingType :DWORD; const pbEncodedToBeSigned :PBYTE; cbEncodedToBeSigned :DWORD; pSignatureAlgorithm :PCRYPT_ALGORITHM_IDENTIFIER; const pvHashAuxInfo :PVOID; pbSignature :PBYTE; pcbSignature:PDWORD):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Sign the "to be signed" information in the encoded signed content.
  hCryptProv specifies the crypto provider to use to do the signature.
  It uses the specified private key.
--------------------------------------------------------------------------
CryptSignHash - function CryptSignHash(hHash :HCRYPTHASH; dwKeySpec :DWORD; sDescription :LPAWSTR; dwFlags :DWORD; pbSignature :PBYTE; pdwSigLen :PDWORD) :BOOL;stdcall; Interfaced -
CryptSignHashA - function CryptSignHashA(hHash :HCRYPTHASH; dwKeySpec :DWORD; sDescription :PAnsiChar; dwFlags :DWORD; pbSignature :PBYTE; pdwSigLen :PDWORD) :BOOL;stdcall; Interfaced -
CryptSignHashU - function CryptSignHashU(hHash :HCRYPTHASH; dwKeySpec :DWORD; sDescription :PWideChar; dwFlags :DWORD; pbSignature :PBYTE; pdwSigLen :PDWORD) :BOOL;stdcall; Interfaced -
CryptSignHashW - function CryptSignHashW(hHash :HCRYPTHASH; dwKeySpec :DWORD; sDescription :PWideChar; dwFlags :DWORD; pbSignature :PBYTE; pdwSigLen :PDWORD) :BOOL;stdcall; Interfaced -
CryptSignMessage - function CryptSignMessage(pSignPara :PCRYPT_SIGN_MESSAGE_PARA; fDetachedSignature :BOOL; cToBeSigned :DWORD; const rgpbToBeSigned : PBYTE; rgcbToBeSigned : PDWORD; pbSignedBlob :PBYTE; pcbSignedBlob :PDWORD):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Sign the message.
  If fDetachedSignature is TRUE, the "to be signed" content isn't included
  in the encoded signed blob.
--------------------------------------------------------------------------
!UNICODE
CryptSignMessageWithKey - function CryptSignMessageWithKey(pSignPara :PCRYPT_KEY_SIGN_MESSAGE_PARA; const pbToBeSigned :PBYTE; cbToBeSigned :DWORD; pbSignedBlob :PBYTE; pcbSignedBlob :PDWORD):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Sign the message using the provider's private key specified in the
  parameters. A dummy SignerId is created and stored in the message.
  Normally used until a certificate has been created for the key.
--------------------------------------------------------------------------
CryptUnregisterDefaultOIDFunction - function CryptUnregisterDefaultOIDFunction(dwEncodingType :DWORD; pszFuncName :LPCSTR; pwszDll :LPCWSTR):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Unregister the Dll containing the default function to be called for
  the specified encoding type and function name.
--------------------------------------------------------------------------
CryptUnregisterOIDFunction - function CryptUnregisterOIDFunction(dwEncodingType :DWORD; pszFuncName :LPCSTR; pszOID :LPCSTR):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Unregister the Dll containing the function to be called for the specified
  encoding type, function name and OID.
--------------------------------------------------------------------------
CryptUnregisterOIDInfo - function CryptUnregisterOIDInfo(pInfo :PCCRYPT_OID_INFO):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Unregister OID information. Only the pszOID and dwGroupId fields are
  used to identify the OID information to be unregistered.
--------------------------------------------------------------------------
CryptVerifyCertificateSignature - function CryptVerifyCertificateSignature(hCryptProv :HCRYPTPROV; dwCertEncodingType :DWORD; const pbEncoded :PBYTE; cbEncoded :DWORD; pPublicKey :PCERT_PUBLIC_KEY_INFO ):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Verify the signature of a subject certificate or a CRL using the
  public key info
  Returns TRUE for a valid signature.
  hCryptProv specifies the crypto provider to use to verify the signature.
  It doesn't need to use a private key.
--------------------------------------------------------------------------
CryptVerifyDetachedMessageHash - function CryptVerifyDetachedMessageHash(pHashPara :PCRYPT_HASH_MESSAGE_PARA; pbDetachedHashBlob :PBYTE; cbDetachedHashBlob :DWORD; cToBeHashed :DWORD; rgpbToBeHashed :array of PBYTE; rgcbToBeHashed :array of DWORD; pbComputedHash :PBYTE; pcbComputedHash :PDWORD):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Verify a hashed message containing a detached hash.
  The "to be hashed" content is passed in separately. No
  decoded output. Otherwise, identical to CryptVerifyMessageHash.
  pcbComputedHash can be NULL, indicating the caller isn't interested
  in getting the output.
--------------------------------------------------------------------------
CryptVerifyDetachedMessageSignature - function CryptVerifyDetachedMessageSignature(pVerifyPara :PCRYPT_VERIFY_MESSAGE_PARA; dwSignerIndex :DWORD; const pbDetachedSignBlob :PBYTE; cbDetachedSignBlob :DWORD; cToBeSigned :DWORD; const rgpbToBeSigned :array of PBYTE; rgcbToBeSigned :array of DWORD; ppSignerCert :PPCCERT_CONTEXT):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Verify a signed message containing detached signature(s).
  The "to be signed" content is passed in separately. No
  decoded output. Otherwise, identical to CryptVerifyMessageSignature.
--------------------------------------------------------------------------
CryptVerifyMessageHash - function CryptVerifyMessageHash(pHashPara :PCRYPT_HASH_MESSAGE_PARA; pbHashedBlob :PBYTE; cbHashedBlob :DWORD; pbToBeHashed :PBYTE; pcbToBeHashed :PDWORD; pbComputedHash :PBYTE; pcbComputedHash :PDWORD):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Verify a hashed message.
  pcbToBeHashed or pcbComputedHash can be NULL,
  indicating the caller isn't interested in getting the output.
--------------------------------------------------------------------------
CryptVerifyMessageSignature - function CryptVerifyMessageSignature(pVerifyPara :PCRYPT_VERIFY_MESSAGE_PARA; dwSignerIndex :DWORD; const pbSignedBlob :PBYTE; cbSignedBlob :DWORD; pbDecoded :PBYTE; pcbDecoded :DWORD; ppSignerCert :PCCERT_CONTEXT ):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Verify a signed message.
  If pbDecoded == NULL, then, *pcbDecoded is implicitly set to 0 on input.
  For *pcbDecoded == 0 && ppSignerCert == NULL on input, the signer isn't
  verified.
  A message might have more than one signer. Set dwSignerIndex to iterate
  through all the signers. dwSignerIndex == 0 selects the first signer.
  pVerifyPara's pfnGetSignerCertificate is called to get the signer's
  certificate.
  For a verified signer and message, *ppSignerCert is updated
  with the CertContext of the signer. It must be freed by calling
  CertFreeCertificateContext. Otherwise, *ppSignerCert is set to NULL.
  ppSignerCert can be NULL, indicating the caller isn't interested
  in getting the CertContext of the signer.
  pcbDecoded can be NULL, indicating the caller isn't interested in getting
  the decoded content. Furthermore, if the message doesn't contain any
  content or signers, then, pcbDecoded must be set to NULL, to allow the
  pVerifyPara->pfnGetCertificate to be called. Normally, this would be
  the case when the signed message contains only certficates and CRLs.
  If pcbDecoded is NULL and the message doesn't have the indicated signer,
  pfnGetCertificate is called with pSignerId set to NULL.
  If the message doesn't contain any signers || dwSignerIndex > message's
  SignerCount, then, an error is returned with LastError set to
  CRYPT_E_NO_SIGNER. Also, for CRYPT_E_NO_SIGNER, pfnGetSignerCertificate
  is still called with pSignerId set to NULL.
  Note, an alternative way to get the certificates and CRLs from a
  signed message is to call CryptGetMessageCertificates.
--------------------------------------------------------------------------
function CryptSignMessageWithKey; external CRYPT32 name 'CryptSignMessageWithKey';
CryptVerifyMessageSignatureWithKey - function CryptVerifyMessageSignatureWithKey(pVerifyPara :PCRYPT_KEY_VERIFY_MESSAGE_PARA; pPublicKeyInfo :PCERT_PUBLIC_KEY_INFO; const pbSignedBlob :PBYTE; cbSignedBlob :DWORD; pbDecoded :PBYTE; pcbDecoded :PDWORD):BOOL ; stdcall; Interfaced
+-------------------------------------------------------------------------
  Verify a signed message using the specified public key info.
  Normally called by a CA until it has created a certificate for the
  key.
  pPublicKeyInfo contains the public key to use to verify the signed
  message. If NULL, the signature isn't verified (for instance, the decoded
  content may contain the PublicKeyInfo).
  pcbDecoded can be NULL, indicating the caller isn't interested
  in getting the decoded content.
--------------------------------------------------------------------------
CryptVerifySignature - function CryptVerifySignature(hHash :HCRYPTHASH; const pbSignature :PBYTE; dwSigLen :DWORD; hPubKey :HCRYPTKEY; sDescription :LPAWSTR; dwFlags :DWORD) :BOOL;stdcall; Interfaced -
CryptVerifySignatureA - function CryptVerifySignatureA(hHash :HCRYPTHASH; const pbSignature :PBYTE; dwSigLen :DWORD; hPubKey :HCRYPTKEY; sDescription :PAnsiChar; dwFlags :DWORD) :BOOL;stdcall; Interfaced -
CryptVerifySignatureW - function CryptVerifySignatureW(hHash :HCRYPTHASH; const pbSignature :PBYTE; dwSigLen :DWORD; hPubKey :HCRYPTKEY; sDescription :PWideChar; dwFlags :DWORD) :BOOL;stdcall; Interfaced -
FindCertsByIssuer - function FindCertsByIssuer(pCertChains :PCERT_CHAIN; pcbCertChains :PDWORD; pcCertChains :PDWORD; Interfaced
WINCRYPT32API    This is not exported by crypt32, it is exported by softpub
!UNICODE
GET_ALG_CLASS - function GET_ALG_CLASS(x:integer) :integer; Interfaced
ALG_ID crackers
Macro inplementation
GET_ALG_SID - function GET_ALG_SID(x:integer) :integer; Interfaced -
GET_ALG_TYPE - function GET_ALG_TYPE(x:integer) :integer; Interfaced -
GET_CERT_ALT_NAME_ENTRY_ERR_INDEX - function GET_CERT_ALT_NAME_ENTRY_ERR_INDEX(X :DWORD):DWORD; Interfaced
#define GET_CERT_ALT_NAME_ENTRY_ERR_INDEX(X)   \
    ((X >> CERT_ALT_NAME_ENTRY_ERR_INDEX_SHIFT) & \
                                  CERT_ALT_NAME_ENTRY_ERR_INDEX_MASK)
GET_CERT_ALT_NAME_VALUE_ERR_INDEX - function GET_CERT_ALT_NAME_VALUE_ERR_INDEX(X :DWORD):DWORD; Interfaced
#define GET_CERT_ALT_NAME_VALUE_ERR_INDEX(X) \
    (X & CERT_ALT_NAME_VALUE_ERR_INDEX_MASK)
GET_CERT_ENCODING_TYPE - function GET_CERT_ENCODING_TYPE(X :DWORD):DWORD; Interfaced
#define GET_CERT_ENCODING_TYPE(X)   (X & CERT_ENCODING_TYPE_MASK)
#define GET_CMSG_ENCODING_TYPE(X)   (X & CMSG_ENCODING_TYPE_MASK)
GET_CERT_UNICODE_ATTR_ERR_INDEX - function GET_CERT_UNICODE_ATTR_ERR_INDEX(X :integer):integer; Interfaced
#define GET_CERT_UNICODE_ATTR_ERR_INDEX(X)  \
    ((X >> CERT_UNICODE_ATTR_ERR_INDEX_SHIFT) & CERT_UNICODE_ATTR_ERR_INDEX_MASK)
GET_CERT_UNICODE_RDN_ERR_INDEX - function GET_CERT_UNICODE_RDN_ERR_INDEX(X :integer):integer; Interfaced
#define GET_CERT_UNICODE_RDN_ERR_INDEX(X)   \
    ((X >> CERT_UNICODE_RDN_ERR_INDEX_SHIFT) & CERT_UNICODE_RDN_ERR_INDEX_MASK)
GET_CERT_UNICODE_VALUE_ERR_INDEX - function GET_CERT_UNICODE_VALUE_ERR_INDEX(X :integer):integer; Interfaced
#define GET_CERT_UNICODE_VALUE_ERR_INDEX(X) \
    (X & CERT_UNICODE_VALUE_ERR_INDEX_MASK)
GET_CMSG_ENCODING_TYPE - function GET_CMSG_ENCODING_TYPE(X :DWORD):DWORD; Interfaced -
GET_CRL_DIST_POINT_ERR_INDEX - function GET_CRL_DIST_POINT_ERR_INDEX(X :DWORD):DWORD; Interfaced
#define GET_CRL_DIST_POINT_ERR_INDEX(X)   \
    ((X >> CRL_DIST_POINT_ERR_INDEX_SHIFT) & CRL_DIST_POINT_ERR_INDEX_MASK)
IS_CERT_HASH_PROP_ID - function IS_CERT_HASH_PROP_ID( X :DWORD):BOOL ; Interfaced -
IS_CERT_RDN_CHAR_STRING - function IS_CERT_RDN_CHAR_STRING(X :DWORD) :BOOL; Interfaced
Macro to check that the dwValueType is a character string and not an
 encoded blob or octet string
version 2 /////////////////////////
IS_CRL_DIST_POINT_ERR_CRL_ISSUER - function IS_CRL_DIST_POINT_ERR_CRL_ISSUER(X :DWORD):BOOL; Interfaced
#define IS_CRL_DIST_POINT_ERR_CRL_ISSUER(X)   \
    (0 != (X & CRL_DIST_POINT_ERR_CRL_ISSUER_BIT))
RCRYPT_FAILED - function RCRYPT_FAILED(rt:BOOL):BOOL; Interfaced -
RCRYPT_SUCCEEDED - function RCRYPT_SUCCEEDED(rt:BOOL):BOOL; Interfaced
+-------------------------------------------------------------------------
'  Certificate, CRL and CTL property IDs
'
'  See CertSetCertificateContextProperty or CertGetCertificateContextProperty
'  for usage information.
'--------------------------------------------------------------------------

  CERT_KEY_PROV_HANDLE_PROP_ID = 1;  // JLI
  CERT_KEY_PROV_INFO_PROP_ID = 2;
  CERT_SHA1_HASH_PROP_ID = 3;
  CERT_MD5_HASH_PROP_ID = 4;

  CERT_HASH_PROP_ID = CERT_SHA1_HASH_PROP_ID;
  CERT_KEY_CONTEXT_PROP_ID = 5;
  CERT_KEY_SPEC_PROP_ID = 6;
  CERT_IE30_RESERVED_PROP_ID = 7;
  CERT_PUBKEY_HASH_RESERVED_PROP_ID = 8;
  CERT_ENHKEY_USAGE_PROP_ID = 9;
  CERT_CTL_USAGE_PROP_ID = CERT_ENHKEY_USAGE_PROP_ID;
  CERT_NEXT_UPDATE_LOCATION_PROP_ID = 10;
  CERT_FRIENDLY_NAME_PROP_ID = 11;
  CERT_PVK_FILE_PROP_ID = 12;
  CERT_DESCRIPTION_PROP_ID = 13;
  CERT_ACCESS_STATE_PROP_ID = 14;
  CERT_SIGNATURE_HASH_PROP_ID = 15;
  CERT_SMART_CARD_DATA_PROP_ID = 16;
  CERT_EFS_PROP_ID = 17;
  CERT_FORTEZZA_DATA_PROP_ID = 18;
  CERT_ARCHIVED_PROP_ID = 19;
  CERT_KEY_IDENTIFIER_PROP_ID = 20;
  CERT_AUTO_ENROLL_PROP_ID = 21;
  CERT_PUBKEY_ALG_PARA_PROP_ID = 22;

  CERT_FIRST_RESERVED_PROP_ID = 23;
//  Note, 32 - 35 are reserved for the CERT, CRL, CTL and KeyId file element IDs.
const
  CERT_LAST_RESERVED_PROP_ID = $7FFF;
  CERT_FIRST_USER_PROP_ID = $8000;
  CERT_LAST_USER_PROP_ID = $FFFF;

Constants

Name Declaration Scope Comments
ADVAPI32 'advapi32.dll' Interfaced -
ADVAPI32NT5 'advapi32.dll' Interfaced -
ALD_SID_SAFERSK128 8 Interfaced -
ALG_CLASS_ANY 0 Interfaced Algorithm classes
ALG_CLASS_DATA_ENCRYPT (3 shl 13) Interfaced -
ALG_CLASS_HASH (4 shl 13) Interfaced -
ALG_CLASS_KEY_EXCHANGE (5 shl 13) Interfaced -
ALG_CLASS_MSG_ENCRYPT (2 shl 13) Interfaced -
ALG_CLASS_SIGNATURE (1 shl 13) Interfaced -
ALG_SID_3DES 3 Interfaced -
ALG_SID_3DES_112 9 Interfaced -
ALG_SID_AES 17 Interfaced -
ALG_SID_AES_128 14 Interfaced Added Sept. 2010 source Windows 7 sdk
ALG_SID_AES_192 15 Interfaced -
ALG_SID_AES_256 16 Interfaced -
ALG_SID_AGREED_KEY_ANY 3 Interfaced -
ALG_SID_ANY 0 Interfaced Generic sub-ids
ALG_SID_CAST 6 Interfaced -
ALG_SID_CYLINK_MEK 12 Interfaced -
ALG_SID_DES 1 Interfaced
Block cipher sub ids
 DES sub_ids
ALG_SID_DESX 4 Interfaced -
ALG_SID_DH_EPHEM 2 Interfaced -
ALG_SID_DH_SANDF 1 Interfaced Diffie-Hellman sub-ids
ALG_SID_DSS_ANY 0 Interfaced Some DSS sub-ids
ALG_SID_DSS_DMS 2 Interfaced -
ALG_SID_DSS_PKCS 1 Interfaced -
ALG_SID_EXAMPLE 80 Interfaced Our silly example sub-id
ALG_SID_HMAC 9 Interfaced -
ALG_SID_IDEA 5 Interfaced -
ALG_SID_KEA 4 Interfaced -
ALG_SID_MAC 5 Interfaced -
ALG_SID_MD2 1 Interfaced Hash sub ids
ALG_SID_MD4 2 Interfaced -
ALG_SID_MD5 3 Interfaced -
ALG_SID_PCT1_MASTER 4 Interfaced -
ALG_SID_RC2 2 Interfaced RC2 sub-ids
ALG_SID_RC4 1 Interfaced Stream cipher sub-ids
ALG_SID_RC5 13 Interfaced -
ALG_SID_RIPEMD 6 Interfaced -
ALG_SID_RIPEMD160 7 Interfaced -
ALG_SID_RSA_ANY 0 Interfaced Some RSA sub-ids
ALG_SID_RSA_ENTRUST 3 Interfaced -
ALG_SID_RSA_MSATWORK 2 Interfaced -
ALG_SID_RSA_PGP 4 Interfaced -
ALG_SID_RSA_PKCS 1 Interfaced -
ALG_SID_SAFERSK128 8 Interfaced -
ALG_SID_SAFERSK64 7 Interfaced -
ALG_SID_SCHANNEL_ENC_KEY 7 Interfaced -
ALG_SID_SCHANNEL_MAC_KEY 3 Interfaced -
ALG_SID_SCHANNEL_MASTER_HASH 2 Interfaced -
ALG_SID_SEAL 2 Interfaced -
ALG_SID_SHA 4 Interfaced -
ALG_SID_SHA_256 12 Interfaced Added Sept. 2010 source Windows 7 SDK
ALG_SID_SHA_384 13 Interfaced -
ALG_SID_SHA_512 14 Interfaced -
ALG_SID_SHA1 4 Interfaced -
ALG_SID_SKIPJACK 10 Interfaced Fortezza sub-ids
ALG_SID_SSL2_MASTER 5 Interfaced -
ALG_SID_SSL3_MASTER 1 Interfaced Secure channel sub ids
ALG_SID_SSL3SHAMD5 8 Interfaced -
ALG_SID_TEK 11 Interfaced -
ALG_SID_TLS1_MASTER 6 Interfaced -
ALG_TYPE_ANY 0 Interfaced Algorithm types
ALG_TYPE_BLOCK (3 shl 9) Interfaced -
ALG_TYPE_DH (5 shl 9) Interfaced -
ALG_TYPE_DSS (1 shl 9) Interfaced -
ALG_TYPE_RSA (2 shl 9) Interfaced -
ALG_TYPE_SECURECHANNEL (6 shl 9) Interfaced -
ALG_TYPE_STREAM (4 shl 9) Interfaced -
AT_KEYEXCHANGE 1 Interfaced -
AT_SIGNATURE 2 Interfaced -
CALG_3DES (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_3DES) Interfaced -
CALG_3DES_112 (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_3DES_112) Interfaced -
CALG_AES (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_AES) Interfaced -
CALG_AES_128 (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_AES_128) Interfaced Added Sept. 2010 source Windows 7 SDK
CALG_AES_192 (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_AES_192) Interfaced -
CALG_AES_256 (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_AES_256) Interfaced -
CALG_AGREEDKEY_ANY (ALG_CLASS_KEY_EXCHANGE or ALG_TYPE_DH or ALG_SID_AGREED_KEY_ANY) Interfaced -
CALG_CYLINK_MEK (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_CYLINK_MEK) Interfaced -
CALG_DES (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_DES) Interfaced -
CALG_DH_EPHEM (ALG_CLASS_KEY_EXCHANGE or ALG_TYPE_DH or ALG_SID_DH_EPHEM) Interfaced -
CALG_DH_SF (ALG_CLASS_KEY_EXCHANGE or ALG_TYPE_DH or ALG_SID_DH_SANDF) Interfaced -
CALG_DSS_SIGN (ALG_CLASS_SIGNATURE or ALG_TYPE_DSS or ALG_SID_DSS_ANY) Interfaced -
CALG_HMAC (ALG_CLASS_HASH or ALG_TYPE_ANY or ALG_SID_HMAC) Interfaced -
CALG_HUGHES_MD5 (ALG_CLASS_KEY_EXCHANGE or ALG_TYPE_ANY or ALG_SID_MD5) Interfaced -
CALG_KEA_KEYX (ALG_CLASS_KEY_EXCHANGE or ALG_TYPE_DH or ALG_SID_KEA) Interfaced -
CALG_MAC (ALG_CLASS_HASH or ALG_TYPE_ANY or ALG_SID_MAC) Interfaced -
CALG_MD2 (ALG_CLASS_HASH or ALG_TYPE_ANY or ALG_SID_MD2) Interfaced -
CALG_MD4 (ALG_CLASS_HASH or ALG_TYPE_ANY or ALG_SID_MD4) Interfaced -
CALG_MD5 (ALG_CLASS_HASH or ALG_TYPE_ANY or ALG_SID_MD5) Interfaced -
CALG_PCT1_MASTER (ALG_CLASS_MSG_ENCRYPT or ALG_TYPE_SECURECHANNEL or ALG_SID_PCT1_MASTER) Interfaced -
CALG_RC2 (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_RC2) Interfaced -
CALG_RC4 (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_STREAM or ALG_SID_RC4) Interfaced -
CALG_RC5 (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_RC5) Interfaced -
CALG_RSA_KEYX (ALG_CLASS_KEY_EXCHANGE or ALG_TYPE_RSA or ALG_SID_RSA_ANY) Interfaced -
CALG_RSA_SIGN (ALG_CLASS_SIGNATURE or ALG_TYPE_RSA or ALG_SID_RSA_ANY) Interfaced -
CALG_SCHANNEL_ENC_KEY (ALG_CLASS_MSG_ENCRYPT or ALG_TYPE_SECURECHANNEL or ALG_SID_SCHANNEL_ENC_KEY) Interfaced -
CALG_SCHANNEL_MAC_KEY (ALG_CLASS_MSG_ENCRYPT or ALG_TYPE_SECURECHANNEL or ALG_SID_SCHANNEL_MAC_KEY) Interfaced -
CALG_SCHANNEL_MASTER_HASH (ALG_CLASS_MSG_ENCRYPT or ALG_TYPE_SECURECHANNEL or ALG_SID_SCHANNEL_MASTER_HASH) Interfaced -
CALG_SEAL (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_STREAM or ALG_SID_SEAL) Interfaced -
CALG_SHA (ALG_CLASS_HASH or ALG_TYPE_ANY or ALG_SID_SHA) Interfaced -
CALG_SHA_256 (ALG_CLASS_HASH or ALG_TYPE_ANY or ALG_SID_SHA_256) Interfaced -
CALG_SHA_384 (ALG_CLASS_HASH or ALG_TYPE_ANY or ALG_SID_SHA_384) Interfaced -
CALG_SHA_512 (ALG_CLASS_HASH or ALG_TYPE_ANY or ALG_SID_SHA_512) Interfaced -
CALG_SHA1 (ALG_CLASS_HASH or ALG_TYPE_ANY or ALG_SID_SHA1) Interfaced -
CALG_SKIPJACK (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_SKIPJACK) Interfaced -
CALG_SSL2_MASTER (ALG_CLASS_MSG_ENCRYPT or ALG_TYPE_SECURECHANNEL or ALG_SID_SSL2_MASTER) Interfaced -
CALG_SSL3_MASTER (ALG_CLASS_MSG_ENCRYPT or ALG_TYPE_SECURECHANNEL or ALG_SID_SSL3_MASTER) Interfaced -
CALG_SSL3_SHAMD5 (ALG_CLASS_HASH or ALG_TYPE_ANY or ALG_SID_SSL3SHAMD5) Interfaced -
CALG_TEK (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_TEK) Interfaced -
CALG_TLS1_MASTER (ALG_CLASS_MSG_ENCRYPT or ALG_TYPE_SECURECHANNEL or ALG_SID_TLS1_MASTER) Interfaced -
CERT_ACCESS_STATE_PROP_ID 14 Interfaced JLI
CERT_ALT_NAME_DIRECTORY_NAME 5 Interfaced -
CERT_ALT_NAME_DNS_NAME 3 Interfaced -
CERT_ALT_NAME_EDI_PARTY_NAME 6 Interfaced -
CERT_ALT_NAME_ENTRY_ERR_INDEX_MASK $FF Interfaced -
CERT_ALT_NAME_ENTRY_ERR_INDEX_SHIFT 16 Interfaced -
CERT_ALT_NAME_IP_ADDRESS 8 Interfaced -
CERT_ALT_NAME_OTHER_NAME 1 Interfaced -
CERT_ALT_NAME_REGISTERED_ID 9 Interfaced -
CERT_ALT_NAME_RFC822_NAME 2 Interfaced -
CERT_ALT_NAME_URL 7 Interfaced -
CERT_ALT_NAME_VALUE_ERR_INDEX_MASK $0000FFFF Interfaced -
CERT_ALT_NAME_VALUE_ERR_INDEX_SHIFT 0 Interfaced -
CERT_ALT_NAME_X400_ADDRESS 4 Interfaced -
CERT_ARCHIVED_PROP_ID 19 Interfaced -
CERT_AUTO_ENROLL_PROP_ID 21 Interfaced -
CERT_CA_SUBJECT_FLAG $80 Interfaced -
CERT_CHAIN_CACHE_END_CERT $00000001 Interfaced -
CERT_CHAIN_CACHE_ONLY_URL_RETRIEVAL $00000004 Interfaced -
CERT_CHAIN_DISABLE_AUTH_ROOT_AUTO_UPDATE $00000100 Interfaced -
CERT_CHAIN_DISABLE_PASS1_QUALITY_FILTERING $00000040 Interfaced
First pass determines highest quality based upon:
  - Chain signature valid (higest quality bit of this set)
  - Complete chain
  - Trusted root          (lowestest quality bit of this set)
 By default, second pass only considers paths >= highest first pass quality
CERT_CHAIN_ENABLE_CACHE_AUTO_UPDATE $00000010 Interfaced -
CERT_CHAIN_ENABLE_SHARE_STORE $00000020 Interfaced -
CERT_CHAIN_FIND_BY_ISSUER 1 Interfaced -
CERT_CHAIN_POLICY_ALLOW_TESTROOT_FLAG $00008000 Interfaced -
CERT_CHAIN_POLICY_ALLOW_UNKNOWN_CA_FLAG $00000010 Interfaced -
CERT_CHAIN_POLICY_AUTHENTICODE LPCSTR('2') Interfaced -
CERT_CHAIN_POLICY_AUTHENTICODE_TS LPCSTR('3') Interfaced -
CERT_CHAIN_POLICY_BASE LPCSTR('1') Interfaced -
CERT_CHAIN_POLICY_BASIC_CONSTRAINTS LPCSTR('5') Interfaced -
CERT_CHAIN_POLICY_IGNORE_ALL_NOT_TIME_VALID_FLAGS ( Interfaced -
CERT_CHAIN_POLICY_IGNORE_ALL_REV_UNKNOWN_FLAGS ( Interfaced -
CERT_CHAIN_POLICY_IGNORE_CA_REV_UNKNOWN_FLAG $00000400 Interfaced -
CERT_CHAIN_POLICY_IGNORE_CTL_NOT_TIME_VALID_FLAG $00000002 Interfaced -
CERT_CHAIN_POLICY_IGNORE_CTL_SIGNER_REV_UNKNOWN_FLAG $00000200 Interfaced -
CERT_CHAIN_POLICY_IGNORE_END_REV_UNKNOWN_FLAG $00000100 Interfaced -
CERT_CHAIN_POLICY_IGNORE_INVALID_BASIC_CONSTRAINTS_FLAG $00000008 Interfaced -
CERT_CHAIN_POLICY_IGNORE_INVALID_NAME_FLAG $00000040 Interfaced -
CERT_CHAIN_POLICY_IGNORE_INVALID_POLICY_FLAG $00000080 Interfaced -
CERT_CHAIN_POLICY_IGNORE_NOT_TIME_NESTED_FLAG $00000004 Interfaced -
CERT_CHAIN_POLICY_IGNORE_NOT_TIME_VALID_FLAG $00000001 Interfaced -
CERT_CHAIN_POLICY_IGNORE_ROOT_REV_UNKNOWN_FLAG $00000800 Interfaced -
CERT_CHAIN_POLICY_IGNORE_WRONG_USAGE_FLAG $00000020 Interfaced -
CERT_CHAIN_POLICY_MICROSOFT_ROOT LPCSTR('7') Interfaced -
CERT_CHAIN_POLICY_NT_AUTH LPCSTR('6') Interfaced -
CERT_CHAIN_POLICY_SSL LPCSTR('4') Interfaced -
CERT_CHAIN_POLICY_TRUST_TESTROOT_FLAG $00004000 Interfaced -
CERT_CHAIN_RETURN_LOWER_QUALITY_CONTEXTS $00000080 Interfaced -
CERT_CHAIN_REVOCATION_ACCUMULATIVE_TIMEOUT $08000000 Interfaced
By default, the dwUrlRetrievalTimeout in pChainPara is the timeout used
 for each revocation URL wire retrieval. When the following flag is set,
 dwUrlRetrievalTimeout is the accumulative timeout across all
 revocation URL wire retrievals.
CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY $80000000 Interfaced -
CERT_CHAIN_REVOCATION_CHECK_CHAIN $20000000 Interfaced -
CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT $40000000 Interfaced -
CERT_CHAIN_REVOCATION_CHECK_END_CERT $10000000 Interfaced -
CERT_CHAIN_THREAD_STORE_SYNC $00000002 Interfaced -
CERT_CHAIN_TIMESTAMP_TIME $00000200 Interfaced
When this flag is set, pTime will be used as the timestamp time.
 pTime will be used to determine if the end certificate was valid at this
 time. Revocation checking will be relative to pTime.
 In addition, current time will also be used
 to determine if the certificate is still time valid. All remaining
 CA and root certificates will be checked using current time and not pTime.
 This flag was added 4/5/01 in WXP.
CERT_CHAIN_USE_LOCAL_MACHINE_STORE $00000008 Interfaced -
CERT_CLOSE_STORE_CHECK_FLAG $00000002 Interfaced -
CERT_CLOSE_STORE_FORCE_FLAG $00000001 Interfaced
+-------------------------------------------------------------------------
  Certificate Store close flags
--------------------------------------------------------------------------
CERT_COMPARE_ANY 0 Interfaced -
CERT_COMPARE_ATTR 3 Interfaced -
CERT_COMPARE_CTL_USAGE CERT_COMPARE_ENHKEY_USAGE Interfaced -
CERT_COMPARE_ENHKEY_USAGE 10 Interfaced -
CERT_COMPARE_HASH CERT_COMPARE_SHA1_HASH Interfaced -
CERT_COMPARE_KEY_SPEC 9 Interfaced -
CERT_COMPARE_MD5_HASH 4 Interfaced -
CERT_COMPARE_NAME 2 Interfaced -
CERT_COMPARE_NAME_STR_A 7 Interfaced -
CERT_COMPARE_NAME_STR_W 8 Interfaced -
CERT_COMPARE_PROPERTY 5 Interfaced -
CERT_COMPARE_PUBLIC_KEY 6 Interfaced -
CERT_COMPARE_SHA1_HASH 1 Interfaced -
CERT_COMPARE_SHIFT 16 Interfaced
+-------------------------------------------------------------------------
 Certificate comparison functions
--------------------------------------------------------------------------
CERT_CONTEXT_REVOCATION_TYPE 1 Interfaced
+-------------------------------------------------------------------------
  Revocation types
--------------------------------------------------------------------------
CERT_CRL_SIGN_KEY_USAGE $02 Interfaced -
CERT_CTL_USAGE_PROP_ID CERT_ENHKEY_USAGE_PROP_ID Interfaced -
CERT_DATA_ENCIPHERMENT_KEY_USAGE $10 Interfaced -
CERT_DEFAULT_OID_PUBLIC_KEY_SIGN szOID_RSA_RSA Interfaced -
CERT_DEFAULT_OID_PUBLIC_KEY_XCHG szOID_RSA_RSA Interfaced -
CERT_DESCRIPTION_PROP_ID 13 Interfaced
Note, 32 - 34 are reserved for the CERT, CRL and CTL file element IDs.

 JLI
CERT_DIGITAL_SIGNATURE_KEY_USAGE $80 Interfaced -
CERT_DSS_R_LEN 20 Interfaced -
CERT_DSS_S_LEN 20 Interfaced -
CERT_DSS_SIGNATURE_LEN (CERT_DSS_R_LEN + CERT_DSS_S_LEN) Interfaced -
CERT_EFS_PROP_ID 17 Interfaced -
CERT_ENCODING_TYPE_MASK $0000FFFF Interfaced -
CERT_END_ENTITY_SUBJECT_FLAG $40 Interfaced -
CERT_ENHKEY_USAGE_PROP_ID 9 Interfaced -
CERT_FIND_ANY (CERT_COMPARE_ANY shl CERT_COMPARE_SHIFT) Interfaced
+-------------------------------------------------------------------------
  dwFindType
  The dwFindType definition consists of two components:
   - comparison function
   - certificate information flag
--------------------------------------------------------------------------
CERT_FIND_CTL_USAGE CERT_FIND_ENHKEY_USAGE Interfaced -
CERT_FIND_ENHKEY_USAGE (CERT_COMPARE_ENHKEY_USAGE shl CERT_COMPARE_SHIFT) Interfaced -
CERT_FIND_EXT_ONLY_CTL_USAGE_FLAG CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG Interfaced -
CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG $2 Interfaced -
CERT_FIND_HASH CERT_FIND_SHA1_HASH Interfaced -
CERT_FIND_ISSUER_ATTR (CERT_COMPARE_ATTR shl CERT_COMPARE_SHIFT or CERT_INFO_ISSUER_FLAG) Interfaced -
CERT_FIND_ISSUER_NAME (CERT_COMPARE_NAME shl CERT_COMPARE_SHIFT or CERT_INFO_ISSUER_FLAG) Interfaced -
CERT_FIND_ISSUER_STR CERT_FIND_ISSUER_STR_W Interfaced -
CERT_FIND_ISSUER_STR_A (CERT_COMPARE_NAME_STR_A shl CERT_COMPARE_SHIFT or CERT_INFO_ISSUER_FLAG) Interfaced -
CERT_FIND_ISSUER_STR_W (CERT_COMPARE_NAME_STR_W shl CERT_COMPARE_SHIFT or CERT_INFO_ISSUER_FLAG) Interfaced -
CERT_FIND_KEY_SPEC (CERT_COMPARE_KEY_SPEC shl CERT_COMPARE_SHIFT) Interfaced -
CERT_FIND_MD5_HASH (CERT_COMPARE_MD5_HASH shl CERT_COMPARE_SHIFT) Interfaced -
CERT_FIND_NO_CTL_USAGE_FLAG CERT_FIND_NO_ENHKEY_USAGE_FLAG Interfaced -
CERT_FIND_NO_ENHKEY_USAGE_FLAG $8 Interfaced -
CERT_FIND_OPTIONAL_CTL_USAGE_FLAG CERT_FIND_OPTIONAL_ENHKEY_USAGE_FLAG Interfaced -
CERT_FIND_OPTIONAL_ENHKEY_USAGE_FLAG $1 Interfaced
+-------------------------------------------------------------------------
  CERT_FIND_ENHKEY_USAGE
  Find a certificate having the szOID_ENHANCED_KEY_USAGE extension or
  the CERT_ENHKEY_USAGE_PROP_ID and matching the specified pszUsageIdentifers.
  pvFindPara points to a CERT_ENHKEY_USAGE data structure. If pvFindPara
  is NULL or CERT_ENHKEY_USAGE's cUsageIdentifier is 0, then, matches any
  certificate having enhanced key usage.
  The CERT_FIND_OPTIONAL_ENHKEY_USAGE_FLAG can be set in dwFindFlags to
  also match a certificate without either the extension or property.
  If CERT_FIND_NO_ENHKEY_USAGE_FLAG is set in dwFindFlags, finds
  certificates without the key usage extension or property. Setting this
  flag takes precedence over pvFindPara being NULL.
  If the CERT_FIND_EXT_ONLY_ENHKEY_USAGE_FLAG is set, then, only does a match
  using the extension. If pvFindPara is NULL or cUsageIdentifier is set to
  0, finds certificates having the extension. If
  CERT_FIND_OPTIONAL_ENHKEY_USAGE_FLAG is set, also matches a certificate
  without the extension. If CERT_FIND_NO_ENHKEY_USAGE_FLAG is set, finds
  certificates without the extension.
  If the CERT_FIND_EXT_PROP_ENHKEY_USAGE_FLAG is set, then, only does a match
  using the property. If pvFindPara is NULL or cUsageIdentifier is set to
  0, finds certificates having the property. If
  CERT_FIND_OPTIONAL_ENHKEY_USAGE_FLAG is set, also matches a certificate
  without the property. If CERT_FIND_NO_ENHKEY_USAGE_FLAG is set, finds
  certificates without the property.
--------------------------------------------------------------------------
CERT_FIND_PROP_ONLY_CTL_USAGE_FLAG CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG Interfaced -
CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAG $4 Interfaced -
CERT_FIND_PROPERTY (CERT_COMPARE_PROPERTY shl CERT_COMPARE_SHIFT) Interfaced -
CERT_FIND_PUBLIC_KEY (CERT_COMPARE_PUBLIC_KEY shl CERT_COMPARE_SHIFT) Interfaced -
CERT_FIND_SHA1_HASH (CERT_COMPARE_SHA1_HASH shl CERT_COMPARE_SHIFT) Interfaced -
CERT_FIND_SUBJECT_ATTR (CERT_COMPARE_ATTR shl CERT_COMPARE_SHIFT or CERT_INFO_SUBJECT_FLAG) Interfaced -
CERT_FIND_SUBJECT_NAME (CERT_COMPARE_NAME shl CERT_COMPARE_SHIFT or CERT_INFO_SUBJECT_FLAG) Interfaced -
CERT_FIND_SUBJECT_STR CERT_FIND_SUBJECT_STR_W Interfaced -
CERT_FIND_SUBJECT_STR_A (CERT_COMPARE_NAME_STR_A shl CERT_COMPARE_SHIFT or CERT_INFO_SUBJECT_FLAG) Interfaced -
CERT_FIND_SUBJECT_STR_W (CERT_COMPARE_NAME_STR_W shl CERT_COMPARE_SHIFT or CERT_INFO_SUBJECT_FLAG) Interfaced -
CERT_FIRST_RESERVED_PROP_ID 23 Interfaced -
CERT_FIRST_USER_PROP_ID $00008000 Interfaced -
CERT_FORTEZZA_DATA_PROP_ID 18 Interfaced -
CERT_FRIENDLY_NAME_PROP_ID 11 Interfaced -
CERT_HASH_PROP_ID CERT_SHA1_HASH_PROP_ID Interfaced -
CERT_IE30_RESERVED_PROP_ID 7 Interfaced -
CERT_INFO_EXTENSION_FLAG 11 Interfaced -
CERT_INFO_ISSUER_FLAG 4 Interfaced -
CERT_INFO_ISSUER_UNIQUE_ID_FLAG 9 Interfaced -
CERT_INFO_NOT_AFTER_FLAG 6 Interfaced -
CERT_INFO_NOT_BEFORE_FLAG 5 Interfaced -
CERT_INFO_SERIAL_NUMBER_FLAG 2 Interfaced -
CERT_INFO_SIGNATURE_ALGORITHM_FLAG 3 Interfaced -
CERT_INFO_SUBJECT_FLAG 7 Interfaced -
CERT_INFO_SUBJECT_PUBLIC_KEY_INFO_FLAG 8 Interfaced -
CERT_INFO_SUBJECT_UNIQUE_ID_FLAG 10 Interfaced -
CERT_INFO_VERSION_FLAG 1 Interfaced
+-------------------------------------------------------------------------
  Certificate Information Flags
--------------------------------------------------------------------------
CERT_KEY_AGREEMENT_KEY_USAGE $08 Interfaced -
CERT_KEY_CERT_SIGN_KEY_USAGE $04 Interfaced -
CERT_KEY_CONTEXT_PROP_ID 5 Interfaced -
CERT_KEY_ENCIPHERMENT_KEY_USAGE $20 Interfaced -
CERT_KEY_IDENTIFIER_PROP_ID 20 Interfaced -
CERT_KEY_PROV_HANDLE_PROP_ID 1 Interfaced -
CERT_KEY_PROV_INFO_PROP_ID 2 Interfaced -
CERT_KEY_SPEC_PROP_ID 6 Interfaced -
CERT_KEYGEN_REQUEST_V1 0 Interfaced -
CERT_LAST_RESERVED_PROP_ID $00007FFF Interfaced Note, 32 - 35 are reserved for the CERT, CRL, CTL and KeyId file element IDs.
CERT_LAST_USER_PROP_ID $0000FFFF Interfaced -
CERT_MAX_ASN_ENCODED_DSS_SIGNATURE_LEN (2 + 2*(2 + 20 +1)) Interfaced
Sequence of 2 unsigned integers (the extra +1 is for a potential leading
 0x00 to make the integer unsigned)
CERT_MD5_HASH_PROP_ID 4 Interfaced -
CERT_NAME_ATTR_TYPE 3 Interfaced -
CERT_NAME_EMAIL_TYPE 1 Interfaced Certificate Name Types} // JLI
CERT_NAME_FRIENDLY_DISPLAY_TYPE 5 Interfaced -
CERT_NAME_RDN_TYPE 2 Interfaced -
CERT_NAME_SIMPLE_DISPLAY_TYPE 4 Interfaced -
CERT_NAME_STR_COMMA_FLAG $04000000 Interfaced -
CERT_NAME_STR_CRLF_FLAG $08000000 Interfaced -
CERT_NAME_STR_NO_PLUS_FLAG $20000000 Interfaced -
CERT_NAME_STR_NO_QUOTING_FLAG $10000000 Interfaced -
CERT_NAME_STR_SEMICOLON_FLAG $40000000 Interfaced
+-------------------------------------------------------------------------
  Certificate name string type flags OR'ed with the above types
--------------------------------------------------------------------------
CERT_NEXT_UPDATE_LOCATION_PROP_ID 10 Interfaced -
CERT_NON_REPUDIATION_KEY_USAGE $40 Interfaced -
CERT_OFFLINE_CRL_SIGN_KEY_USAGE $02 Interfaced -
CERT_OID_NAME_STR 2 Interfaced -
CERT_PUBKEY_ALG_PARA_PROP_ID 22 Interfaced -
CERT_PUBKEY_HASH_RESERVED_PROP_ID 8 Interfaced -
CERT_PVK_FILE_PROP_ID 12 Interfaced -
CERT_RDN_ANY_TYPE 0 Interfaced -
CERT_RDN_BMP_STRING 12 Interfaced -
CERT_RDN_ENCODED_BLOB 1 Interfaced -
CERT_RDN_GENERAL_STRING 10 Interfaced -
CERT_RDN_GRAPHIC_STRING 8 Interfaced -
CERT_RDN_IA5_STRING 7 Interfaced -
CERT_RDN_INT4_STRING 11 Interfaced -
CERT_RDN_ISO646_STRING 9 Interfaced -
CERT_RDN_NUMERIC_STRING 3 Interfaced -
CERT_RDN_OCTET_STRING 2 Interfaced -
CERT_RDN_PRINTABLE_STRING 4 Interfaced -
CERT_RDN_T61_STRING 5 Interfaced -
CERT_RDN_TELETEX_STRING 5 Interfaced -
CERT_RDN_UNICODE_STRING 12 Interfaced -
CERT_RDN_UNIVERSAL_STRING 11 Interfaced -
CERT_RDN_VIDEOTEX_STRING 6 Interfaced -
CERT_RDN_VISIBLE_STRING 9 Interfaced -
CERT_REQUEST_V1 0 Interfaced
+-------------------------------------------------------------------------
  Certificate Request versions
--------------------------------------------------------------------------
CERT_RSA_PUBLIC_KEY_OBJID szOID_RSA_RSA Interfaced -
CERT_SET_KEY_CONTEXT_PROP_ID $00000001 Interfaced -
CERT_SET_KEY_PROV_HANDLE_PROP_ID $00000001 Interfaced -
CERT_SHA1_HASH_PROP_ID 3 Interfaced -
CERT_SIGNATURE_HASH_PROP_ID 15 Interfaced -
CERT_SIMPLE_NAME_STR 1 Interfaced
+-------------------------------------------------------------------------
  Certificate name string types
--------------------------------------------------------------------------
CERT_SMART_CARD_DATA_PROP_ID 16 Interfaced -
CERT_STORE_ADD_ALWAYS 4 Interfaced -
CERT_STORE_ADD_NEW 1 Interfaced
+-------------------------------------------------------------------------
 Add certificate/CRL, encoded, context or element disposition values.
--------------------------------------------------------------------------
CERT_STORE_ADD_NEWER 6 Interfaced -
CERT_STORE_ADD_NEWER_INHERIT_PROPERTIES 7 Interfaced -
CERT_STORE_ADD_REPLACE_EXISTING 3 Interfaced -
CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES 5 Interfaced -
CERT_STORE_ADD_USE_EXISTING 2 Interfaced -
CERT_STORE_ALL_CONTEXT_FLAG (not ULONG(0)) Interfaced
+-------------------------------------------------------------------------
  Certificate Store Context Bit Flags
--------------------------------------------------------------------------
CERT_STORE_CERTIFICATE_CONTEXT 1 Interfaced
+-------------------------------------------------------------------------
  Certificate Store Context Types
--------------------------------------------------------------------------
CERT_STORE_CERTIFICATE_CONTEXT_FLAG (1 shl CERT_STORE_CERTIFICATE_CONTEXT) Interfaced -
CERT_STORE_CRL_CONTEXT 2 Interfaced -
CERT_STORE_CRL_CONTEXT_FLAG (1 shl CERT_STORE_CRL_CONTEXT) Interfaced -
CERT_STORE_CTL_CONTEXT 3 Interfaced -
CERT_STORE_CTL_CONTEXT_FLAG (1 shl CERT_STORE_CTL_CONTEXT) Interfaced -
CERT_STORE_NO_CRL_FLAG $00010000 Interfaced -
CERT_STORE_NO_CRYPT_RELEASE_FLAG $00000001 Interfaced
+-------------------------------------------------------------------------
  Certificate Store open/property flags
--------------------------------------------------------------------------
CERT_STORE_NO_ISSUER_FLAG $00020000 Interfaced -
CERT_STORE_PROV_CLOSE_FUNC 0 Interfaced -
CERT_STORE_PROV_DELETE_CERT_FUNC 3 Interfaced -
CERT_STORE_PROV_DELETE_CRL_FUNC 7 Interfaced -
CERT_STORE_PROV_DELETE_CTL_FUNC 11 Interfaced -
CERT_STORE_PROV_FILE (LPCSTR(3)) Interfaced -
CERT_STORE_PROV_FILENAME CERT_STORE_PROV_FILENAME_W Interfaced -
CERT_STORE_PROV_FILENAME_A (LPCSTR(7)) Interfaced -
CERT_STORE_PROV_FILENAME_W (LPCSTR(8)) Interfaced -
CERT_STORE_PROV_MEMORY (LPCSTR(2)) Interfaced -
CERT_STORE_PROV_MSG (LPCSTR(1)) Interfaced -
CERT_STORE_PROV_PKCS7 (LPCSTR(5)) Interfaced -
CERT_STORE_PROV_READ_CERT_FUNC 1 Interfaced -
CERT_STORE_PROV_READ_CRL_FUNC 5 Interfaced -
CERT_STORE_PROV_READ_CTL_FUNC 9 Interfaced -
CERT_STORE_PROV_REG (LPCSTR(4)) Interfaced -
CERT_STORE_PROV_SERIALIZED (LPCSTR(6)) Interfaced -
CERT_STORE_PROV_SET_CERT_PROPERTY_FUNC 4 Interfaced -
CERT_STORE_PROV_SET_CRL_PROPERTY_FUNC 8 Interfaced -
CERT_STORE_PROV_SET_CTL_PROPERTY_FUNC 12 Interfaced -
CERT_STORE_PROV_SYSTEM CERT_STORE_PROV_SYSTEM_W Interfaced -
CERT_STORE_PROV_SYSTEM_A (LPCSTR(9)) Interfaced -
CERT_STORE_PROV_SYSTEM_W (LPCSTR(10)) Interfaced -
CERT_STORE_PROV_WRITE_ADD_FLAG $1 Interfaced -
CERT_STORE_PROV_WRITE_CERT_FUNC 2 Interfaced -
CERT_STORE_PROV_WRITE_CRL_FUNC 6 Interfaced -
CERT_STORE_PROV_WRITE_CTL_FUNC 10 Interfaced -
CERT_STORE_READONLY_FLAG $00008000 Interfaced -
CERT_STORE_REVOCATION_FLAG $00000004 Interfaced -
CERT_STORE_SAVE_AS_PKCS7 2 Interfaced -
CERT_STORE_SAVE_AS_STORE 1 Interfaced -
CERT_STORE_SAVE_TO_FILE 1 Interfaced -
CERT_STORE_SAVE_TO_FILENAME CERT_STORE_SAVE_TO_FILENAME_W Interfaced -
CERT_STORE_SAVE_TO_FILENAME_A 3 Interfaced -
CERT_STORE_SAVE_TO_FILENAME_W 4 Interfaced -
CERT_STORE_SAVE_TO_MEMORY 2 Interfaced -
CERT_STORE_SIGNATURE_FLAG $00000001 Interfaced
+-------------------------------------------------------------------------
  Certificate Store verify/results flags
--------------------------------------------------------------------------
CERT_STORE_TIME_VALIDITY_FLAG $00000002 Interfaced -
CERT_SYSTEM_STORE_CURRENT_USER $00010000 Interfaced -
CERT_SYSTEM_STORE_LOCAL_MACHINE $00020000 Interfaced -
CERT_SYSTEM_STORE_LOCATION_MASK $00030000 Interfaced
+-------------------------------------------------------------------------
  Certificate System Store Flag Values
--------------------------------------------------------------------------
 Location of the system store in the registry:
  HKEY_CURRENT_USER or HKEY_LOCAL_MACHINE
CERT_SYSTEM_STORE_MASK $FFFF0000 Interfaced JLI
CERT_TRUST_CTL_IS_NOT_SIGNATURE_VALID $00040000 Interfaced -
CERT_TRUST_CTL_IS_NOT_TIME_VALID $00020000 Interfaced -
CERT_TRUST_CTL_IS_NOT_VALID_FOR_USAGE $00080000 Interfaced -
CERT_TRUST_HAS_EXACT_MATCH_ISSUER $00000001 Interfaced These can be applied to certificates only
CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT $00008000 Interfaced -
CERT_TRUST_HAS_ISSUANCE_CHAIN_POLICY $00000200 Interfaced -
CERT_TRUST_HAS_KEY_MATCH_ISSUER $00000002 Interfaced -
CERT_TRUST_HAS_NAME_MATCH_ISSUER $00000004 Interfaced -
CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT $00002000 Interfaced -
CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT $00004000 Interfaced -
CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT $00001000 Interfaced -
CERT_TRUST_HAS_PREFERRED_ISSUER $00000100 Interfaced These can be applied to certificates and chains
CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS $00000400 Interfaced -
CERT_TRUST_INVALID_BASIC_CONSTRAINTS $00000400 Interfaced -
CERT_TRUST_INVALID_EXTENSION $00000100 Interfaced -
CERT_TRUST_INVALID_NAME_CONSTRAINTS $00000800 Interfaced -
CERT_TRUST_INVALID_POLICY_CONSTRAINTS $00000200 Interfaced -
CERT_TRUST_IS_COMPLEX_CHAIN $00010000 Interfaced These can be applied to chains only
CERT_TRUST_IS_CYCLIC $00000080 Interfaced -
CERT_TRUST_IS_NOT_SIGNATURE_VALID $00000008 Interfaced -
CERT_TRUST_IS_NOT_TIME_NESTED $00000002 Interfaced -
CERT_TRUST_IS_NOT_TIME_VALID $00000001 Interfaced -
CERT_TRUST_IS_NOT_VALID_FOR_USAGE $00000010 Interfaced -
CERT_TRUST_IS_OFFLINE_REVOCATION $01000000 Interfaced -
CERT_TRUST_IS_PARTIAL_CHAIN $00010000 Interfaced These can be applied to chains only
CERT_TRUST_IS_REVOKED $00000004 Interfaced -
CERT_TRUST_IS_SELF_SIGNED $00000008 Interfaced -
CERT_TRUST_IS_UNTRUSTED_ROOT $00000020 Interfaced -
CERT_TRUST_NO_ERROR $00000000 Interfaced -
CERT_TRUST_NO_ISSUANCE_CHAIN_POLICY $02000000 Interfaced -
CERT_TRUST_REVOCATION_STATUS_UNKNOWN $00000040 Interfaced -
CERT_UNICODE_ATTR_ERR_INDEX_MASK $003F Interfaced -
CERT_UNICODE_ATTR_ERR_INDEX_SHIFT 16 Interfaced -
CERT_UNICODE_IS_RDN_ATTRS_FLAG $1 Interfaced -
CERT_UNICODE_RDN_ERR_INDEX_MASK $3FF Interfaced -
CERT_UNICODE_RDN_ERR_INDEX_SHIFT 22 Interfaced -
CERT_UNICODE_VALUE_ERR_INDEX_MASK $0000FFFF Interfaced -
CERT_UNICODE_VALUE_ERR_INDEX_SHIFT 0 Interfaced -
CERT_V1 0 Interfaced -
CERT_V2 1 Interfaced -
CERT_V3 2 Interfaced -
CERT_VERIFY_ALLOW_MORE_USAGE_FLAG $8 Interfaced -
CERT_VERIFY_INHIBIT_CTL_UPDATE_FLAG $1 Interfaced -
CERT_VERIFY_NO_TIME_CHECK_FLAG $4 Interfaced -
CERT_VERIFY_REV_CHAIN_FLAG $1 Interfaced
+-------------------------------------------------------------------------
  When the following flag is set, rgpvContext[] consists of a chain
  of certificates, where rgpvContext[i + 1] is the issuer of rgpvContext[i].
--------------------------------------------------------------------------
CERT_VERIFY_REV_SERVER_OCSP_FLAG $8 Interfaced
+-------------------------------------------------------------------------
  When the following flag is set, only OCSP responses are used for
  doing revocation checking. If the certificate doesn't have any
  OCSP AIA URLs, dwError is set to CRYPT_E_NOT_IN_REVOCATION_DATABASE.
--------------------------------------------------------------------------
CERT_VERIFY_TRUSTED_SIGNERS_FLAG $2 Interfaced -
CERT_VERIFY_UPDATED_CTL_FLAG $1 Interfaced -
CERT_X500_NAME_STR 3 Interfaced -
CMSG_ALL_FLAGS (not ULONG(0)) Interfaced
+-------------------------------------------------------------------------
  Message Type Bit Flags
--------------------------------------------------------------------------
CMSG_AUTHENTICATED_ATTRIBUTES_FLAG $00000008 Interfaced -
CMSG_BARE_CONTENT_FLAG $00000001 Interfaced -
CMSG_BARE_CONTENT_PARAM 3 Interfaced -
CMSG_CERT_COUNT_PARAM 11 Interfaced -
CMSG_CERT_PARAM 12 Interfaced -
CMSG_COMPUTED_HASH_PARAM 22 Interfaced -
CMSG_CONTENT_PARAM 2 Interfaced -
CMSG_CONTENTS_OCTETS_FLAG $00000010 Interfaced -
CMSG_CRL_COUNT_PARAM 13 Interfaced -
CMSG_CRL_PARAM 14 Interfaced -
CMSG_CTRL_ADD_CERT 10 Interfaced -
CMSG_CTRL_ADD_CRL 12 Interfaced -
CMSG_CTRL_ADD_SIGNER 6 Interfaced -
CMSG_CTRL_ADD_SIGNER_UNAUTH_ATTR 8 Interfaced -
CMSG_CTRL_DECRYPT 2 Interfaced -
CMSG_CTRL_DEL_CERT 11 Interfaced -
CMSG_CTRL_DEL_CRL 13 Interfaced -
CMSG_CTRL_DEL_SIGNER 7 Interfaced -
CMSG_CTRL_DEL_SIGNER_UNAUTH_ATTR 9 Interfaced -
CMSG_CTRL_VERIFY_HASH 5 Interfaced -
CMSG_CTRL_VERIFY_SIGNATURE 1 Interfaced -
CMSG_DATA 1 Interfaced -
CMSG_DATA_FLAG (1 shl CMSG_DATA) Interfaced -
CMSG_DETACHED_FLAG $00000004 Interfaced -
CMSG_ENCODED_MESSAGE 29 Interfaced -
CMSG_ENCODED_SIGNER 28 Interfaced -
CMSG_ENCODING_TYPE_MASK $FFFF0000 Interfaced -
CMSG_ENCRYPT_PARAM 26 Interfaced -
CMSG_ENCRYPTED 6 Interfaced -
CMSG_ENCRYPTED_DIGEST 27 Interfaced -
CMSG_ENCRYPTED_FLAG (1 shl CMSG_ENCRYPTED) Interfaced -
CMSG_ENVELOPE_ALGORITHM_PARAM 15 Interfaced -
CMSG_ENVELOPED 3 Interfaced -
CMSG_ENVELOPED_FLAG (1 shl CMSG_ENVELOPED) Interfaced -
CMSG_HASH_ALGORITHM_PARAM 20 Interfaced -
CMSG_HASH_DATA_PARAM 21 Interfaced -
CMSG_HASHED 5 Interfaced -
CMSG_HASHED_FLAG (1 shl CMSG_HASHED) Interfaced -
CMSG_INDEFINITE_LENGTH ($FFFFFFFF) Interfaced -
CMSG_INNER_CONTENT_TYPE_PARAM 4 Interfaced -
CMSG_LENGTH_ONLY_FLAG $00000002 Interfaced -
CMSG_MAX_LENGTH_FLAG $00000020 Interfaced -
CMSG_OID_EXPORT_ENCRYPT_KEY_FUNC 'CryptMsgDllExportEncryptKey' Interfaced -
CMSG_OID_GEN_ENCRYPT_KEY_FUNC 'CryptMsgDllGenEncryptKey' Interfaced -
CMSG_OID_IMPORT_ENCRYPT_KEY_FUNC 'CryptMsgDllImportEncryptKey' Interfaced -
CMSG_RECIPIENT_COUNT_PARAM 17 Interfaced -
CMSG_RECIPIENT_INDEX_PARAM 18 Interfaced -
CMSG_RECIPIENT_INFO_PARAM 19 Interfaced -
CMSG_SIGNED 2 Interfaced -
CMSG_SIGNED_AND_ENVELOPED 4 Interfaced -
CMSG_SIGNED_AND_ENVELOPED_FLAG (1 shl CMSG_SIGNED_AND_ENVELOPED) Interfaced -
CMSG_SIGNED_FLAG (1 shl CMSG_SIGNED) Interfaced -
CMSG_SIGNER_AUTH_ATTR_PARAM 9 Interfaced -
CMSG_SIGNER_CERT_INFO_PARAM 7 Interfaced -
CMSG_SIGNER_COUNT_PARAM 5 Interfaced -
CMSG_SIGNER_HASH_ALGORITHM_PARAM 8 Interfaced -
CMSG_SIGNER_INFO_PARAM 6 Interfaced -
CMSG_SIGNER_ONLY_FLAG $2 Interfaced -
CMSG_SIGNER_UNAUTH_ATTR_PARAM 10 Interfaced -
CMSG_TRUSTED_SIGNER_FLAG $1 Interfaced -
CMSG_TYPE_PARAM 1 Interfaced -
CMSG_USE_SIGNER_INDEX_FLAG $4 Interfaced -
CRL_DIST_POINT_ERR_CRL_ISSUER_BIT (DWORD($80000000)) Interfaced -
CRL_DIST_POINT_ERR_INDEX_MASK $7F Interfaced -
CRL_DIST_POINT_ERR_INDEX_SHIFT 24 Interfaced -
CRL_DIST_POINT_FULL_NAME 1 Interfaced -
CRL_DIST_POINT_ISSUER_RDN_NAME 2 Interfaced -
CRL_DIST_POINT_NO_NAME 0 Interfaced -
CRL_REASON_AFFILIATION_CHANGED 3 Interfaced -
CRL_REASON_AFFILIATION_CHANGED_FLAG $10 Interfaced -
CRL_REASON_CA_COMPROMISE 2 Interfaced -
CRL_REASON_CA_COMPROMISE_FLAG $20 Interfaced -
CRL_REASON_CERTIFICATE_HOLD 6 Interfaced -
CRL_REASON_CERTIFICATE_HOLD_FLAG $02 Interfaced -
CRL_REASON_CESSATION_OF_OPERATION 5 Interfaced -
CRL_REASON_CESSATION_OF_OPERATION_FLAG $04 Interfaced -
CRL_REASON_KEY_COMPROMISE 1 Interfaced -
CRL_REASON_KEY_COMPROMISE_FLAG $40 Interfaced -
CRL_REASON_REMOVE_FROM_CRL 8 Interfaced -
CRL_REASON_SUPERSEDED 4 Interfaced -
CRL_REASON_SUPERSEDED_FLAG $08 Interfaced -
CRL_REASON_UNSPECIFIED 0 Interfaced -
CRL_REASON_UNUSED_FLAG $80 Interfaced -
CRL_V1 0 Interfaced -
CRL_V2 1 Interfaced -
CRYPT_ASN_ENCODING $00000001 Interfaced -
CRYPT_CREATE_IV $00000200 Interfaced -
CRYPT_CREATE_SALT $00000004 Interfaced -
CRYPT_DATA_KEY $00000800 Interfaced -
CRYPT_DECODE_NOCOPY_FLAG $1 Interfaced -
CRYPT_DECRYPT $0002 Interfaced Allow decryption
CRYPT_DEFAULT_OID 'DEFAULT' Interfaced OID used for Default OID functions
CRYPT_DELETE_DEFAULT $00000004 Interfaced -
CRYPT_DELETEKEYSET $00000010 Interfaced -
CRYPT_ENCODE_DECODE_NONE 0 Interfaced
+-------------------------------------------------------------------------
  Predefined X509 certificate data structures that can be encoded / decoded.
--------------------------------------------------------------------------
CRYPT_ENCRYPT $0001 Interfaced
KP_PERMISSIONS

 Allow encryption
CRYPT_ENCRYPT_ALG_OID_GROUP_ID 2 Interfaced -
CRYPT_ENHKEY_USAGE_OID_GROUP_ID 7 Interfaced -
CRYPT_EXPORT $0004 Interfaced Allow key to be exported
CRYPT_EXPORT_KEY $0040 Interfaced Allow key to be used for exporting keys
CRYPT_EXPORTABLE $00000001 Interfaced DwFlag definitions for CryptGenKey
CRYPT_EXT_OR_ATTR_OID_GROUP_ID 6 Interfaced -
CRYPT_FAILED FALSE Interfaced -
CRYPT_FIRST 1 Interfaced -
CRYPT_FIRST_ALG_OID_GROUP_ID CRYPT_HASH_ALG_OID_GROUP_ID Interfaced -
CRYPT_FLAG_PCT1 $0001 Interfaced Protocol flags
CRYPT_FLAG_SSL2 $0002 Interfaced -
CRYPT_FLAG_SSL3 $0004 Interfaced -
CRYPT_FLAG_TLS1 $0008 Interfaced -
CRYPT_HASH_ALG_OID_GROUP_ID 1 Interfaced -
CRYPT_IMPL_HARDWARE 1 Interfaced -
CRYPT_IMPL_MIXED 3 Interfaced -
CRYPT_IMPL_SOFTWARE 2 Interfaced -
CRYPT_IMPL_UNKNOWN 4 Interfaced -
CRYPT_IMPORT_KEY $0080 Interfaced Allow key to be used for importing keys
CRYPT_INITIATOR $00000040 Interfaced -
CRYPT_INSTALL_OID_FUNC_BEFORE_FLAG 1 Interfaced -
CRYPT_INSTALL_OID_INFO_BEFORE_FLAG 1 Interfaced -
CRYPT_KEK $00000400 Interfaced -
CRYPT_LAST_ALG_OID_GROUP_ID CRYPT_SIGN_ALG_OID_GROUP_ID Interfaced -
CRYPT_LAST_OID_GROUP_ID 8 Interfaced -
CRYPT_LITTLE_ENDIAN $00000001 Interfaced DwFlags definitions for CryptHashSessionKey
CRYPT_MAC $0020 Interfaced Allow MACs to be used with key
CRYPT_MACHINE_DEFAULT $00000001 Interfaced DwFlag definitions for CryptSetProviderEx and CryptGetDefaultProvider
CRYPT_MACHINE_KEYSET $00000020 Interfaced -
CRYPT_MATCH_ANY_ENCODING_TYPE $FFFFFFFF Interfaced -
CRYPT_MESSAGE_BARE_CONTENT_OUT_FLAG $1 Interfaced -
CRYPT_MODE_CBC 1 Interfaced
KP_MODE

 Cipher block chaining
CRYPT_MODE_CBCI 6 {ANSI CBC Interleaved} Interfaced
KP_MODE

ANSI CBC Interleaved
CRYPT_MODE_CBCOFM 9 {ANSI CBC + OF Masking} Interfaced ANSI CBC + OF Masking
CRYPT_MODE_CBCOFMI 10 {ANSI CBC + OFM Interleaved} Interfaced ANSI CBC + OFM Interleaved
CRYPT_MODE_CFB 4 Interfaced Cipher feedback mode
CRYPT_MODE_CFBP 7 {ANSI CFB Pipelined} Interfaced ANSI CFB Pipelined
CRYPT_MODE_CTS 5 Interfaced Ciphertext stealing mode
CRYPT_MODE_ECB 2 Interfaced Electronic code book
CRYPT_MODE_OFB 3 Interfaced Output feedback mode
CRYPT_MODE_OFBP 8 {ANSI OFB Pipelined} Interfaced ANSI OFB Pipelined
CRYPT_NDR_ENCODING $00000002 Interfaced -
CRYPT_NEWKEYSET $00000008 Interfaced -
CRYPT_NEXT 2 Interfaced -
CRYPT_NO_SALT $00000010 Interfaced -
CRYPT_OID_CREATE_COM_OBJECT_FUNC 'CryptDllCreateCOMObject' Interfaced -
CRYPT_OID_DECODE_OBJECT_FUNC 'CryptDllDecodeObject' Interfaced -
CRYPT_OID_ENCODE_OBJECT_FUNC 'CryptDllEncodeObject' Interfaced -
CRYPT_OID_EXPORT_PUBLIC_KEY_INFO_FUNC 'CryptDllExportPublicKeyInfoEx' Interfaced
+-------------------------------------------------------------------------
  Export the public key info associated with the provider's corresponding
  private key.
  Uses the dwCertEncodingType and pszPublicKeyObjId to call the
  installable CRYPT_OID_EXPORT_PUBLIC_KEY_INFO_FUNC. The called function
  has the same signature as CryptExportPublicKeyInfoEx.
  If unable to find an installable OID function for the pszPublicKeyObjId,
  attempts to export as a RSA Public Key (szOID_RSA_RSA).
  The dwFlags and pvAuxInfo aren't used for szOID_RSA_RSA.
--------------------------------------------------------------------------
CRYPT_OID_FIND_OID_INFO_FUNC 'CryptDllFindOIDInfo' Interfaced -
CRYPT_OID_FORMAT_OBJECT_FUNC 'CryptDllFormatObject' Interfaced -
CRYPT_OID_IMPORT_PUBLIC_KEY_INFO_FUNC 'CryptDllImportPublicKeyInfoEx' Interfaced
+-------------------------------------------------------------------------
  Convert and import the public key info into the provider and return a
  handle to the public key.
  Uses the dwCertEncodingType and pInfo->Algorithm.pszObjId to call the
  installable CRYPT_OID_IMPORT_PUBLIC_KEY_INFO_FUNC. The called function
  has the same signature as CryptImportPublicKeyInfoEx.
  If unable to find an installable OID function for the pszObjId,
  attempts to import as a RSA Public Key (szOID_RSA_RSA).
  For szOID_RSA_RSA: aiKeyAlg may be set to CALG_RSA_SIGN or CALG_RSA_KEYX.
  Defaults to CALG_RSA_KEYX. The dwFlags and pvAuxInfo aren't used.
--------------------------------------------------------------------------
CRYPT_OID_INFO_ALGID_KEY 3 Interfaced -
CRYPT_OID_INFO_NAME_KEY 2 Interfaced -
CRYPT_OID_INFO_OID_KEY 1 Interfaced -
CRYPT_OID_INFO_SIGN_KEY 4 Interfaced -
CRYPT_OID_INHIBIT_SIGNATURE_FORMAT_FLAG $1 Interfaced
CRYPT_PUBKEY_ALG_OID_GROUP_ID has the following optional ExtraInfo:
  DWORD[0] - Flags. CRYPT_OID_INHIBIT_SIGNATURE_FORMAT_FLAG can be set to
             inhibit the reformatting of the signature before
             CryptVerifySignature is called or after CryptSignHash
             is called. CRYPT_OID_USE_PUBKEY_PARA_FOR_PKCS7_FLAG can
             be set to include the public key algorithm's parameters
             in the PKCS7's digestEncryptionAlgorithm's parameters.
CRYPT_OID_OPEN_STORE_PROV_FUNC 'CertDllOpenStoreProv' Interfaced -
CRYPT_OID_REG_DLL_VALUE_NAME WideString('Dll') Interfaced -
CRYPT_OID_REG_ENCODING_TYPE_PREFIX 'EncodingType ' Interfaced -
CRYPT_OID_REG_FUNC_NAME_VALUE_NAME WideString('FuncName') Interfaced -
CRYPT_OID_REG_FUNC_NAME_VALUE_NAME_A 'FuncName' Interfaced -
CRYPT_OID_REGPATH 'Software\\Microsoft\\Cryptography\\OID' Interfaced -
CRYPT_OID_USE_PUBKEY_PARA_FOR_PKCS7_FLAG $2 Interfaced -
CRYPT_OID_VERIFY_CERTIFICATE_CHAIN_POLICY_FUNC Interfaced Predefined OID Function Names
CRYPT_OID_VERIFY_CTL_USAGE_FUNC 'CertDllVerifyCTLUsage' Interfaced -
CRYPT_OID_VERIFY_REVOCATION_FUNC 'CertDllVerifyRevocation' Interfaced -
CRYPT_ONLINE $00000080 Interfaced -
CRYPT_POLICY_OID_GROUP_ID 8 Interfaced -
CRYPT_PREGEN $00000040 Interfaced -
CRYPT_PSTORE $00000002 Interfaced -
CRYPT_PUBKEY_ALG_OID_GROUP_ID 3 Interfaced -
CRYPT_RC2_128BIT_VERSION 58 Interfaced -
CRYPT_RC2_40BIT_VERSION 160 Interfaced -
CRYPT_RC2_64BIT_VERSION 120 Interfaced -
CRYPT_RDN_ATTR_OID_GROUP_ID 5 Interfaced -
CRYPT_READ $0008 Interfaced Allow parameters to be read
CRYPT_RECIPIENT $00000010 Interfaced -
CRYPT_REGISTER_FIRST_INDEX 0 Interfaced -
CRYPT_REGISTER_LAST_INDEX $FFFFFFFF Interfaced -
CRYPT_SEC_DESCR $00000001 Interfaced Key storage flags
CRYPT_SERVER $00000400 Interfaced DwFlags definitions for CryptDeriveKey
CRYPT_SF $00000100 Interfaced -
CRYPT_SIGN_ALG_OID_GROUP_ID 4 Interfaced -
CRYPT_SSL2_SLUMMING $00000002 Interfaced -
CRYPT_SUCCEED TRUE Interfaced -
CRYPT_UI_PROMPT $00000004 Interfaced -
CRYPT_UPDATE_KEY $00000008 Interfaced -
CRYPT_USER_DEFAULT $00000002 Interfaced -
CRYPT_USER_PROTECTED $00000002 Interfaced -
CRYPT_USERDATA 1 Interfaced -
CRYPT_VERIFYCONTEXT $F0000000 Interfaced DwFlags definitions for CryptAcquireContext
CRYPT_WRITE $0010 Interfaced Allow parameters to be set
CRYPT_Y_ONLY $00000001 Interfaced DwFlag definitions for CryptExportKey
CRYPT32 'crypt32.dll' Interfaced -
CTL_ANY_SUBJECT_TYPE 1 Interfaced
Subject Types:
  CTL_ANY_SUBJECT_TYPE, pvSubject points to following CTL_ANY_SUBJECT_INFO.
  CTL_CERT_SUBJECT_TYPE, pvSubject points to CERT_CONTEXT.
CTL_CERT_SUBJECT_TYPE 2 Interfaced -
CTL_FIND_ANY 0 Interfaced -
CTL_FIND_MD5_HASH 2 Interfaced -
CTL_FIND_NO_LIST_ID_CBDATA $FFFFFFFF Interfaced -
CTL_FIND_NO_SIGNER_PTR (PCERT_INFO($FFFFFFFF)) Interfaced -
CTL_FIND_SAME_USAGE_FLAG $1 Interfaced -
CTL_FIND_SHA1_HASH 1 Interfaced -
CTL_FIND_SUBJECT 4 Interfaced -
CTL_FIND_USAGE 3 Interfaced -
CTL_V1 0 Interfaced -
CUR_BLOB_VERSION 2 Interfaced -
HCCE_CURRENT_USER HCERTCHAINENGINE(nil) Interfaced -
HCCE_LOCAL_MACHINE HCERTCHAINENGINE($01) Interfaced -
HP_ALGID $0001 Interfaced Hash algorithm
HP_HASHSIZE $0004 Interfaced Hash value size
HP_HASHVAL $0002 Interfaced Hash value
HP_HMAC_INFO $0005 Interfaced Information for creating an HMAC
KEY_LENGTH_MASK $FFFF0000 Interfaced -
KP_ALGID 7 Interfaced Key algorithm
KP_BLOCKLEN 8 Interfaced Block size of the cipher
KP_CERTIFICATE 26 Interfaced For setting Secure Channel certificate data (PCT1)
KP_CLEAR_KEY 27 Interfaced For setting Secure Channel clear key data (PCT1)
KP_CLIENT_RANDOM 21 Interfaced For setting the Secure Channel client random data
KP_EFFECTIVE_KEYLEN 19 Interfaced Setting and getting RC2 effective key length
KP_G 12 Interfaced DSS/Diffie-Hellman G value
KP_INFO 18 Interfaced For putting information into an RSA envelope
KP_IV 1 Interfaced
DwParam

 Initialization vector
KP_KEYLEN 9 Interfaced Length of key in bits
KP_MODE 4 Interfaced Mode of the cipher
KP_MODE_BITS 5 Interfaced Number of bits to feedback
KP_P 11 Interfaced DSS/Diffie-Hellman P value
KP_PADDING 3 Interfaced Padding values
KP_PERMISSIONS 6 Interfaced Key permissions DWORD
KP_PRECOMP_MD5 24 Interfaced -
KP_PRECOMP_SHA 25 Interfaced -
KP_PUB_EX_LEN 28 Interfaced -
KP_PUB_EX_VAL 29 Interfaced -
KP_Q 13 Interfaced DSS Q value
KP_RA 16 Interfaced Fortezza RA value
KP_RB 17 Interfaced Fortezza RB value
KP_RP 23 Interfaced -
KP_SALT 2 Interfaced Salt value
KP_SALT_EX 10 Interfaced Length of salt in bytes
KP_SCHANNEL_ALG 20 Interfaced For setting the Secure Channel algorithms
KP_SERVER_RANDOM 22 Interfaced For setting the Secure Channel server random data
KP_X 14 Interfaced Diffie-Hellman X value
KP_Y 15 Interfaced Y value
MAXUIDLEN 64 Interfaced -
MS_DEF_DSS_DH_PROV MS_DEF_DSS_DH_PROV_W Interfaced -
MS_DEF_DSS_DH_PROV_A 'Microsoft Base DSS and Diffie-Hellman Cryptographic Provider' Interfaced -
MS_DEF_DSS_DH_PROV_W WideString('Microsoft Base DSS and Diffie-Hellman Cryptographic Provider') Interfaced -
MS_DEF_DSS_PROV MS_DEF_DSS_PROV_W Interfaced -
MS_DEF_DSS_PROV_A 'Microsoft Base DSS Cryptographic Provider' Interfaced -
MS_DEF_DSS_PROV_W WideString('Microsoft Base DSS Cryptographic Provider') Interfaced -
MS_DEF_PROV MS_DEF_PROV_W Interfaced -
MS_DEF_PROV_A 'Microsoft Base Cryptographic Provider v1.0' Interfaced Provider friendly names
MS_DEF_PROV_W WideString( 'Microsoft Base Cryptographic Provider v1.0') Interfaced -
MS_DEF_RSA_SCHANNEL_PROV MS_DEF_RSA_SCHANNEL_PROV_W Interfaced -
MS_DEF_RSA_SCHANNEL_PROV_A 'Microsoft Base RSA SChannel Cryptographic Provider' Interfaced -
MS_DEF_RSA_SCHANNEL_PROV_W WideString('Microsoft Base RSA SChannel Cryptographic Provider') Interfaced -
MS_DEF_RSA_SIG_PROV MS_DEF_RSA_SIG_PROV_W Interfaced -
MS_DEF_RSA_SIG_PROV_A 'Microsoft RSA Signature Cryptographic Provider' Interfaced -
MS_DEF_RSA_SIG_PROV_W WideString('Microsoft RSA Signature Cryptographic Provider') Interfaced -
MS_ENH_RSA_AES_PROV_A 'Microsoft Enhanced RSA and AES Cryptographic Provider' Interfaced -
MS_ENH_RSA_AES_PROV_XP_A 'Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)' Interfaced -
MS_ENHANCED_PROV MS_ENHANCED_PROV_W Interfaced -
MS_ENHANCED_PROV_A 'Microsoft Enhanced Cryptographic Provider v1.0' Interfaced -
MS_ENHANCED_PROV_W WideString('Microsoft Enhanced Cryptographic Provider v1.0') Interfaced -
MS_ENHANCED_RSA_SCHANNEL_PROV MS_ENHANCED_RSA_SCHANNEL_PROV_W Interfaced -
MS_ENHANCED_RSA_SCHANNEL_PROV_A 'Microsoft Enhanced RSA SChannel Cryptographic Provider' Interfaced -
MS_ENHANCED_RSA_SCHANNEL_PROV_W WideString('Microsoft Enhanced RSA SChannel Cryptographic Provider') Interfaced -
MS_STRONG_PROV_A 'Microsoft Strong Cryptographic Provider' Interfaced Added Sept 2010 source Windows 7 SDK
NETSCAPE_SSL_CA_CERT_TYPE $04 Interfaced -
NETSCAPE_SSL_CLIENT_AUTH_CERT_TYPE $80 Interfaced -
NETSCAPE_SSL_SERVER_AUTH_CERT_TYPE $40 Interfaced -
PKCS_7_ASN_ENCODING $00010000 Interfaced -
PKCS_7_NDR_ENCODING $00020000 Interfaced -
PKCS_ATTRIBUTE (LPCSTR(22)) Interfaced -
PKCS_CONTENT_INFO (LPCSTR(33)) Interfaced -
PKCS_CONTENT_INFO_SEQUENCE_OF_ANY (LPCSTR(23)) Interfaced -
PKCS_CTL (LPCSTR(37)) Interfaced -
PKCS_RC2_CBC_PARAMETERS (LPCSTR(41)) Interfaced -
PKCS_SMIME_CAPABILITIES (LPCSTR(42)) Interfaced -
PKCS_TIME_REQUEST (LPCSTR(18)) Interfaced -
PKCS_UTC_TIME (LPCSTR(17)) Interfaced
+-------------------------------------------------------------------------
  Additional predefined data structures that can be encoded / decoded.
--------------------------------------------------------------------------
PKCS5_PADDING 1 {PKCS 5 (sec 6.2) padding method} Interfaced
KP_PADDING

PKCS 5 (sec 6.2) padding method
PKCS7_SIGNER_INFO (LPCSTR(500)) Interfaced
+-------------------------------------------------------------------------
  Predefined PKCS #7 data structures that can be encoded / decoded.
--------------------------------------------------------------------------
PLAINTEXTKEYBLOB $8 Interfaced -
PP_APPLI_CERT 18 Interfaced -
PP_CERTCHAIN 9 Interfaced For retrieving certificates from tokens
PP_CHANGE_PASSWORD 7 Interfaced -
PP_CLIENT_HWND 1 Interfaced CryptSetProvParam
PP_CONTAINER 6 Interfaced -
PP_CONTEXT_INFO 11 Interfaced -
PP_DELETEKEY 24 Interfaced -
PP_ENUMALGS 1 Interfaced CryptGetProvParam
PP_ENUMALGS_EX 22 Interfaced -
PP_ENUMCONTAINERS 2 Interfaced -
PP_IMPTYPE 3 Interfaced -
PP_KEY_TYPE_SUBTYPE 10 Interfaced -
PP_KEYEXCHANGE_ALG 14 Interfaced -
PP_KEYEXCHANGE_KEYSIZE 12 Interfaced -
PP_KEYSET_SEC_DESCR 8 Interfaced Get/set security descriptor of keyset
PP_KEYSTORAGE 17 Interfaced -
PP_NAME 4 Interfaced -
PP_PROVTYPE 16 Interfaced -
PP_SESSION_KEYSIZE 20 Interfaced -
PP_SIGNATURE_ALG 15 Interfaced -
PP_SIGNATURE_KEYSIZE 13 Interfaced -
PP_SIGNATURE_PIN 33 Interfaced -
PP_SYM_KEYSIZE 19 Interfaced -
PP_UI_PROMPT 21 Interfaced -
PP_VERSION 5 Interfaced -
PRIVATEKEYBLOB $7 Interfaced -
PROV_DSS 3 Interfaced -
PROV_DSS_DH 13 Interfaced -
PROV_EC_ECDSA_FULL 16 Interfaced -
PROV_EC_ECDSA_SIG 14 Interfaced -
PROV_EC_ECNRA_FULL 17 Interfaced -
PROV_EC_ECNRA_SIG 15 Interfaced -
PROV_FORTEZZA 4 Interfaced -
PROV_MS_EXCHANGE 5 Interfaced -
PROV_RSA_AES 24 Interfaced Added Sept 2010 source Windows 7 SDK.
PROV_RSA_FULL 1 Interfaced -
PROV_RSA_SCHANNEL 12 Interfaced -
PROV_RSA_SIG 2 Interfaced -
PROV_SPYRUS_LYNKS 20 Interfaced -
PROV_SSL 6 Interfaced -
PROV_STT_ACQ 8 Interfaced -
PROV_STT_BRND 9 Interfaced -
PROV_STT_ISS 11 Interfaced -
PROV_STT_MER 7 Interfaced STT defined Providers
PROV_STT_ROOT 10 Interfaced -
PUBLICKEYBLOB $6 Interfaced -
RANDOM_PADDING 2 Interfaced -
REVOCATION_OID_CRL_REVOCATION LPCSTR('1') Interfaced CRL Revocation OID
RSA_CSP_PUBLICKEYBLOB (LPCSTR(19)) Interfaced -
SCHANNEL_ENC_KEY $00000001 Interfaced -
SCHANNEL_MAC_KEY $00000000 Interfaced -
SIMPLEBLOB $1 Interfaced Exported key blob definitions
SOFTPUB 'softpub.dll' Interfaced -
sz_CERT_STORE_PROV_FILENAME sz_CERT_STORE_PROV_FILENAME_W Interfaced -
sz_CERT_STORE_PROV_FILENAME_W 'File' Interfaced -
sz_CERT_STORE_PROV_MEMORY 'Memory' Interfaced -
sz_CERT_STORE_PROV_PKCS7 'PKCS7' Interfaced -
sz_CERT_STORE_PROV_SERIALIZED 'Serialized' Interfaced -
sz_CERT_STORE_PROV_SYSTEM sz_CERT_STORE_PROV_SYSTEM_W Interfaced -
sz_CERT_STORE_PROV_SYSTEM_W 'System' Interfaced -
szOID_AUTHORITY_INFO_ACCESS '1.3.6.1.5.5.7.2' Interfaced -
szOID_AUTHORITY_KEY_IDENTIFIER '2.5.29.1' Interfaced -
szOID_AUTHORITY_KEY_IDENTIFIER2 '2.5.29.35' Interfaced -
szOID_AUTHORITY_REVOCATION_LIST '2.5.4.38' Interfaced -
szOID_BASIC_CONSTRAINTS '2.5.29.10' Interfaced -
szOID_BASIC_CONSTRAINTS2 '2.5.29.19' Interfaced -
szOID_BUSINESS_CATEGORY '2.5.4.15' Interfaced Case-ignore string
szOID_CA_CERTIFICATE '2.5.4.37' Interfaced -
szOID_CERT_EXTENSIONS '1.3.6.1.4.1.311.2.1.14' Interfaced Microsoft extensions or attributes
szOID_CERT_POLICIES '2.5.29.32' Interfaced -
szOID_CERTIFICATE_REVOCATION_LIST '2.5.4.39' Interfaced -
szOID_COMMON_NAME '2.5.4.3' Interfaced Case-ignore string
szOID_COUNTRY_NAME '2.5.4.6' Interfaced
Geographic attribute types:

 printable 2char string
szOID_CRL_DIST_POINTS '2.5.29.31' Interfaced -
szOID_CRL_REASON_CODE '2.5.29.21' Interfaced -
szOID_CROSS_CERTIFICATE_PAIR '2.5.4.40' Interfaced -
szOID_CTL '1.3.6.1.4.1.311.10.1' Interfaced Microsoft PKCS #7 ContentType Object Identifiers
szOID_DESCRIPTION '2.5.4.13' Interfaced
Explanatory attribute types:

 case-ignore string
szOID_DESTINATION_INDICATOR '2.5.4.27' Interfaced Printable string
szOID_DEVICE_SERIAL_NUMBER '2.5.4.5' Interfaced Printable string
szOID_DOMAIN_COMPONENT '0.9.2342.19200300.100.1.25' Interfaced
Pilot user attribute types:

 IA5 string
szOID_DS '2.5' Interfaced ITU-T UsefulDefinitions
szOID_DSALG '2.5.8' Interfaced -
szOID_DSALG_CRPT '2.5.8.1' Interfaced -
szOID_DSALG_HASH '2.5.8.2' Interfaced -
szOID_DSALG_RSA '2.5.8.1.1' Interfaced -
szOID_DSALG_SIGN '2.5.8.3' Interfaced -
szOID_ENHANCED_KEY_USAGE '2.5.29.37' Interfaced -
szOID_FACSIMILE_TELEPHONE_NUMBER '2.5.4.23' Interfaced -
szOID_GIVEN_NAME '2.5.4.42' Interfaced
Undocumented attribute types???
#define szOID_???                         '2.5.4.41'

 case-ignore string
szOID_ID1 '0.9.2342.19200300.100.1.1' Interfaced -
szOID_INFOSEC '2.16.840.1.101.2.1' Interfaced
INFOSEC Algorithms
 joint-iso-ccitt(2) country(16) us(840) organization(1) us-government(101) dod(2) id-infosec(1)
szOID_INFOSEC_mosaicConfidentiality '2.16.840.1.101.2.1.1.4' Interfaced -
szOID_INFOSEC_mosaicIntegrity '2.16.840.1.101.2.1.1.6' Interfaced -
szOID_INFOSEC_mosaicKeyManagement '2.16.840.1.101.2.1.1.10' Interfaced -
szOID_INFOSEC_mosaicKMandSig '2.16.840.1.101.2.1.1.12' Interfaced -
szOID_INFOSEC_mosaicKMandUpdSig '2.16.840.1.101.2.1.1.20' Interfaced -
szOID_INFOSEC_mosaicSignature '2.16.840.1.101.2.1.1.2' Interfaced -
szOID_INFOSEC_mosaicTokenProtection '2.16.840.1.101.2.1.1.8' Interfaced -
szOID_INFOSEC_mosaicUpdatedInteg '2.16.840.1.101.2.1.1.21' Interfaced -
szOID_INFOSEC_mosaicUpdatedSig '2.16.840.1.101.2.1.1.19' Interfaced -
szOID_INFOSEC_sdnsConfidentiality '2.16.840.1.101.2.1.1.3' Interfaced -
szOID_INFOSEC_sdnsIntegrity '2.16.840.1.101.2.1.1.5' Interfaced -
szOID_INFOSEC_sdnsKeyManagement '2.16.840.1.101.2.1.1.9' Interfaced -
szOID_INFOSEC_sdnsKMandSig '2.16.840.1.101.2.1.1.11' Interfaced -
szOID_INFOSEC_sdnsSignature '2.16.840.1.101.2.1.1.1' Interfaced -
szOID_INFOSEC_sdnsTokenProtection '2.16.840.1.101.2.1.1.7' Interfaced -
szOID_INFOSEC_SuiteAConfidentiality '2.16.840.1.101.2.1.1.14' Interfaced -
szOID_INFOSEC_SuiteAIntegrity '2.16.840.1.101.2.1.1.15' Interfaced -
szOID_INFOSEC_SuiteAKeyManagement '2.16.840.1.101.2.1.1.17' Interfaced -
szOID_INFOSEC_SuiteAKMandSig '2.16.840.1.101.2.1.1.18' Interfaced -
szOID_INFOSEC_SuiteASignature '2.16.840.1.101.2.1.1.13' Interfaced -
szOID_INFOSEC_SuiteATokenProtection '2.16.840.1.101.2.1.1.16' Interfaced -
szOID_INITIALS '2.5.4.43' Interfaced Case-ignore string
szOID_INTERNATIONAL_ISDN_NUMBER '2.5.4.25' Interfaced Numeric string
szOID_ISSUER_ALT_NAME '2.5.29.8' Interfaced -
szOID_ISSUER_ALT_NAME2 '2.5.29.18' Interfaced -
szOID_KEY_ATTRIBUTES '2.5.29.2' Interfaced -
szOID_KEY_USAGE '2.5.29.15' Interfaced -
szOID_KEY_USAGE_RESTRICTION '2.5.29.4' Interfaced -
szOID_KP_CTL_USAGE_SIGNING '1.3.6.1.4.1.311.10.3.1' Interfaced Signer of CTLs
szOID_KP_TIME_STAMP_SIGNING '1.3.6.1.4.1.311.10.3.2' Interfaced Signer of TimeStamps
szOID_LOCALITY_NAME '2.5.4.7' Interfaced Case-ignore string
szOID_MEMBER '2.5.4.31' Interfaced Relational application attribute types:
szOID_NETSCAPE '2.16.840.1.113730' Interfaced -
szOID_NETSCAPE_BASE_URL '2.16.840.1.113730.1.2' Interfaced -
szOID_NETSCAPE_CA_POLICY_URL '2.16.840.1.113730.1.8' Interfaced -
szOID_NETSCAPE_CA_REVOCATION_URL '2.16.840.1.113730.1.4' Interfaced -
szOID_NETSCAPE_CERT_EXTENSION '2.16.840.1.113730.1' Interfaced -
szOID_NETSCAPE_CERT_RENEWAL_URL '2.16.840.1.113730.1.7' Interfaced -
szOID_NETSCAPE_CERT_SEQUENCE '2.16.840.1.113730.2.5' Interfaced -
szOID_NETSCAPE_CERT_TYPE '2.16.840.1.113730.1.1' Interfaced -
szOID_NETSCAPE_COMMENT '2.16.840.1.113730.1.13' Interfaced -
szOID_NETSCAPE_DATA_TYPE '2.16.840.1.113730.2' Interfaced -
szOID_NETSCAPE_REVOCATION_URL '2.16.840.1.113730.1.3' Interfaced -
szOID_NETSCAPE_SSL_SERVER_NAME '2.16.840.1.113730.1.12' Interfaced -
szOID_NEXT_UPDATE_LOCATION '1.3.6.1.4.1.311.10.2' Interfaced -
szOID_OIW '1.3.14' Interfaced
NIST OSE Implementors' Workshop (OIW)
 http://nemo.ncsl.nist.gov/oiw/agreements/stable/OSI/12s_9506.w51
 http://nemo.ncsl.nist.gov/oiw/agreements/working/OSI/12w_9503.w51
szOID_OIWDIR '1.3.14.7.2' Interfaced NIST OSE Implementors' Workshop (OIW) Directory SIG algorithm identifiers
szOID_OIWDIR_CRPT '1.3.14.7.2.1' Interfaced -
szOID_OIWDIR_HASH '1.3.14.7.2.2' Interfaced -
szOID_OIWDIR_md2 '1.3.14.7.2.2.1' Interfaced -
szOID_OIWDIR_md2RSA '1.3.14.7.2.3.1' Interfaced -
szOID_OIWDIR_SIGN '1.3.14.7.2.3' Interfaced -
szOID_OIWSEC '1.3.14.3.2' Interfaced NIST OSE Implementors' Workshop (OIW) Security SIG algorithm identifiers
szOID_OIWSEC_desCBC '1.3.14.3.2.7' Interfaced -
szOID_OIWSEC_desCFB '1.3.14.3.2.9' Interfaced -
szOID_OIWSEC_desECB '1.3.14.3.2.6' Interfaced -
szOID_OIWSEC_desEDE '1.3.14.3.2.17' Interfaced -
szOID_OIWSEC_desMAC '1.3.14.3.2.10' Interfaced -
szOID_OIWSEC_desOFB '1.3.14.3.2.8' Interfaced -
szOID_OIWSEC_dhCommMod '1.3.14.3.2.16' Interfaced -
szOID_OIWSEC_dsa '1.3.14.3.2.12' Interfaced -
szOID_OIWSEC_dsaComm '1.3.14.3.2.20' Interfaced -
szOID_OIWSEC_dsaCommSHA '1.3.14.3.2.21' Interfaced -
szOID_OIWSEC_dsaCommSHA1 '1.3.14.3.2.28' Interfaced -
szOID_OIWSEC_dsaSHA1 '1.3.14.3.2.27' Interfaced -
szOID_OIWSEC_keyHashSeal '1.3.14.3.2.23' Interfaced -
szOID_OIWSEC_md2RSASign '1.3.14.3.2.24' Interfaced -
szOID_OIWSEC_md4RSA '1.3.14.3.2.2' Interfaced -
szOID_OIWSEC_md4RSA2 '1.3.14.3.2.4' Interfaced -
szOID_OIWSEC_md5RSA '1.3.14.3.2.3' Interfaced -
szOID_OIWSEC_md5RSASign '1.3.14.3.2.25' Interfaced -
szOID_OIWSEC_mdc2 '1.3.14.3.2.19' Interfaced -
szOID_OIWSEC_mdc2RSA '1.3.14.3.2.14' Interfaced -
szOID_OIWSEC_rsaSign '1.3.14.3.2.11' Interfaced -
szOID_OIWSEC_rsaXchg '1.3.14.3.2.22' Interfaced -
szOID_OIWSEC_sha '1.3.14.3.2.18' Interfaced -
szOID_OIWSEC_sha1 '1.3.14.3.2.26' Interfaced -
szOID_OIWSEC_sha1RSASign '1.3.14.3.2.29' Interfaced -
szOID_OIWSEC_shaDSA '1.3.14.3.2.13' Interfaced -
szOID_OIWSEC_shaRSA '1.3.14.3.2.15' Interfaced -
szOID_ORGANIZATION_NAME '2.5.4.10' Interfaced
Organizational attribute types:

 case-ignore string
szOID_ORGANIZATIONAL_UNIT_NAME '2.5.4.11' Interfaced Case-ignore string
szOID_OWNER '2.5.4.32' Interfaced -
szOID_PHYSICAL_DELIVERY_OFFICE_NAME '2.5.4.19' Interfaced Case-ignore string
szOID_PKCS '1.2.840.113549.1' Interfaced -
szOID_PKCS_1 '1.2.840.113549.1.1' Interfaced -
szOID_PKCS_10 '1.2.840.113549.1.10' Interfaced -
szOID_PKCS_2 '1.2.840.113549.1.2' Interfaced -
szOID_PKCS_3 '1.2.840.113549.1.3' Interfaced -
szOID_PKCS_4 '1.2.840.113549.1.4' Interfaced -
szOID_PKCS_5 '1.2.840.113549.1.5' Interfaced -
szOID_PKCS_6 '1.2.840.113549.1.6' Interfaced -
szOID_PKCS_7 '1.2.840.113549.1.7' Interfaced -
szOID_PKCS_7_DATA '1.2.840.113549.1.7.1' Interfaced -
szOID_PKCS_7_DIGESTED '1.2.840.113549.1.7.5' Interfaced -
szOID_PKCS_7_ENCRYPTED '1.2.840.113549.1.7.6' Interfaced -
szOID_PKCS_7_ENVELOPED '1.2.840.113549.1.7.3' Interfaced -
szOID_PKCS_7_SIGNED '1.2.840.113549.1.7.2' Interfaced -
szOID_PKCS_7_SIGNEDANDENVELOPED '1.2.840.113549.1.7.4' Interfaced -
szOID_PKCS_8 '1.2.840.113549.1.8' Interfaced -
szOID_PKCS_9 '1.2.840.113549.1.9' Interfaced -
szOID_PKCS_9_CONTENT_TYPE '1.2.840.113549.1.9.3' Interfaced -
szOID_PKCS_9_MESSAGE_DIGEST '1.2.840.113549.1.9.4' Interfaced -
szOID_PKIX '1.3.6.1.5.5.7' Interfaced Internet Public Key Infrastructure
szOID_PKIX_KP '1.3.6.1.5.5.7.3' Interfaced
+-------------------------------------------------------------------------
  Enhanced Key Usage (Purpose) Object Identifiers
--------------------------------------------------------------------------
szOID_PKIX_KP_CLIENT_AUTH '1.3.6.1.5.5.7.3.2' Interfaced Consistent key usage bits: DIGITAL_SIGNATURE
szOID_PKIX_KP_CODE_SIGNING '1.3.6.1.5.5.7.3.3' Interfaced Consistent key usage bits: DIGITAL_SIGNATURE
szOID_PKIX_KP_EMAIL_PROTECTION '1.3.6.1.5.5.7.3.4' Interfaced
Consistent key usage bits: DIGITAL_SIGNATURE, NON_REPUDIATION and/or
 (KEY_ENCIPHERMENT or KEY_AGREEMENT)
szOID_PKIX_KP_SERVER_AUTH '1.3.6.1.5.5.7.3.1' Interfaced
Consistent key usage bits: DIGITAL_SIGNATURE, KEY_ENCIPHERMENT
 or KEY_AGREEMENT
szOID_POLICY_MAPPINGS '2.5.29.5' Interfaced
+-------------------------------------------------------------------------
  Extension Object Identifiers (currently not implemented)
--------------------------------------------------------------------------
szOID_POST_OFFICE_BOX '2.5.4.18' Interfaced Case-ignore string
szOID_POSTAL_ADDRESS '2.5.4.16' Interfaced Postal addressing attribute types:
szOID_POSTAL_CODE '2.5.4.17' Interfaced Case-ignore string
szOID_PREFERRED_DELIVERY_METHOD '2.5.4.28' Interfaced Preference attribute types:
szOID_PRESENTATION_ADDRESS '2.5.4.29' Interfaced OSI application attribute types:
szOID_REGISTERED_ADDRESS '2.5.4.26' Interfaced -
szOID_ROLE_OCCUPANT '2.5.4.33' Interfaced -
szOID_RSA '1.2.840.113549' Interfaced -
szOID_RSA_challengePwd '1.2.840.113549.1.9.7' Interfaced -
szOID_RSA_contentType '1.2.840.113549.1.9.3' Interfaced -
szOID_RSA_counterSign '1.2.840.113549.1.9.6' Interfaced -
szOID_RSA_data '1.2.840.113549.1.7.1' Interfaced -
szOID_RSA_DES_EDE3_CBC '1.2.840.113549.3.7' Interfaced -
szOID_RSA_digestedData '1.2.840.113549.1.7.5' Interfaced -
szOID_RSA_emailAddr '1.2.840.113549.1.9.1' Interfaced -
szOID_RSA_ENCRYPT '1.2.840.113549.3' Interfaced -
szOID_RSA_encryptedData '1.2.840.113549.1.7.6' Interfaced -
szOID_RSA_envelopedData '1.2.840.113549.1.7.3' Interfaced -
szOID_RSA_extCertAttrs '1.2.840.113549.1.9.9' Interfaced -
szOID_RSA_HASH '1.2.840.113549.2' Interfaced -
szOID_RSA_hashedData '1.2.840.113549.1.7.5' Interfaced -
szOID_RSA_MD2 '1.2.840.113549.2.2' Interfaced -
szOID_RSA_MD2RSA '1.2.840.113549.1.1.2' Interfaced -
szOID_RSA_MD4 '1.2.840.113549.2.4' Interfaced -
szOID_RSA_MD4RSA '1.2.840.113549.1.1.3' Interfaced -
szOID_RSA_MD5 '1.2.840.113549.2.5' Interfaced -
szOID_RSA_MD5RSA '1.2.840.113549.1.1.4' Interfaced -
szOID_RSA_messageDigest '1.2.840.113549.1.9.4' Interfaced -
szOID_RSA_MGF1 '1.2.840.113549.1.1.8' Interfaced -
szOID_RSA_preferSignedData '1.2.840.113549.1.9.15.1' Interfaced -
szOID_RSA_PSPECIFIED '1.2.840.113549.1.1.9' Interfaced -
szOID_RSA_RC2CBC '1.2.840.113549.3.2' Interfaced -
szOID_RSA_RC4 '1.2.840.113549.3.4' Interfaced -
szOID_RSA_RC5_CBCPad '1.2.840.113549.3.9' Interfaced -
szOID_RSA_RSA '1.2.840.113549.1.1.1' Interfaced -
szOID_RSA_SETOAEP_RSA '1.2.840.113549.1.1.6' Interfaced -
szOID_RSA_SHA1RSA '1.2.840.113549.1.1.5' Interfaced -
szOID_RSA_SHA256RSA '1.2.840.113549.1.1.11' Interfaced -
szOID_RSA_SHA384RSA '1.2.840.113549.1.1.12' Interfaced -
szOID_RSA_SHA512RSA '1.2.840.113549.1.1.13' Interfaced -
szOID_RSA_signedData '1.2.840.113549.1.7.2' Interfaced -
szOID_RSA_signEnvData '1.2.840.113549.1.7.4' Interfaced -
szOID_RSA_signingTime '1.2.840.113549.1.9.5' Interfaced -
szOID_RSA_SMIMECapabilities '1.2.840.113549.1.9.15' Interfaced -
szOID_RSA_SSA_PSS '1.2.840.113549.1.1.10' Interfaced -
szOID_RSA_unstructAddr '1.2.840.113549.1.9.8' Interfaced -
szOID_RSA_unstructName '1.2.840.113549.1.9.2' Interfaced -
szOID_RSAES_OAEP '1.2.840.113549.1.1.7' Interfaced Added Sept. 2010 source Windows 7 sdk
szOID_SEARCH_GUIDE '2.5.4.14' Interfaced -
szOID_SEE_ALSO '2.5.4.34' Interfaced -
szOID_STATE_OR_PROVINCE_NAME '2.5.4.8' Interfaced Case-ignore string
szOID_STREET_ADDRESS '2.5.4.9' Interfaced Case-ignore string
szOID_SUBJECT_ALT_NAME '2.5.29.7' Interfaced -
szOID_SUBJECT_ALT_NAME2 '2.5.29.17' Interfaced -
szOID_SUBJECT_DIR_ATTRS '2.5.29.9' Interfaced -
szOID_SUBJECT_KEY_IDENTIFIER '2.5.29.14' Interfaced -
szOID_SUPPORTED_APPLICATION_CONTEXT '2.5.4.30' Interfaced -
szOID_SUR_NAME '2.5.4.4' Interfaced Case-ignore string
szOID_TELEPHONE_NUMBER '2.5.4.20' Interfaced
Telecommunications addressing attribute types:

 telephone number
szOID_TELETEXT_TERMINAL_IDENTIFIER '2.5.4.22' Interfaced -
szOID_TELEX_NUMBER '2.5.4.21' Interfaced -
szOID_TITLE '2.5.4.12' Interfaced Case-ignore string
szOID_USER_CERTIFICATE '2.5.4.36' Interfaced -
szOID_USER_PASSWORD '2.5.4.35' Interfaced Security attribute types:
szOID_X21_ADDRESS '2.5.4.24' Interfaced Numeric string
szOID_YESNO_TRUST_ATTR '1.3.6.1.4.1.311.10.4.1' Interfaced
+-------------------------------------------------------------------------
  Microsoft Attribute Object Identifiers
+-------------------------------------------------------------------------
USAGE_MATCH_TYPE_AND $00000000 Interfaced -
USAGE_MATCH_TYPE_OR $00000001 Interfaced -
X509_ALTERNATE_NAME (LPCSTR(12)) Interfaced -
X509_ANY_STRING X509_NAME_VALUE Interfaced -
X509_ASN_ENCODING $00000001 Interfaced -
X509_AUTHORITY_KEY_ID (LPCSTR(9)) Interfaced
+-------------------------------------------------------------------------
  Predefined X509 certificate extension data structures that can be
  encoded / decoded.
--------------------------------------------------------------------------
X509_AUTHORITY_KEY_ID2 (LPCSTR(31)) Interfaced
+-------------------------------------------------------------------------
  More predefined X509 certificate extension data structures that can be
  encoded / decoded.
--------------------------------------------------------------------------
X509_BASIC_CONSTRAINTS (LPCSTR(13)) Interfaced -
X509_BASIC_CONSTRAINTS2 (LPCSTR(15)) Interfaced -
X509_BITS (LPCSTR(26)) Interfaced -
X509_CERT (LPCSTR(1)) Interfaced -
X509_CERT_CRL_TO_BE_SIGNED (LPCSTR(3)) Interfaced -
X509_CERT_POLICIES (LPCSTR(16)) Interfaced -
X509_CERT_REQUEST_TO_BE_SIGNED (LPCSTR(4)) Interfaced -
X509_CERT_TO_BE_SIGNED (LPCSTR(2)) Interfaced -
X509_CHOICE_OF_TIME (LPCSTR(30)) Interfaced -
X509_CRL_DIST_POINTS (LPCSTR(35)) Interfaced -
X509_CRL_REASON_CODE X509_ENUMERATED Interfaced X509_AUTHORITY_INFO_ACCESS (LPCSTR(32));
X509_DSS_PARAMETERS (LPCSTR(39)) Interfaced -
X509_DSS_PUBLICKEY X509_MULTI_BYTE_UINT Interfaced -
X509_DSS_SIGNATURE (LPCSTR(40)) Interfaced -
X509_ENHANCED_KEY_USAGE (LPCSTR(36)) Interfaced -
X509_ENUMERATED (LPCSTR(29)) Interfaced -
X509_EXTENSIONS (LPCSTR(5)) Interfaced -
X509_INTEGER (LPCSTR(27)) Interfaced -
X509_KEY_ATTRIBUTES (LPCSTR(10)) Interfaced -
X509_KEY_USAGE (LPCSTR(14)) Interfaced -
X509_KEY_USAGE_RESTRICTION (LPCSTR(11)) Interfaced -
X509_KEYGEN_REQUEST_TO_BE_SIGNED (LPCSTR(21)) Interfaced -
X509_MULTI_BYTE_INTEGER (LPCSTR(28)) Interfaced -
X509_MULTI_BYTE_UINT (LPCSTR(38)) Interfaced -
X509_NAME (LPCSTR(7)) Interfaced -
X509_NAME_VALUE (LPCSTR(6)) Interfaced -
X509_NDR_ENCODING $00000002 Interfaced -
X509_OCTET_STRING (LPCSTR(25)) Interfaced -
X509_PUBLIC_KEY_INFO (LPCSTR(8)) Interfaced -
X509_SEQUENCE_OF_ANY (LPCSTR(34)) Interfaced -
X509_UNICODE_ANY_STRING X509_UNICODE_NAME_VALUE Interfaced -
X509_UNICODE_NAME (LPCSTR(20)) Interfaced -
X509_UNICODE_NAME_VALUE (LPCSTR(24)) Interfaced
+-------------------------------------------------------------------------
  Predefined primitive data structures that can be encoded / decoded.
--------------------------------------------------------------------------
ZERO_PADDING 3 Interfaced -


Module Source

1     {******************************************************************}
2     {                                                                  }
3     { Borland Delphi Runtime Library                                   }
4     { Cryptographic API interface unit                                 }
5     {                                                                  }
6     { Portions created by Microsoft are                                }
7     { Copyright (C) 1993-1998 Microsoft Corporation.                   }
8     { All Rights Reserved.                                             }
9     {                                                                  }
10    { The original file is: wincrypt.h, 1992 - 1997                    }
11    { The original Pascal code is: wcrypt2.pas, released 01 Jan 1998   }
12    { The initial developer of the Pascal code is                      }
13    {  Massimo Maria Ghisalberti  (nissl@dada.it)                      }
14    {                                                                  }
15    { Portions created by Massimo Maria Ghisalberti are                }
16    { Copyright (C) 1997-1998 Massimo Maria Ghisalberti                }
17    {                                                                  }
18    { Contributor(s):                                                  }
19    {     Peter Tang (peter.tang@citicorp.com)                         }
20    {     Phil Shrimpton (phil@shrimpton.co.uk)                        }
21    {                                                                  }
22    { Obtained through:                                                }
23    {                                                                  }
24    { Joint Endeavour of Delphi Innovators (Project JEDI)              }
25    {                                                                  }
26    { You may retrieve the latest version of this file at the Project  }
27    { JEDI home page, located at http://delphi-jedi.org                }
28    {                                                                  }
29    { The contents of this file are used with permission, subject to   }
30    { the Mozilla Public License Version 1.1 (the "License"); you may  }
31    { not use this file except in compliance with the License. You may }
32    { obtain a copy of the License at                                  }
33    { http://www.mozilla.org/MPL/MPL-1.1.html                          }
34    {                                                                  }
35    { Software distributed under the License is distributed on an      }
36    { "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or   }
37    { implied. See the License for the specific language governing     }
38    { rights and limitations under the License.                        }
39    {                                                                  }
40    {******************************************************************}
41    
42    unit wcrypt2;
43    
44    {$DEFINE NT5}    // {.DEFINE NT5}
45    
46    {$ALIGN ON}
47    
48    {$IFNDEF VER90}
49      {$WEAKPACKAGEUNIT}
50    {$ENDIF}
51    
52    interface
53    
54    uses
55      Windows
56      {$IFDEF VER90}
57      ,Ole2
58      {$ENDIF};
59    
60    const
61      ADVAPI32    = 'advapi32.dll';
62      CRYPT32     = 'crypt32.dll';
63      SOFTPUB     = 'softpub.dll';
64    {$IFDEF NT5}
65      ADVAPI32NT5 = 'advapi32.dll';
66    {$ENDIF}
67    
68    {Support Type}
69    
70    type
71        PVOID = Pointer;
72        LONG  = DWORD;
73        {$IFDEF UNICODE}
74          LPAWSTR = PWideChar;
75        {$ELSE}
76          LPAWSTR = PAnsiChar;
77        {$ENDIF}
78    
79    //-----------------------------------------------------------------------------
80        // Type support for a pointer to an array of pointer (type **name)
81        PLPSTR          = Pointer; // type for a pointer to Array of pointer a type
82        PPCERT_INFO     = Pointer; // type for a pointer to Array of pointer a type
83        PPVOID          = Pointer; // type for a pointer to Array of pointer a type
84        PPCCERT_CONTEXT = Pointer; // type for a pointer to Array of pointer a type
85        PPCCTL_CONTEXT  = Pointer; // type for a pointer to Array of pointer a type
86        PPCCRL_CONTEXT  = Pointer; // type for a pointer to Array of pointer a type
87        PPCERT_CHAIN_ELEMENT = Pointer; // type for a pointer to Array of pointer a type *rwf
88    //-----------------------------------------------------------------------------
89    
90    //+---------------------------------------------------------------------------
91    //
92    //  Microsoft Windows
93    //  Copyright (C) Microsoft Corporation, 1992 - 1997.
94    //
95    //  File:       wincrypt.h
96    //
97    //  Contents:   Cryptographic API Prototypes and Definitions
98    //
99    //----------------------------------------------------------------------------
100   
101   
102   //
103   // Algorithm IDs and Flags
104   //
105   
106   // ALG_ID crackers
107   function GET_ALG_CLASS(x:integer) :integer;
108   function GET_ALG_TYPE(x:integer) :integer;
109   function GET_ALG_SID(x:integer) :integer;
110   
111   Const
112     // Algorithm classes
113     ALG_CLASS_ANY          = 0;
114     ALG_CLASS_SIGNATURE    = (1 shl 13);
115     ALG_CLASS_MSG_ENCRYPT  = (2 shl 13);
116     ALG_CLASS_DATA_ENCRYPT = (3 shl 13);
117     ALG_CLASS_HASH         = (4 shl 13);
118     ALG_CLASS_KEY_EXCHANGE = (5 shl 13);
119   
120     // Algorithm types
121     ALG_TYPE_ANY           = 0;
122     ALG_TYPE_DSS           = (1 shl 9);
123     ALG_TYPE_RSA           = (2 shl 9);
124     ALG_TYPE_BLOCK         = (3 shl 9);
125     ALG_TYPE_STREAM        = (4 shl 9);
126     ALG_TYPE_DH            = (5 shl 9);
127     ALG_TYPE_SECURECHANNEL = (6 shl 9);
128   
129     // Generic sub-ids
130     ALG_SID_ANY = 0;
131   
132     // Some RSA sub-ids
133     ALG_SID_RSA_ANY        = 0;
134     ALG_SID_RSA_PKCS       = 1;
135     ALG_SID_RSA_MSATWORK   = 2;
136     ALG_SID_RSA_ENTRUST    = 3;
137     ALG_SID_RSA_PGP        = 4;
138   
139     // Some DSS sub-ids
140     ALG_SID_DSS_ANY        = 0;
141     ALG_SID_DSS_PKCS       = 1;
142     ALG_SID_DSS_DMS        = 2;
143   
144     // Block cipher sub ids
145     // DES sub_ids
146     ALG_SID_DES            = 1;
147     ALG_SID_3DES           = 3;
148     ALG_SID_DESX           = 4;
149     ALG_SID_IDEA           = 5;
150     ALG_SID_CAST           = 6;
151     ALG_SID_SAFERSK64      = 7;
152     ALD_SID_SAFERSK128     = 8;
153     ALG_SID_SAFERSK128     = 8;
154     ALG_SID_3DES_112       = 9;
155     ALG_SID_CYLINK_MEK     = 12;
156     ALG_SID_RC5            = 13;
157   
158     //Added Sept. 2010 source Windows 7 sdk
159     ALG_SID_AES_128 = 14;
160     ALG_SID_AES_192 = 15;
161     ALG_SID_AES_256 = 16;
162     ALG_SID_AES = 17;
163   
164     // Fortezza sub-ids
165     ALG_SID_SKIPJACK       = 10;
166     ALG_SID_TEK            = 11;
167   
168     // KP_MODE
169     CRYPT_MODE_CBCI        = 6;  {ANSI CBC Interleaved}
170     CRYPT_MODE_CFBP        = 7;  {ANSI CFB Pipelined}
171     CRYPT_MODE_OFBP        = 8;  {ANSI OFB Pipelined}
172     CRYPT_MODE_CBCOFM      = 9;  {ANSI CBC + OF Masking}
173     CRYPT_MODE_CBCOFMI     = 10; {ANSI CBC + OFM Interleaved}
174   
175     // RC2 sub-ids
176     ALG_SID_RC2            = 2;
177   
178     // Stream cipher sub-ids
179     ALG_SID_RC4            = 1;
180     ALG_SID_SEAL           = 2;
181   
182     // Diffie-Hellman sub-ids
183     ALG_SID_DH_SANDF       = 1;
184     ALG_SID_DH_EPHEM       = 2;
185     ALG_SID_AGREED_KEY_ANY = 3;
186     ALG_SID_KEA            = 4;
187   
188     // Hash sub ids
189     ALG_SID_MD2            = 1;
190     ALG_SID_MD4            = 2;
191     ALG_SID_MD5            = 3;
192     ALG_SID_SHA            = 4;
193     ALG_SID_SHA1           = 4;
194     ALG_SID_MAC            = 5;
195     ALG_SID_RIPEMD         = 6;
196     ALG_SID_RIPEMD160      = 7;
197     ALG_SID_SSL3SHAMD5     = 8;
198     ALG_SID_HMAC           = 9;
199     //Added Sept. 2010 source Windows 7 SDK
200     ALG_SID_SHA_256        = 12;
201     ALG_SID_SHA_384        = 13;
202     ALG_SID_SHA_512        = 14;
203     
204     // secure channel sub ids
205     ALG_SID_SSL3_MASTER          = 1;
206     ALG_SID_SCHANNEL_MASTER_HASH = 2;
207     ALG_SID_SCHANNEL_MAC_KEY     = 3;
208     ALG_SID_PCT1_MASTER          = 4;
209     ALG_SID_SSL2_MASTER          = 5;
210     ALG_SID_TLS1_MASTER          = 6;
211     ALG_SID_SCHANNEL_ENC_KEY     = 7;
212   
213     // Our silly example sub-id
214     ALG_SID_EXAMPLE              = 80;
215   
216   {$IFNDEF ALGIDDEF}
217     {$DEFINE ALGIDDEF}
218   Type ALG_ID = ULONG;
219   {$ENDIF}
220   
221   // algorithm identifier definitions
222   Const
223     CALG_MD2              = (ALG_CLASS_HASH or ALG_TYPE_ANY or ALG_SID_MD2);
224     CALG_MD4              = (ALG_CLASS_HASH or ALG_TYPE_ANY or ALG_SID_MD4);
225     CALG_MD5              = (ALG_CLASS_HASH or ALG_TYPE_ANY or ALG_SID_MD5);
226     CALG_SHA              = (ALG_CLASS_HASH or ALG_TYPE_ANY or ALG_SID_SHA);
227     CALG_SHA1             = (ALG_CLASS_HASH or ALG_TYPE_ANY or ALG_SID_SHA1);
228     CALG_MAC              = (ALG_CLASS_HASH or ALG_TYPE_ANY or ALG_SID_MAC);
229     CALG_RSA_SIGN         = (ALG_CLASS_SIGNATURE or ALG_TYPE_RSA or ALG_SID_RSA_ANY);
230     CALG_DSS_SIGN         = (ALG_CLASS_SIGNATURE or ALG_TYPE_DSS or ALG_SID_DSS_ANY);
231     CALG_RSA_KEYX         = (ALG_CLASS_KEY_EXCHANGE or ALG_TYPE_RSA or ALG_SID_RSA_ANY);
232     CALG_DES              = (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_DES);
233     CALG_3DES_112         = (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_3DES_112);
234     CALG_3DES             = (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_3DES);
235     CALG_RC2              = (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_RC2);
236     CALG_RC4              = (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_STREAM or ALG_SID_RC4);
237     CALG_SEAL             = (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_STREAM or ALG_SID_SEAL);
238     CALG_DH_SF            = (ALG_CLASS_KEY_EXCHANGE or ALG_TYPE_DH or ALG_SID_DH_SANDF);
239     CALG_DH_EPHEM         = (ALG_CLASS_KEY_EXCHANGE  or  ALG_TYPE_DH  or  ALG_SID_DH_EPHEM);
240     CALG_AGREEDKEY_ANY    = (ALG_CLASS_KEY_EXCHANGE  or ALG_TYPE_DH or ALG_SID_AGREED_KEY_ANY);
241     CALG_KEA_KEYX         = (ALG_CLASS_KEY_EXCHANGE or ALG_TYPE_DH or ALG_SID_KEA);
242     CALG_HUGHES_MD5       = (ALG_CLASS_KEY_EXCHANGE or ALG_TYPE_ANY or ALG_SID_MD5);
243     CALG_SKIPJACK         = (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_SKIPJACK);
244     CALG_TEK              = (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_TEK);
245     CALG_CYLINK_MEK       = (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_CYLINK_MEK);
246     CALG_SSL3_SHAMD5      = (ALG_CLASS_HASH  or  ALG_TYPE_ANY  or  ALG_SID_SSL3SHAMD5);
247     CALG_SSL3_MASTER      = (ALG_CLASS_MSG_ENCRYPT or ALG_TYPE_SECURECHANNEL or ALG_SID_SSL3_MASTER);
248     CALG_SCHANNEL_MASTER_HASH = (ALG_CLASS_MSG_ENCRYPT or ALG_TYPE_SECURECHANNEL or ALG_SID_SCHANNEL_MASTER_HASH);
249     CALG_SCHANNEL_MAC_KEY = (ALG_CLASS_MSG_ENCRYPT or ALG_TYPE_SECURECHANNEL or ALG_SID_SCHANNEL_MAC_KEY);
250     CALG_SCHANNEL_ENC_KEY = (ALG_CLASS_MSG_ENCRYPT or ALG_TYPE_SECURECHANNEL or ALG_SID_SCHANNEL_ENC_KEY);
251     CALG_PCT1_MASTER      = (ALG_CLASS_MSG_ENCRYPT or ALG_TYPE_SECURECHANNEL or ALG_SID_PCT1_MASTER);
252     CALG_SSL2_MASTER      = (ALG_CLASS_MSG_ENCRYPT or ALG_TYPE_SECURECHANNEL or ALG_SID_SSL2_MASTER);
253     CALG_TLS1_MASTER      = (ALG_CLASS_MSG_ENCRYPT or ALG_TYPE_SECURECHANNEL or ALG_SID_TLS1_MASTER);
254     CALG_RC5              = (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_RC5);
255     CALG_HMAC             = (ALG_CLASS_HASH  or  ALG_TYPE_ANY  or  ALG_SID_HMAC);
256     //Added Sept. 2010 source Windows 7 SDK
257     CALG_AES_128 = (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_AES_128);
258     CALG_AES_192 = (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_AES_192);
259     CALG_AES_256 = (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_AES_256);
260     CALG_AES = (ALG_CLASS_DATA_ENCRYPT or ALG_TYPE_BLOCK or ALG_SID_AES);
261     CALG_SHA_256 = (ALG_CLASS_HASH or ALG_TYPE_ANY or ALG_SID_SHA_256);
262     CALG_SHA_384 = (ALG_CLASS_HASH or ALG_TYPE_ANY or ALG_SID_SHA_384);
263     CALG_SHA_512 = (ALG_CLASS_HASH or ALG_TYPE_ANY or ALG_SID_SHA_512);
264   
265   type
266     PVTableProvStruc = ^VTableProvStruc;
267     VTableProvStruc = record
268       Version         :DWORD;
269       FuncVerifyImage :TFarProc;
270       FuncReturnhWnd  :TFarProc;
271       dwProvType      :DWORD;
272       pbContextInfo   :PBYTE;
273       cbContextInfo   :DWORD;
274   end;
275   
276   //type HCRYPTPROV = ULONG;
277   //type HCRYPTKEY  = ULONG;
278   //type HCRYPTHASH = ULONG;
279   
280   
281   const
282     // dwFlags definitions for CryptAcquireContext
283     CRYPT_VERIFYCONTEXT  = $F0000000;
284     CRYPT_NEWKEYSET      = $00000008;
285     CRYPT_DELETEKEYSET   = $00000010;
286     CRYPT_MACHINE_KEYSET = $00000020;
287   
288     // dwFlag definitions for CryptGenKey
289     CRYPT_EXPORTABLE     = $00000001;
290     CRYPT_USER_PROTECTED = $00000002;
291     CRYPT_CREATE_SALT    = $00000004;
292     CRYPT_UPDATE_KEY     = $00000008;
293     CRYPT_NO_SALT        = $00000010;
294     CRYPT_PREGEN         = $00000040;
295     CRYPT_RECIPIENT      = $00000010;
296     CRYPT_INITIATOR      = $00000040;
297     CRYPT_ONLINE         = $00000080;
298     CRYPT_SF             = $00000100;
299     CRYPT_CREATE_IV      = $00000200;
300     CRYPT_KEK            = $00000400;
301     CRYPT_DATA_KEY       = $00000800;
302   
303     // dwFlags definitions for CryptDeriveKey
304     CRYPT_SERVER         = $00000400;
305   
306     KEY_LENGTH_MASK      = $FFFF0000;
307   
308     // dwFlag definitions for CryptExportKey
309     CRYPT_Y_ONLY        = $00000001;
310     CRYPT_SSL2_SLUMMING = $00000002;
311   
312     // dwFlags definitions for CryptHashSessionKey
313     CRYPT_LITTLE_ENDIAN = $00000001;
314   
315     // dwFlag definitions for CryptSetProviderEx and CryptGetDefaultProvider
316     CRYPT_MACHINE_DEFAULT = $00000001;
317     CRYPT_USER_DEFAULT    = $00000002;
318     CRYPT_DELETE_DEFAULT  = $00000004;
319   
320     // exported key blob definitions
321     SIMPLEBLOB        = $1;
322     PUBLICKEYBLOB     = $6;
323     PRIVATEKEYBLOB    = $7;
324     PLAINTEXTKEYBLOB  = $8;
325     AT_KEYEXCHANGE    = 1;
326     AT_SIGNATURE      = 2;
327     CRYPT_USERDATA    = 1;
328   
329     // dwParam
330     KP_IV                 = 1;  // Initialization vector
331     KP_SALT               = 2;  // Salt value
332     KP_PADDING            = 3;  // Padding values
333     KP_MODE               = 4;  // Mode of the cipher
334     KP_MODE_BITS          = 5;  // Number of bits to feedback
335     KP_PERMISSIONS        = 6;  // Key permissions DWORD
336     KP_ALGID              = 7;  // Key algorithm
337     KP_BLOCKLEN           = 8;  // Block size of the cipher
338     KP_KEYLEN             = 9;  // Length of key in bits
339     KP_SALT_EX            = 10; // Length of salt in bytes
340     KP_P                  = 11; // DSS/Diffie-Hellman P value
341     KP_G                  = 12; // DSS/Diffie-Hellman G value
342     KP_Q                  = 13; // DSS Q value
343     KP_X                  = 14; // Diffie-Hellman X value
344     KP_Y                  = 15; // Y value
345     KP_RA                 = 16; // Fortezza RA value
346     KP_RB                 = 17; // Fortezza RB value
347     KP_INFO               = 18; // for putting information into an RSA envelope
348     KP_EFFECTIVE_KEYLEN   = 19; // setting and getting RC2 effective key length
349     KP_SCHANNEL_ALG	= 20; // for setting the Secure Channel algorithms
350     KP_CLIENT_RANDOM      = 21; // for setting the Secure Channel client random data
351     KP_SERVER_RANDOM      = 22; // for setting the Secure Channel server random data
352     KP_RP                 = 23;
353     KP_PRECOMP_MD5        = 24;
354     KP_PRECOMP_SHA        = 25;
355     KP_CERTIFICATE        = 26; // for setting Secure Channel certificate data (PCT1)
356     KP_CLEAR_KEY          = 27; // for setting Secure Channel clear key data (PCT1)
357     KP_PUB_EX_LEN         = 28;
358     KP_PUB_EX_VAL         = 29;
359   
360     // KP_PADDING
361     PKCS5_PADDING         = 1; {PKCS 5 (sec 6.2) padding method}
362     RANDOM_PADDING        = 2;
363     ZERO_PADDING          = 3;
364   
365     // KP_MODE
366     CRYPT_MODE_CBC    = 1; // Cipher block chaining
367     CRYPT_MODE_ECB    = 2; // Electronic code book
368     CRYPT_MODE_OFB    = 3; // Output feedback mode
369     CRYPT_MODE_CFB    = 4; // Cipher feedback mode
370     CRYPT_MODE_CTS    = 5; // Ciphertext stealing mode
371   
372     // KP_PERMISSIONS
373     CRYPT_ENCRYPT     = $0001; // Allow encryption
374     CRYPT_DECRYPT     = $0002; // Allow decryption
375     CRYPT_EXPORT      = $0004; // Allow key to be exported
376     CRYPT_READ        = $0008; // Allow parameters to be read
377     CRYPT_WRITE       = $0010; // Allow parameters to be set
378     CRYPT_MAC         = $0020; // Allow MACs to be used with key
379     CRYPT_EXPORT_KEY  = $0040; // Allow key to be used for exporting keys
380     CRYPT_IMPORT_KEY  = $0080; // Allow key to be used for importing keys
381   
382     HP_ALGID          = $0001; // Hash algorithm
383     HP_HASHVAL        = $0002; // Hash value
384     HP_HASHSIZE       = $0004; // Hash value size
385   
386     HP_HMAC_INFO      = $0005; // information for creating an HMAC
387   
388     CRYPT_FAILED      = FALSE;
389     CRYPT_SUCCEED     = TRUE;
390   
391     {Certificate Name Types}        // JLI
392     CERT_NAME_EMAIL_TYPE = 1;
393     CERT_NAME_RDN_TYPE = 2;
394     CERT_NAME_ATTR_TYPE = 3;
395     CERT_NAME_SIMPLE_DISPLAY_TYPE = 4;
396     CERT_NAME_FRIENDLY_DISPLAY_TYPE = 5;
397   
398     CERT_SYSTEM_STORE_MASK = $FFFF0000;      // JLI
399   
400   {+-------------------------------------------------------------------------
401   '  Certificate, CRL and CTL property IDs
402   '
403   '  See CertSetCertificateContextProperty or CertGetCertificateContextProperty
404   '  for usage information.
405   '--------------------------------------------------------------------------
406   }
407   {  CERT_KEY_PROV_HANDLE_PROP_ID = 1;  // JLI
408     CERT_KEY_PROV_INFO_PROP_ID = 2;
409     CERT_SHA1_HASH_PROP_ID = 3;
410     CERT_MD5_HASH_PROP_ID = 4;
411   
412     CERT_HASH_PROP_ID = CERT_SHA1_HASH_PROP_ID;
413     CERT_KEY_CONTEXT_PROP_ID = 5;
414     CERT_KEY_SPEC_PROP_ID = 6;
415     CERT_IE30_RESERVED_PROP_ID = 7;
416     CERT_PUBKEY_HASH_RESERVED_PROP_ID = 8;
417     CERT_ENHKEY_USAGE_PROP_ID = 9;
418     CERT_CTL_USAGE_PROP_ID = CERT_ENHKEY_USAGE_PROP_ID;
419     CERT_NEXT_UPDATE_LOCATION_PROP_ID = 10;
420     CERT_FRIENDLY_NAME_PROP_ID = 11;
421     CERT_PVK_FILE_PROP_ID = 12;
422     CERT_DESCRIPTION_PROP_ID = 13;
423     CERT_ACCESS_STATE_PROP_ID = 14;
424     CERT_SIGNATURE_HASH_PROP_ID = 15;
425     CERT_SMART_CARD_DATA_PROP_ID = 16;
426     CERT_EFS_PROP_ID = 17;
427     CERT_FORTEZZA_DATA_PROP_ID = 18;
428     CERT_ARCHIVED_PROP_ID = 19;
429     CERT_KEY_IDENTIFIER_PROP_ID = 20;
430     CERT_AUTO_ENROLL_PROP_ID = 21;
431     CERT_PUBKEY_ALG_PARA_PROP_ID = 22;
432   
433     CERT_FIRST_RESERVED_PROP_ID = 23;
434   //  Note, 32 - 35 are reserved for the CERT, CRL, CTL and KeyId file element IDs.
435   const
436     CERT_LAST_RESERVED_PROP_ID = $7FFF;
437     CERT_FIRST_USER_PROP_ID = $8000;
438     CERT_LAST_USER_PROP_ID = $FFFF;
439   }
440   
441   function RCRYPT_SUCCEEDED(rt:BOOL):BOOL;
442   function RCRYPT_FAILED(rt:BOOL):BOOL;
443   
444   const
445     // CryptGetProvParam
446     PP_ENUMALGS            = 1;
447     PP_ENUMCONTAINERS      = 2;
448     PP_IMPTYPE             = 3;
449     PP_NAME                = 4;
450     PP_VERSION             = 5;
451     PP_CONTAINER           = 6;
452     PP_CHANGE_PASSWORD     = 7;
453     PP_KEYSET_SEC_DESCR    = 8;  // get/set security descriptor of keyset
454     PP_CERTCHAIN           = 9;  // for retrieving certificates from tokens
455     PP_KEY_TYPE_SUBTYPE    = 10;
456     PP_PROVTYPE            = 16;
457     PP_KEYSTORAGE          = 17;
458     PP_APPLI_CERT          = 18;
459     PP_SYM_KEYSIZE         = 19;
460     PP_SESSION_KEYSIZE     = 20;
461     PP_UI_PROMPT           = 21;
462     PP_ENUMALGS_EX         = 22;
463     CRYPT_FIRST            = 1;
464     CRYPT_NEXT             = 2;
465     CRYPT_IMPL_HARDWARE    = 1;
466     CRYPT_IMPL_SOFTWARE    = 2;
467     CRYPT_IMPL_MIXED       = 3;
468     CRYPT_IMPL_UNKNOWN     = 4;
469     PP_SIGNATURE_PIN       = 33;
470   
471   
472     // key storage flags
473     CRYPT_SEC_DESCR        = $00000001;
474     CRYPT_PSTORE           = $00000002;
475     CRYPT_UI_PROMPT        = $00000004;
476   
477     // protocol flags
478     CRYPT_FLAG_PCT1        = $0001;
479     CRYPT_FLAG_SSL2        = $0002;
480     CRYPT_FLAG_SSL3        = $0004;
481     CRYPT_FLAG_TLS1        = $0008;
482   
483     // CryptSetProvParam
484     PP_CLIENT_HWND         = 1;
485     PP_CONTEXT_INFO        = 11;
486     PP_KEYEXCHANGE_KEYSIZE = 12;
487     PP_SIGNATURE_KEYSIZE   = 13;
488     PP_KEYEXCHANGE_ALG     = 14;
489     PP_SIGNATURE_ALG       = 15;
490     PP_DELETEKEY           = 24;
491   
492     PROV_RSA_FULL          = 1;
493     PROV_RSA_SIG           = 2;
494     PROV_DSS               = 3;
495     PROV_FORTEZZA          = 4;
496     PROV_MS_EXCHANGE       = 5;
497     PROV_SSL               = 6;
498     PROV_RSA_AES           = 24;  //Added Sept 2010 source Windows 7 SDK.
499   
500     PROV_RSA_SCHANNEL      = 12;
501     PROV_DSS_DH            = 13;
502     PROV_EC_ECDSA_SIG      = 14;
503     PROV_EC_ECNRA_SIG      = 15;
504     PROV_EC_ECDSA_FULL     = 16;
505     PROV_EC_ECNRA_FULL     = 17;
506     PROV_SPYRUS_LYNKS      = 20;
507   
508   
509     // STT defined Providers
510     PROV_STT_MER           = 7;
511     PROV_STT_ACQ           = 8;
512     PROV_STT_BRND          = 9;
513     PROV_STT_ROOT          = 10;
514     PROV_STT_ISS           = 11;
515   
516     // Provider friendly names
517     MS_DEF_PROV_A          = 'Microsoft Base Cryptographic Provider v1.0';
518     {$IFNDEF VER90}
519       MS_DEF_PROV_W        = WideString( 'Microsoft Base Cryptographic Provider v1.0');
520     {$ELSE}
521       MS_DEF_PROV_W        = ( 'Microsoft Base Cryptographic Provider v1.0');
522     {$ENDIF}
523   
524   {$IFDEF UNICODE}
525     MS_DEF_PROV            = MS_DEF_PROV_W;
526   {$ELSE}
527     MS_DEF_PROV            = MS_DEF_PROV_A;
528   {$ENDIF}
529   
530     MS_ENHANCED_PROV_A   = 'Microsoft Enhanced Cryptographic Provider v1.0';
531     {$IFNDEF VER90}
532       MS_ENHANCED_PROV_W = WideString('Microsoft Enhanced Cryptographic Provider v1.0');
533     {$ELSE}
534       MS_ENHANCED_PROV_W = ('Microsoft Enhanced Cryptographic Provider v1.0');
535     {$ENDIF}
536   
537   {$IFDEF UNICODE}
538     MS_ENHANCED_PROV = MS_ENHANCED_PROV_W;
539   {$ELSE}
540     MS_ENHANCED_PROV = MS_ENHANCED_PROV_A;
541   {$ENDIF}
542   
543     MS_DEF_RSA_SIG_PROV_A    = 'Microsoft RSA Signature Cryptographic Provider';
544     {$IFNDEF VER90}
545       MS_DEF_RSA_SIG_PROV_W  = WideString('Microsoft RSA Signature Cryptographic Provider');
546     {$ELSE}
547       MS_DEF_RSA_SIG_PROV_W  = ('Microsoft RSA Signature Cryptographic Provider');
548     {$ENDIF}
549   
550   {$IFDEF UNICODE}
551     MS_DEF_RSA_SIG_PROV = MS_DEF_RSA_SIG_PROV_W;
552   {$ELSE}
553     MS_DEF_RSA_SIG_PROV = MS_DEF_RSA_SIG_PROV_A;
554   {$ENDIF}
555   
556     MS_DEF_RSA_SCHANNEL_PROV_A    = 'Microsoft Base RSA SChannel Cryptographic Provider';
557     {$IFNDEF VER90}
558       MS_DEF_RSA_SCHANNEL_PROV_W  = WideString('Microsoft Base RSA SChannel Cryptographic Provider');
559     {$ELSE}
560       MS_DEF_RSA_SCHANNEL_PROV_W  = ('Microsoft Base RSA SChannel Cryptographic Provider');
561     {$ENDIF}
562   
563   
564   {$IFDEF UNICODE}
565     MS_DEF_RSA_SCHANNEL_PROV = MS_DEF_RSA_SCHANNEL_PROV_W;
566   {$ELSE}
567     MS_DEF_RSA_SCHANNEL_PROV = MS_DEF_RSA_SCHANNEL_PROV_A;
568   {$ENDIF}
569   
570     MS_ENHANCED_RSA_SCHANNEL_PROV_A    = 'Microsoft Enhanced RSA SChannel Cryptographic Provider';
571     {$IFNDEF VER90}
572       MS_ENHANCED_RSA_SCHANNEL_PROV_W  = WideString('Microsoft Enhanced RSA SChannel Cryptographic Provider');
573     {$ELSE}
574       MS_ENHANCED_RSA_SCHANNEL_PROV_W  = ('Microsoft Enhanced RSA SChannel Cryptographic Provider');
575     {$ENDIF}
576   
577   {$IFDEF UNICODE}
578     MS_ENHANCED_RSA_SCHANNEL_PROV = MS_ENHANCED_RSA_SCHANNEL_PROV_W;
579   {$ELSE}
580     MS_ENHANCED_RSA_SCHANNEL_PROV = MS_ENHANCED_RSA_SCHANNEL_PROV_A;
581   {$ENDIF}
582   
583     MS_DEF_DSS_PROV_A    =  'Microsoft Base DSS Cryptographic Provider';
584     {$IFNDEF VER90}
585       MS_DEF_DSS_PROV_W  = WideString('Microsoft Base DSS Cryptographic Provider');
586     {$ELSE}
587       MS_DEF_DSS_PROV_W  = ('Microsoft Base DSS Cryptographic Provider');
588     {$ENDIF}
589   
590   {$IFDEF UNICODE}
591     MS_DEF_DSS_PROV = MS_DEF_DSS_PROV_W;
592   {$ELSE}
593     MS_DEF_DSS_PROV = MS_DEF_DSS_PROV_A;
594   {$ENDIF}
595   
596     MS_DEF_DSS_DH_PROV_A    = 'Microsoft Base DSS and Diffie-Hellman Cryptographic Provider';
597     {$IFNDEF VER90}
598       MS_DEF_DSS_DH_PROV_W  = WideString('Microsoft Base DSS and Diffie-Hellman Cryptographic Provider');
599     {$ELSE}
600       MS_DEF_DSS_DH_PROV_W  = ('Microsoft Base DSS and Diffie-Hellman Cryptographic Provider');
601     {$ENDIF}
602   
603   {$IFDEF UNICODE}
604     MS_DEF_DSS_DH_PROV = MS_DEF_DSS_DH_PROV_W;
605   {$ELSE}
606     MS_DEF_DSS_DH_PROV = MS_DEF_DSS_DH_PROV_A;
607   {$ENDIF}
608   
609   //Added Sept 2010 source Windows 7 SDK
610     MS_STRONG_PROV_A = 'Microsoft Strong Cryptographic Provider';
611     MS_ENH_RSA_AES_PROV_A = 'Microsoft Enhanced RSA and AES Cryptographic Provider';
612     MS_ENH_RSA_AES_PROV_XP_A = 'Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)';
613   
614   
615     MAXUIDLEN              = 64;
616     CUR_BLOB_VERSION       = 2;
617   
618   {structure for use with CryptSetHashParam with CALG_HMAC}
619   type
620     PHMAC_INFO = ^HMAC_INFO;
621     HMAC_INFO = record
622       HashAlgid     :ALG_ID;
623       pbInnerString :PBYTE;
624       cbInnerString :DWORD;
625       pbOuterString :PBYTE;
626       cbOuterString :DWORD;
627     end;
628   
629   // structure for use with CryptSetHashParam with CALG_HMAC
630   type
631     PSCHANNEL_ALG = ^SCHANNEL_ALG;
632     SCHANNEL_ALG  = record
633       dwUse :DWORD;
634       Algid :ALG_ID;
635       cBits :DWORD;
636     end;
637   
638   // uses of algortihms for SCHANNEL_ALG structure
639   const
640     SCHANNEL_MAC_KEY = $00000000;
641     SCHANNEL_ENC_KEY = $00000001;
642   
643   type
644     PPROV_ENUMALGS = ^PROV_ENUMALGS;
645     PROV_ENUMALGS = record
646       aiAlgid   :ALG_ID;
647       dwBitLen  :DWORD;
648       dwNameLen :DWORD;
649       szName    :array[0..20-1] of Char;
650     end ;
651   
652   type
653     PPROV_ENUMALGS_EX = ^PROV_ENUMALGS_EX;
654     PROV_ENUMALGS_EX = record
655       aiAlgid       :ALG_ID;
656       dwDefaultLen  :DWORD;
657       dwMinLen      :DWORD;
658       dwMaxLen      :DWORD;
659       dwProtocols   :DWORD;
660       dwNameLen     :DWORD;
661       szName        :array[0..20-1] of Char;
662       dwLongNameLen :DWORD;
663       szLongName    :array[0..40-1] of Char;
664       end;
665   
666   type
667     PPUBLICKEYSTRUC = ^PUBLICKEYSTRUC;
668     PUBLICKEYSTRUC = record
669       bType    :BYTE;
670       bVersion :BYTE;
671       reserved :Word;
672       aiKeyAlg :ALG_ID;
673     end;
674   
675   type
676     BLOBHEADER  = PUBLICKEYSTRUC;
677     PBLOBHEADER = ^BLOBHEADER;
678   
679   type
680     PRSAPUBKEY = ^RSAPUBKEY;
681     RSAPUBKEY = record
682       magic  :DWORD;  // Has to be RSA1
683       bitlen :DWORD;  // # of bits in modulus
684       pubexp :DWORD;  // public exponent
685                       // Modulus data follows
686       end;
687   
688   type
689     PPUBKEY = ^PUBKEY;
690     PUBKEY = record
691       magic  :DWORD;
692       bitlen :DWORD; // # of bits in modulus
693     end;
694   
695   type
696     DHPUBKEY  = PUBKEY;
697     DSSPUBKEY = PUBKEY;
698     KEAPUBKEY = PUBKEY;
699     TEKPUBKEY = PUBKEY;
700   
701   
702   type
703     PDSSSEED = ^DSSSEED;
704     DSSSEED = record
705       counter :DWORD;
706       seed    :array[0..20-1] of BYTE;
707     end;
708   
709   type
710     PKEY_TYPE_SUBTYPE = ^KEY_TYPE_SUBTYPE;
711     KEY_TYPE_SUBTYPE = record
712       dwKeySpec :DWORD;
713       Type_     :TGUID; {conflict with base Delphi type: original name 'Type'}
714       Subtype   :TGUID;
715     end;
716   
717   type
718     HCRYPTPROV  = ULONG;
719     PHCRYPTPROV = ^HCRYPTPROV;
720     HCRYPTKEY   = ULONG;
721     PHCRYPTKEY  = ^HCRYPTKEY;
722     HCRYPTHASH  = ULONG;
723     PHCRYPTHASH = ^HCRYPTHASH;
724   
725   function CryptAcquireContextA(phProv       :PHCRYPTPROV;
726                                 pszContainer :PAnsiChar;
727                                 pszProvider  :PAnsiChar;
728                                 dwProvType   :DWORD;
729                                 dwFlags      :DWORD) :BOOL;stdcall;
730   
731   function CryptAcquireContext(phProv        :PHCRYPTPROV;
732                                 pszContainer :LPAWSTR;
733                                 pszProvider  :LPAWSTR;
734                                 dwProvType   :DWORD;
735                                 dwFlags      :DWORD) :BOOL;stdcall;
736   
737   function CryptAcquireContextW(phProv       :PHCRYPTPROV;
738                                 pszContainer :PWideChar;
739                                 pszProvider  :PWideChar;
740                                 dwProvType   :DWORD;
741                                 dwFlags      :DWORD) :BOOL ;stdcall;
742   
743   
744   function CryptReleaseContext(hProv   :HCRYPTPROV;
745                                dwFlags :DWORD) :BOOL;stdcall;
746   
747   
748   
749   function CryptGenKey(hProv   :HCRYPTPROV;
750                        Algid   :ALG_ID;
751                        dwFlags :DWORD;
752                        phKey   :PHCRYPTKEY) :BOOL;stdcall ;
753   
754   
755   function CryptDeriveKey(hProv     :HCRYPTPROV;
756                           Algid     :ALG_ID;
757                           hBaseData :HCRYPTHASH;
758                           dwFlags   :DWORD;
759                           phKey     :PHCRYPTKEY) :BOOL;stdcall ;
760   
761   
762   
763   function CryptDestroyKey(hKey  :HCRYPTKEY) :BOOL;stdcall ;
764   
765   
766   function CryptSetKeyParam(hKey    :HCRYPTKEY;
767                             dwParam :DWORD;
768                             pbData  :PBYTE;
769                             dwFlags :DWORD) :BOOL;stdcall;
770   
771   
772   function CryptGetKeyParam(hKey       :HCRYPTKEY;
773                             dwParam    :DWORD;
774                             pbData     :PBYTE;
775                             pdwDataLen :PDWORD;
776                             dwFlags    :DWORD) :BOOL;stdcall;
777   
778   
779   function CryptSetHashParam(hHash   :HCRYPTHASH;
780                              dwParam :DWORD;
781                              pbData  :PBYTE;
782                              dwFlags :DWORD) :BOOL;stdcall;
783   
784   
785   function CryptGetHashParam(hHash      :HCRYPTHASH;
786                              dwParam    :DWORD;
787                              pbData     :PBYTE;
788                              pdwDataLen :PDWORD;
789                              dwFlags    :DWORD) :BOOL;stdcall;
790   
791   
792   function CryptSetProvParam(hProv   :HCRYPTPROV;
793                              dwParam :DWORD;
794                              pbData  :PBYTE;
795                              dwFlags :DWORD) :BOOL;stdcall;
796   
797   
798   function CryptGetProvParam(hProv      :HCRYPTPROV;
799                              dwParam    :DWORD;
800                              pbData     :PBYTE;
801                              pdwDataLen :PDWORD;
802                              dwFlags    :DWORD) :BOOL;stdcall;
803   
804   
805   function CryptGenRandom(hProv    :HCRYPTPROV;
806                           dwLen    :DWORD;
807                           pbBuffer :PBYTE) :BOOL;stdcall;
808   
809   
810   function CryptGetUserKey(hProv     :HCRYPTPROV;
811                            dwKeySpec :DWORD;
812                            phUserKey :PHCRYPTKEY) :BOOL;stdcall;
813   
814   
815   function CryptExportKey(hKey       :HCRYPTKEY;
816                           hExpKey    :HCRYPTKEY;
817                           dwBlobType :DWORD;
818                           dwFlags    :DWORD;
819                           pbData     :PBYTE;
820                           pdwDataLen :PDWORD) :BOOL;stdcall;
821   
822   
823   function CryptImportKey(hProv     :HCRYPTPROV;
824                           pbData    :PBYTE;
825                           dwDataLen :DWORD;
826                           hPubKey   :HCRYPTKEY;
827                           dwFlags   :DWORD;
828                           phKey     :PHCRYPTKEY) :BOOL;stdcall;
829   
830   
831   function CryptEncrypt(hKey       :HCRYPTKEY;
832                         hHash      :HCRYPTHASH;
833                         Final      :BOOL;
834                         dwFlags    :DWORD;
835                         pbData     :PBYTE;
836                         pdwDataLen :PDWORD;
837                         dwBufLen   :DWORD) :BOOL;stdcall;
838   
839   
840   function CryptDecrypt(hKey       :HCRYPTKEY;
841                         hHash      :HCRYPTHASH;
842                         Final      :BOOL;
843                         dwFlags    :DWORD;
844                         pbData     :PBYTE;
845                         pdwDataLen :PDWORD) :BOOL;stdcall;
846   
847   
848   function CryptCreateHash(hProv   :HCRYPTPROV;
849                            Algid   :ALG_ID;
850                            hKey    :HCRYPTKEY;
851                            dwFlags :DWORD;
852                            phHash  :PHCRYPTHASH) :BOOL;stdcall;
853   
854   
855   function CryptHashData(hHash       :HCRYPTHASH;
856                    const pbData      :PBYTE;
857                          dwDataLen   :DWORD;
858                          dwFlags     :DWORD) :BOOL;stdcall;
859   
860   
861   function CryptHashSessionKey(hHash   :HCRYPTHASH;
862                                hKey    :HCRYPTKEY;
863                                dwFlags :DWORD) :BOOL;stdcall;
864   
865   
866   function CryptDestroyHash(hHash :HCRYPTHASH) :BOOL;stdcall;
867   
868   
869   function CryptSignHashA(hHash        :HCRYPTHASH;
870                           dwKeySpec    :DWORD;
871                           sDescription :PAnsiChar;
872                           dwFlags      :DWORD;
873                           pbSignature  :PBYTE;
874                           pdwSigLen    :PDWORD) :BOOL;stdcall;
875   
876   
877   function CryptSignHash(hHash         :HCRYPTHASH;
878                           dwKeySpec    :DWORD;
879                           sDescription :LPAWSTR;
880                           dwFlags      :DWORD;
881                           pbSignature  :PBYTE;
882                           pdwSigLen    :PDWORD) :BOOL;stdcall;
883   
884   function CryptSignHashW(hHash        :HCRYPTHASH;
885                           dwKeySpec    :DWORD;
886                           sDescription :PWideChar;
887                           dwFlags      :DWORD;
888                           pbSignature  :PBYTE;
889                           pdwSigLen    :PDWORD) :BOOL;stdcall;
890   
891   function CryptSignHashU(hHash        :HCRYPTHASH;
892                           dwKeySpec    :DWORD;
893                           sDescription :PWideChar;
894                           dwFlags      :DWORD;
895                           pbSignature  :PBYTE;
896                           pdwSigLen    :PDWORD) :BOOL;stdcall;
897   
898   function CryptVerifySignatureA(hHash        :HCRYPTHASH;
899                            const pbSignature  :PBYTE;
900                                  dwSigLen     :DWORD;
901                                  hPubKey      :HCRYPTKEY;
902                                  sDescription :PAnsiChar;
903                                  dwFlags      :DWORD) :BOOL;stdcall;
904   
905   function CryptVerifySignature(hHash         :HCRYPTHASH;
906                           const pbSignature  :PBYTE;
907                                 dwSigLen     :DWORD;
908                                 hPubKey      :HCRYPTKEY;
909                                 sDescription :LPAWSTR;
910                                  dwFlags      :DWORD) :BOOL;stdcall;
911   
912   
913   function CryptVerifySignatureW(hHash        :HCRYPTHASH;
914                            const pbSignature  :PBYTE;
915                                  dwSigLen     :DWORD;
916                                  hPubKey      :HCRYPTKEY;
917                                  sDescription :PWideChar;
918                                  dwFlags      :DWORD) :BOOL;stdcall;
919   
920   
921   function CryptSetProviderA(pszProvName :PAnsiChar;
922                              dwProvType  :DWORD) :BOOL;stdcall;
923   
924   function CryptSetProvider(pszProvName :LPAWSTR;
925                              dwProvType :DWORD) :BOOL;stdcall;
926   
927   function CryptSetProviderW(pszProvName :PWideChar;
928                              dwProvType  :DWORD) :BOOL;stdcall;
929   
930   function CryptSetProviderU(pszProvName :PWideChar;
931                              dwProvType  :DWORD) :BOOL;stdcall;
932   
933   {$IFDEF NT5}
934   
935   function CryptSetProviderExA(pszProvName :LPCSTR;
936                                dwProvType  :DWORD;
937                                pdwReserved :PDWORD;
938                                dwFlags     :DWORD):BOOL;stdcall;
939   
940   function CryptSetProviderExW(pszProvName :LPCWSTR;
941                                dwProvType  :DWORD;
942                                pdwReserved :PDWORD;
943                                dwFlags     :DWORD):BOOL;stdcall;
944   
945   function CryptSetProviderEx(pszProvName :LPAWSTR;
946                               dwProvType  :DWORD;
947                               pdwReserved :PDWORD;
948                               dwFlags     :DWORD):BOOL;stdcall;
949   
950   
951   function CryptGetDefaultProviderA(dwProvType  :DWORD;
952                                     pdwReserved :DWORD;
953                                     dwFlags     :DWORD;
954                                     pszProvName :LPSTR;
955                                     pcbProvName :PDWORD):BOOL ; stdcall;
956   
957   function CryptGetDefaultProviderW(dwProvType  :DWORD;
958                                     pdwReserved :DWORD;
959                                     dwFlags     :DWORD;
960                                     pszProvName :LPWSTR;
961                                     pcbProvName :PDWORD):BOOL ; stdcall;
962   
963   function CryptGetDefaultProvider(dwProvType  :DWORD;
964                                    pdwReserved :DWORD;
965                                    dwFlags     :DWORD;
966                                    pszProvName :LPAWSTR;
967                                    pcbProvName :PDWORD):BOOL ; stdcall;
968   
969   function CryptEnumProviderTypesA(dwIndex     :DWORD;
970                                    pdwReserved :PDWORD;
971                                    dwFlags     :DWORD;
972                                    pdwProvType :PDWORD;
973                                    pszTypeName :LPSTR;
974                                    pcbTypeName :PDWORD):BOOL ; stdcall;
975   
976   function CryptEnumProviderTypesW(dwIndex     :DWORD;
977                                    pdwReserved :PDWORD;
978                                    dwFlags     :DWORD;
979                                    pdwProvType :PDWORD;
980                                    pszTypeName :LPWSTR;
981                                    pcbTypeName :PDWORD):BOOL ; stdcall;
982   
983   function CryptEnumProviderTypes(dwIndex     :DWORD;
984                                   pdwReserved :PDWORD;
985                                   dwFlags     :DWORD;
986                                   pdwProvType :PDWORD;
987                                   pszTypeName :LPAWSTR;
988                                   pcbTypeName :PDWORD):BOOL ; stdcall;
989   
990   function CryptEnumProvidersA(dwIndex     :DWORD;
991                                pdwReserved :PDWORD;
992                                dwFlags     :DWORD;
993                                pdwProvType :PDWORD;
994                                pszProvName :LPSTR;
995                                pcbProvName :PDWORD):BOOL ; stdcall;
996   
997   function CryptEnumProvidersW(dwIndex     :DWORD;
998                                pdwReserved :PDWORD;
999                                dwFlags     :DWORD;
1000                               pdwProvType :PDWORD;
1001                               pszProvName :LPWSTR;
1002                               pcbProvName :PDWORD):BOOL ; stdcall;
1003  
1004  // see http://msdn.microsoft.com/en-us/library/aa379929.aspx 
1005  function CryptEnumProviders(dwIndex      :DWORD;
1006                               pdwReserved :PDWORD;
1007                               dwFlags     :DWORD;
1008                               pdwProvType :PDWORD;
1009                               pszProvName :LPAWSTR;
1010                               pcbProvName :PDWORD):BOOL ; stdcall;
1011  
1012  function CryptContextAddRef(hProv       :HCRYPTPROV;
1013                              pdwReserved :PDWORD;
1014                              dwFlags     :DWORD):BOOL ; stdcall;
1015  
1016  function CryptDuplicateKey(hKey        :HCRYPTKEY;
1017                             pdwReserved :PDWORD;
1018                             dwFlags     :DWORD;
1019                             phKey       :PHCRYPTKEY):BOOL ; stdcall;
1020  
1021  function CryptDuplicateHash(hHash       :HCRYPTHASH;
1022                              pdwReserved :PDWORD;
1023                              dwFlags     :DWORD;
1024                              phHash      :PHCRYPTHASH):BOOL ; stdcall;
1025  
1026  {$ENDIF NT5}
1027  
1028  function CryptEnumProvidersU(dwIndex     :DWORD;
1029                               pdwReserved :PDWORD;
1030                               dwFlags     :DWORD;
1031                               pdwProvType :PDWORD;
1032                               pszProvName :LPWSTR;
1033                               pcbProvName :PDWORD):BOOL ; stdcall;
1034  
1035  //+-------------------------------------------------------------------------
1036  //  CRYPTOAPI BLOB definitions
1037  //--------------------------------------------------------------------------
1038  
1039  type
1040    PCRYPTOAPI_BLOB = ^CRYPTOAPI_BLOB;
1041    CRYPTOAPI_BLOB = record
1042      cbData :DWORD;
1043      pbData :PBYTE;
1044    end;
1045  
1046  type
1047    CRYPT_INTEGER_BLOB            = CRYPTOAPI_BLOB;
1048    PCRYPT_INTEGER_BLOB           = ^CRYPT_INTEGER_BLOB;
1049    CRYPT_UINT_BLOB               = CRYPTOAPI_BLOB;
1050    PCRYPT_UINT_BLOB              = ^CRYPT_UINT_BLOB;
1051    CRYPT_OBJID_BLOB              = CRYPTOAPI_BLOB;
1052    PCRYPT_OBJID_BLOB             = ^CRYPT_OBJID_BLOB;
1053    CERT_NAME_BLOB                = CRYPTOAPI_BLOB;
1054    PCERT_NAME_BLOB               = ^CERT_NAME_BLOB;
1055    CERT_RDN_VALUE_BLOB           = CRYPTOAPI_BLOB;
1056    PCERT_RDN_VALUE_BLOB          = ^CERT_RDN_VALUE_BLOB;
1057    CERT_BLOB                     = CRYPTOAPI_BLOB;
1058    PCERT_BLOB                    = ^CERT_BLOB;
1059    CRL_BLOB                      = CRYPTOAPI_BLOB;
1060    PCRL_BLOB                     = ^CRL_BLOB;
1061    DATA_BLOB                     = CRYPTOAPI_BLOB;
1062    PDATA_BLOB                    = ^DATA_BLOB;     // JEFFJEFF temporary (too generic)
1063    CRYPT_DATA_BLOB               = CRYPTOAPI_BLOB;
1064    PCRYPT_DATA_BLOB              = ^CRYPT_DATA_BLOB;
1065    CRYPT_HASH_BLOB               = CRYPTOAPI_BLOB;
1066    PCRYPT_HASH_BLOB              = ^CRYPT_HASH_BLOB;
1067    CRYPT_DIGEST_BLOB             = CRYPTOAPI_BLOB;
1068    PCRYPT_DIGEST_BLOB            = ^CRYPT_DIGEST_BLOB;
1069    CRYPT_DER_BLOB                = CRYPTOAPI_BLOB;
1070    PCRYPT_DER_BLOB               = ^CRYPT_DER_BLOB;
1071    CRYPT_ATTR_BLOB               = CRYPTOAPI_BLOB;
1072    PCRYPT_ATTR_BLOB              = ^CRYPT_ATTR_BLOB;
1073  
1074  //+-------------------------------------------------------------------------
1075  //  In a CRYPT_BIT_BLOB the last byte may contain 0-7 unused bits. Therefore, the
1076  //  overall bit length is cbData * 8 - cUnusedBits.
1077  //--------------------------------------------------------------------------
1078  
1079  type
1080    PCRYPT_BIT_BLOB = ^CRYPT_BIT_BLOB;
1081    CRYPT_BIT_BLOB = record
1082      cbData      :DWORD;
1083      pbData      :PBYTE;
1084      cUnusedBits :DWORD;
1085    end;
1086  
1087  //+-------------------------------------------------------------------------
1088  //  Type used for any algorithm
1089  //
1090  //  Where the Parameters CRYPT_OBJID_BLOB is in its encoded representation. For most
1091  //  algorithm types, the Parameters CRYPT_OBJID_BLOB is NULL (Parameters.cbData = 0).
1092  //--------------------------------------------------------------------------
1093  
1094  type
1095    PCRYPT_ALGORITHM_IDENTIFIER = ^CRYPT_ALGORITHM_IDENTIFIER;
1096    CRYPT_ALGORITHM_IDENTIFIER = record
1097      pszObjId   :LPSTR;
1098      Parameters :CRYPT_OBJID_BLOB;
1099    end;
1100  
1101  // Following are the definitions of various algorithm object identifiers
1102  // RSA
1103  const 
1104    szOID_RSA         = '1.2.840.113549';
1105    szOID_PKCS        = '1.2.840.113549.1';
1106    szOID_RSA_HASH    = '1.2.840.113549.2';
1107    szOID_RSA_ENCRYPT = '1.2.840.113549.3';
1108  
1109    szOID_PKCS_1      = '1.2.840.113549.1.1';
1110    szOID_PKCS_2      = '1.2.840.113549.1.2';
1111    szOID_PKCS_3      = '1.2.840.113549.1.3';
1112    szOID_PKCS_4      = '1.2.840.113549.1.4';
1113    szOID_PKCS_5      = '1.2.840.113549.1.5';
1114    szOID_PKCS_6      = '1.2.840.113549.1.6';
1115    szOID_PKCS_7      = '1.2.840.113549.1.7';
1116    szOID_PKCS_8      = '1.2.840.113549.1.8';
1117    szOID_PKCS_9      = '1.2.840.113549.1.9';
1118    szOID_PKCS_10     = '1.2.840.113549.1.10';
1119  
1120    szOID_RSA_RSA     = '1.2.840.113549.1.1.1';
1121    szOID_RSA_MD2RSA  = '1.2.840.113549.1.1.2';
1122    szOID_RSA_MD4RSA  = '1.2.840.113549.1.1.3';
1123    szOID_RSA_MD5RSA  = '1.2.840.113549.1.1.4';
1124    szOID_RSA_SHA1RSA = '1.2.840.113549.1.1.5';
1125    szOID_RSA_SETOAEP_RSA  = '1.2.840.113549.1.1.6';
1126  
1127    //Added Sept. 2010 source Windows 7 sdk
1128    szOID_RSAES_OAEP      =  '1.2.840.113549.1.1.7';
1129    szOID_RSA_MGF1        =  '1.2.840.113549.1.1.8';
1130    szOID_RSA_PSPECIFIED  =  '1.2.840.113549.1.1.9';
1131    szOID_RSA_SSA_PSS     =  '1.2.840.113549.1.1.10';
1132    szOID_RSA_SHA256RSA   =  '1.2.840.113549.1.1.11';
1133    szOID_RSA_SHA384RSA   =  '1.2.840.113549.1.1.12';
1134    szOID_RSA_SHA512RSA   =  '1.2.840.113549.1.1.13';
1135    
1136    szOID_RSA_data             = '1.2.840.113549.1.7.1';
1137    szOID_RSA_signedData       = '1.2.840.113549.1.7.2';
1138    szOID_RSA_envelopedData    = '1.2.840.113549.1.7.3';
1139    szOID_RSA_signEnvData      = '1.2.840.113549.1.7.4';
1140    szOID_RSA_digestedData     = '1.2.840.113549.1.7.5';
1141    szOID_RSA_hashedData       = '1.2.840.113549.1.7.5';
1142    szOID_RSA_encryptedData    = '1.2.840.113549.1.7.6';
1143  
1144    szOID_RSA_emailAddr           = '1.2.840.113549.1.9.1';
1145    szOID_RSA_unstructName        = '1.2.840.113549.1.9.2';
1146    szOID_RSA_contentType         = '1.2.840.113549.1.9.3';
1147    szOID_RSA_messageDigest       = '1.2.840.113549.1.9.4';
1148    szOID_RSA_signingTime         = '1.2.840.113549.1.9.5';
1149    szOID_RSA_counterSign         = '1.2.840.113549.1.9.6';
1150    szOID_RSA_challengePwd        = '1.2.840.113549.1.9.7';
1151    szOID_RSA_unstructAddr        = '1.2.840.113549.1.9.8';
1152    szOID_RSA_extCertAttrs        = '1.2.840.113549.1.9.9';
1153    szOID_RSA_SMIMECapabilities   = '1.2.840.113549.1.9.15';
1154    szOID_RSA_preferSignedData    = '1.2.840.113549.1.9.15.1';
1155  
1156    szOID_RSA_MD2 = '1.2.840.113549.2.2';
1157    szOID_RSA_MD4 = '1.2.840.113549.2.4';
1158    szOID_RSA_MD5 = '1.2.840.113549.2.5';
1159  
1160    szOID_RSA_RC2CBC        = '1.2.840.113549.3.2';
1161    szOID_RSA_RC4           = '1.2.840.113549.3.4';
1162    szOID_RSA_DES_EDE3_CBC  = '1.2.840.113549.3.7';
1163    szOID_RSA_RC5_CBCPad    = '1.2.840.113549.3.9';
1164  
1165  // ITU-T UsefulDefinitions
1166    szOID_DS          = '2.5';
1167    szOID_DSALG       = '2.5.8';
1168    szOID_DSALG_CRPT  = '2.5.8.1';
1169    szOID_DSALG_HASH  = '2.5.8.2';
1170    szOID_DSALG_SIGN  = '2.5.8.3';
1171    szOID_DSALG_RSA   = '2.5.8.1.1';
1172  
1173  // NIST OSE Implementors' Workshop (OIW)
1174  // http://nemo.ncsl.nist.gov/oiw/agreements/stable/OSI/12s_9506.w51
1175  // http://nemo.ncsl.nist.gov/oiw/agreements/working/OSI/12w_9503.w51
1176    szOID_OIW            = '1.3.14';
1177  // NIST OSE Implementors' Workshop (OIW) Security SIG algorithm identifiers
1178    szOID_OIWSEC         = '1.3.14.3.2';
1179    szOID_OIWSEC_md4RSA  = '1.3.14.3.2.2';
1180    szOID_OIWSEC_md5RSA  = '1.3.14.3.2.3';
1181    szOID_OIWSEC_md4RSA2 = '1.3.14.3.2.4';
1182    szOID_OIWSEC_desECB  = '1.3.14.3.2.6';
1183    szOID_OIWSEC_desCBC  = '1.3.14.3.2.7';
1184    szOID_OIWSEC_desOFB  = '1.3.14.3.2.8';
1185    szOID_OIWSEC_desCFB  = '1.3.14.3.2.9';
1186    szOID_OIWSEC_desMAC  = '1.3.14.3.2.10';
1187    szOID_OIWSEC_rsaSign = '1.3.14.3.2.11';
1188    szOID_OIWSEC_dsa     = '1.3.14.3.2.12';
1189    szOID_OIWSEC_shaDSA  = '1.3.14.3.2.13';
1190    szOID_OIWSEC_mdc2RSA = '1.3.14.3.2.14';
1191    szOID_OIWSEC_shaRSA  = '1.3.14.3.2.15';
1192    szOID_OIWSEC_dhCommMod = '1.3.14.3.2.16';
1193    szOID_OIWSEC_desEDE    = '1.3.14.3.2.17';
1194    szOID_OIWSEC_sha       = '1.3.14.3.2.18';
1195    szOID_OIWSEC_mdc2      = '1.3.14.3.2.19';
1196    szOID_OIWSEC_dsaComm   = '1.3.14.3.2.20';
1197    szOID_OIWSEC_dsaCommSHA  = '1.3.14.3.2.21';
1198    szOID_OIWSEC_rsaXchg     = '1.3.14.3.2.22';
1199    szOID_OIWSEC_keyHashSeal = '1.3.14.3.2.23';
1200    szOID_OIWSEC_md2RSASign  = '1.3.14.3.2.24';
1201    szOID_OIWSEC_md5RSASign  = '1.3.14.3.2.25';
1202    szOID_OIWSEC_sha1        = '1.3.14.3.2.26';
1203    szOID_OIWSEC_dsaSHA1     = '1.3.14.3.2.27';
1204    szOID_OIWSEC_dsaCommSHA1 =  '1.3.14.3.2.28';
1205    szOID_OIWSEC_sha1RSASign =  '1.3.14.3.2.29';
1206  // NIST OSE Implementors' Workshop (OIW) Directory SIG algorithm identifiers
1207    szOID_OIWDIR             = '1.3.14.7.2';
1208    szOID_OIWDIR_CRPT        = '1.3.14.7.2.1';
1209    szOID_OIWDIR_HASH        = '1.3.14.7.2.2';
1210    szOID_OIWDIR_SIGN        = '1.3.14.7.2.3';
1211    szOID_OIWDIR_md2         = '1.3.14.7.2.2.1';
1212    szOID_OIWDIR_md2RSA      = '1.3.14.7.2.3.1';
1213  
1214  
1215  // INFOSEC Algorithms
1216  // joint-iso-ccitt(2) country(16) us(840) organization(1) us-government(101) dod(2) id-infosec(1)
1217    szOID_INFOSEC                       = '2.16.840.1.101.2.1';
1218    szOID_INFOSEC_sdnsSignature         = '2.16.840.1.101.2.1.1.1';
1219    szOID_INFOSEC_mosaicSignature       = '2.16.840.1.101.2.1.1.2';
1220    szOID_INFOSEC_sdnsConfidentiality   = '2.16.840.1.101.2.1.1.3';
1221    szOID_INFOSEC_mosaicConfidentiality = '2.16.840.1.101.2.1.1.4';
1222    szOID_INFOSEC_sdnsIntegrity         = '2.16.840.1.101.2.1.1.5';
1223    szOID_INFOSEC_mosaicIntegrity       = '2.16.840.1.101.2.1.1.6';
1224    szOID_INFOSEC_sdnsTokenProtection   = '2.16.840.1.101.2.1.1.7';
1225    szOID_INFOSEC_mosaicTokenProtection = '2.16.840.1.101.2.1.1.8';
1226    szOID_INFOSEC_sdnsKeyManagement     = '2.16.840.1.101.2.1.1.9';
1227    szOID_INFOSEC_mosaicKeyManagement   = '2.16.840.1.101.2.1.1.10';
1228    szOID_INFOSEC_sdnsKMandSig          = '2.16.840.1.101.2.1.1.11';
1229    szOID_INFOSEC_mosaicKMandSig        = '2.16.840.1.101.2.1.1.12';
1230    szOID_INFOSEC_SuiteASignature       = '2.16.840.1.101.2.1.1.13';
1231    szOID_INFOSEC_SuiteAConfidentiality = '2.16.840.1.101.2.1.1.14';
1232    szOID_INFOSEC_SuiteAIntegrity       = '2.16.840.1.101.2.1.1.15';
1233    szOID_INFOSEC_SuiteATokenProtection = '2.16.840.1.101.2.1.1.16';
1234    szOID_INFOSEC_SuiteAKeyManagement   = '2.16.840.1.101.2.1.1.17';
1235    szOID_INFOSEC_SuiteAKMandSig        = '2.16.840.1.101.2.1.1.18';
1236    szOID_INFOSEC_mosaicUpdatedSig      = '2.16.840.1.101.2.1.1.19';
1237    szOID_INFOSEC_mosaicKMandUpdSig     = '2.16.840.1.101.2.1.1.20';
1238    szOID_INFOSEC_mosaicUpdatedInteg    = '2.16.840.1.101.2.1.1.21';
1239  
1240  type
1241    PCRYPT_OBJID_TABLE = ^CRYPT_OBJID_TABLE;
1242    CRYPT_OBJID_TABLE = record
1243      dwAlgId  :DWORD;
1244      pszObjId :LPCSTR;
1245    end;
1246  
1247  //+-------------------------------------------------------------------------
1248  //  PKCS #1 HashInfo (DigestInfo)
1249  //--------------------------------------------------------------------------
1250  
1251  type
1252    PCRYPT_HASH_INFO = ^CRYPT_HASH_INFO;
1253    CRYPT_HASH_INFO = record
1254      HashAlgorithm :CRYPT_ALGORITHM_IDENTIFIER;
1255      Hash :CRYPT_HASH_BLOB;
1256    end;
1257  
1258  //+-------------------------------------------------------------------------
1259  //  Type used for an extension to an encoded content
1260  //
1261  //  Where the Value's CRYPT_OBJID_BLOB is in its encoded representation.
1262  //--------------------------------------------------------------------------
1263  
1264  type
1265    PCERT_EXTENSION = ^CERT_EXTENSION;
1266    CERT_EXTENSION = record
1267      pszObjId :LPSTR;
1268      fCritical :BOOL;
1269      Value :CRYPT_OBJID_BLOB;
1270    end;
1271  
1272  //+-------------------------------------------------------------------------
1273  //  AttributeTypeValue
1274  //
1275  //  Where the Value's CRYPT_OBJID_BLOB is in its encoded representation.
1276  //--------------------------------------------------------------------------
1277  
1278  type
1279    PCRYPT_ATTRIBUTE_TYPE_VALUE =^CRYPT_ATTRIBUTE_TYPE_VALUE;
1280    CRYPT_ATTRIBUTE_TYPE_VALUE = record
1281      pszObjId :LPSTR;
1282      Value :CRYPT_OBJID_BLOB;
1283    end;
1284  
1285  //+-------------------------------------------------------------------------
1286  //  Attributes
1287  //
1288  //  Where the Value's PATTR_BLOBs are in their encoded representation.
1289  //--------------------------------------------------------------------------
1290  
1291  type
1292    PCRYPT_ATTRIBUTE = ^CRYPT_ATTRIBUTE;
1293    CRYPT_ATTRIBUTE = record
1294       pszObjId :LPSTR;
1295       cValue :DWORD;
1296       rgValue :PCRYPT_ATTR_BLOB;
1297    end;
1298  
1299  type
1300    PCRYPT_ATTRIBUTES =^CRYPT_ATTRIBUTES;
1301    CRYPT_ATTRIBUTES = record
1302      cAttr  :DWORD; {IN}
1303      rgAttr :PCRYPT_ATTRIBUTE; {IN}
1304    end;
1305  
1306  //+-------------------------------------------------------------------------
1307  //  Attributes making up a Relative Distinguished Name (CERT_RDN)
1308  //
1309  //  The interpretation of the Value depends on the dwValueType.
1310  //  See below for a list of the types.
1311  //--------------------------------------------------------------------------
1312  
1313  type
1314    PCERT_RDN_ATTR = ^CERT_RDN_ATTR;
1315    CERT_RDN_ATTR = record
1316      pszObjId :LPSTR;
1317      dwValueType :DWORD;
1318      Value :CERT_RDN_VALUE_BLOB;
1319    end;
1320  
1321  //+-------------------------------------------------------------------------
1322  //  CERT_RDN attribute Object Identifiers
1323  //--------------------------------------------------------------------------
1324  // Labeling attribute types:
1325  const 
1326    szOID_COMMON_NAME          = '2.5.4.3';  // case-ignore string
1327    szOID_SUR_NAME             = '2.5.4.4';  // case-ignore string
1328    szOID_DEVICE_SERIAL_NUMBER = '2.5.4.5';  // printable string
1329  
1330  // Geographic attribute types:
1331    szOID_COUNTRY_NAME            = '2.5.4.6';  // printable 2char string
1332    szOID_LOCALITY_NAME           = '2.5.4.7';  // case-ignore string
1333    szOID_STATE_OR_PROVINCE_NAME  = '2.5.4.8';  // case-ignore string
1334    szOID_STREET_ADDRESS          = '2.5.4.9';  // case-ignore string
1335  
1336  // Organizational attribute types:
1337    szOID_ORGANIZATION_NAME          = '2.5.4.10';// case-ignore string
1338    szOID_ORGANIZATIONAL_UNIT_NAME   = '2.5.4.11'; // case-ignore string
1339    szOID_TITLE                      = '2.5.4.12'; // case-ignore string
1340  
1341  // Explanatory attribute types:
1342    szOID_DESCRIPTION          = '2.5.4.13'; // case-ignore string
1343    szOID_SEARCH_GUIDE         = '2.5.4.14';
1344    szOID_BUSINESS_CATEGORY    = '2.5.4.15'; // case-ignore string
1345  
1346  // Postal addressing attribute types:
1347    szOID_POSTAL_ADDRESS       = '2.5.4.16';
1348    szOID_POSTAL_CODE          = '2.5.4.17'; // case-ignore string
1349    szOID_POST_OFFICE_BOX      = '2.5.4.18'; // case-ignore string
1350    szOID_PHYSICAL_DELIVERY_OFFICE_NAME = '2.5.4.19'; // case-ignore string
1351  
1352  // Telecommunications addressing attribute types:
1353    szOID_TELEPHONE_NUMBER              = '2.5.4.20'; // telephone number
1354    szOID_TELEX_NUMBER                  = '2.5.4.21';
1355    szOID_TELETEXT_TERMINAL_IDENTIFIER  = '2.5.4.22';
1356    szOID_FACSIMILE_TELEPHONE_NUMBER    = '2.5.4.23';
1357    szOID_X21_ADDRESS                   = '2.5.4.24'; // numeric string
1358    szOID_INTERNATIONAL_ISDN_NUMBER     = '2.5.4.25'; // numeric string
1359    szOID_REGISTERED_ADDRESS            = '2.5.4.26';
1360    szOID_DESTINATION_INDICATOR         = '2.5.4.27'; // printable string
1361  
1362  // Preference attribute types:
1363    szOID_PREFERRED_DELIVERY_METHOD     = '2.5.4.28';
1364  
1365  // OSI application attribute types:
1366    szOID_PRESENTATION_ADDRESS          = '2.5.4.29';
1367    szOID_SUPPORTED_APPLICATION_CONTEXT = '2.5.4.30';
1368  
1369  // Relational application attribute types:
1370    szOID_MEMBER                        = '2.5.4.31';
1371    szOID_OWNER                         = '2.5.4.32';
1372    szOID_ROLE_OCCUPANT                 = '2.5.4.33';
1373    szOID_SEE_ALSO                      = '2.5.4.34';
1374  
1375  // Security attribute types:
1376    szOID_USER_PASSWORD                 = '2.5.4.35';
1377    szOID_USER_CERTIFICATE              = '2.5.4.36';
1378    szOID_CA_CERTIFICATE                = '2.5.4.37';
1379    szOID_AUTHORITY_REVOCATION_LIST     = '2.5.4.38';
1380    szOID_CERTIFICATE_REVOCATION_LIST   = '2.5.4.39';
1381    szOID_CROSS_CERTIFICATE_PAIR        = '2.5.4.40';
1382  
1383  // Undocumented attribute types???
1384  //#define szOID_???                         '2.5.4.41'
1385    szOID_GIVEN_NAME                    = '2.5.4.42'; // case-ignore string
1386    szOID_INITIALS                      = '2.5.4.43'; // case-ignore string
1387  
1388  // Pilot user attribute types:
1389    szOID_DOMAIN_COMPONENT      = '0.9.2342.19200300.100.1.25'; // IA5 string
1390  
1391    szOID_ID1 = '0.9.2342.19200300.100.1.1';
1392  
1393  
1394  //+-------------------------------------------------------------------------
1395  //  CERT_RDN Attribute Value Types
1396  //
1397  //  For RDN_ENCODED_BLOB, the Value's CERT_RDN_VALUE_BLOB is in its encoded
1398  //  representation. Otherwise, its an array of bytes.
1399  //
1400  //  For all CERT_RDN types, Value.cbData is always the number of bytes, not
1401  //  necessarily the number of elements in the string. For instance,
1402  //  RDN_UNIVERSAL_STRING is an array of ints (cbData == intCnt * 4) and
1403  //  RDN_BMP_STRING is an array of unsigned shorts (cbData == ushortCnt * 2).
1404  //
1405  //  For CertDecodeName, two 0 bytes are always appended to the end of the
1406  //  string (ensures a CHAR or WCHAR string is null terminated).
1407  //  These added 0 bytes are't included in the BLOB.cbData.
1408  //--------------------------------------------------------------------------
1409  
1410  const 
1411    CERT_RDN_ANY_TYPE             = 0;
1412    CERT_RDN_ENCODED_BLOB         = 1;
1413    CERT_RDN_OCTET_STRING         = 2;
1414    CERT_RDN_NUMERIC_STRING       = 3;
1415    CERT_RDN_PRINTABLE_STRING     = 4;
1416    CERT_RDN_TELETEX_STRING       = 5;
1417    CERT_RDN_T61_STRING           = 5;
1418    CERT_RDN_VIDEOTEX_STRING      = 6;
1419    CERT_RDN_IA5_STRING           = 7;
1420    CERT_RDN_GRAPHIC_STRING       = 8;
1421    CERT_RDN_VISIBLE_STRING       = 9;
1422    CERT_RDN_ISO646_STRING        = 9;
1423    CERT_RDN_GENERAL_STRING       = 10;
1424    CERT_RDN_UNIVERSAL_STRING     = 11;
1425    CERT_RDN_INT4_STRING          = 11;
1426    CERT_RDN_BMP_STRING           = 12;
1427    CERT_RDN_UNICODE_STRING       = 12;
1428  
1429  
1430  // Macro to check that the dwValueType is a character string and not an
1431  // encoded blob or octet string
1432  function IS_CERT_RDN_CHAR_STRING(X :DWORD) :BOOL;
1433  
1434  //+-------------------------------------------------------------------------
1435  //  A CERT_RDN consists of an array of the above attributes
1436  //--------------------------------------------------------------------------
1437  
1438  type
1439    PCERT_RDN = ^CERT_RDN;
1440    CERT_RDN = record
1441      cRDNAttr :DWORD;
1442      rgRDNAttr :PCERT_RDN_ATTR;
1443    end;
1444  
1445  //+-------------------------------------------------------------------------
1446  //  Information stored in a subject's or issuer's name. The information
1447  //  is represented as an array of the above RDNs.
1448  //--------------------------------------------------------------------------
1449  
1450  type
1451    PCERT_NAME_INFO = ^CERT_NAME_INFO;
1452    CERT_NAME_INFO = record
1453      cRDN :DWORD;
1454      rgRDN :PCERT_RDN;
1455    end;
1456  
1457  //+-------------------------------------------------------------------------
1458  //  Name attribute value without the Object Identifier
1459  //
1460  //  The interpretation of the Value depends on the dwValueType.
1461  //  See above for a list of the types.
1462  //--------------------------------------------------------------------------
1463  
1464  type
1465    PCERT_NAME_VALUE = ^CERT_NAME_VALUE;
1466    CERT_NAME_VALUE = record
1467      dwValueType :DWORD;
1468      Value :CERT_RDN_VALUE_BLOB;
1469    end;
1470  
1471  //+-------------------------------------------------------------------------
1472  //  Public Key Info
1473  //
1474  //  The PublicKey is the encoded representation of the information as it is
1475  //  stored in the bit string
1476  //--------------------------------------------------------------------------
1477  
1478  type
1479    PCERT_PUBLIC_KEY_INFO = ^CERT_PUBLIC_KEY_INFO;
1480    CERT_PUBLIC_KEY_INFO = record
1481      Algorithm :CRYPT_ALGORITHM_IDENTIFIER;
1482      PublicKey :CRYPT_BIT_BLOB;
1483    end;
1484  
1485  const 
1486    CERT_RSA_PUBLIC_KEY_OBJID        = szOID_RSA_RSA;
1487    CERT_DEFAULT_OID_PUBLIC_KEY_SIGN = szOID_RSA_RSA;
1488    CERT_DEFAULT_OID_PUBLIC_KEY_XCHG = szOID_RSA_RSA;
1489  
1490  //+-------------------------------------------------------------------------
1491  //  Information stored in a certificate
1492  //
1493  //  The Issuer, Subject, Algorithm, PublicKey and Extension BLOBs are the
1494  //  encoded representation of the information.
1495  //--------------------------------------------------------------------------
1496  
1497  type
1498    PCERT_INFO = ^CERT_INFO;
1499    CERT_INFO = record
1500      dwVersion              :DWORD;
1501      SerialNumber           :CRYPT_INTEGER_BLOB;
1502      SignatureAlgorithm     :CRYPT_ALGORITHM_IDENTIFIER;
1503      Issuer                 :CERT_NAME_BLOB;
1504      NotBefore              :TFILETIME;
1505      NotAfter               :TFILETIME;
1506      Subject                :CERT_NAME_BLOB;
1507      SubjectPublicKeyInfo   :CERT_PUBLIC_KEY_INFO;
1508      IssuerUniqueId         :CRYPT_BIT_BLOB;
1509      SubjectUniqueId        :CRYPT_BIT_BLOB;
1510      cExtension             :DWORD;
1511      rgExtension            :PCERT_EXTENSION;
1512    end;
1513  
1514  //+-------------------------------------------------------------------------
1515  //  Certificate versions
1516  //--------------------------------------------------------------------------
1517  const 
1518    CERT_V1 = 0;
1519    CERT_V2 = 1;
1520    CERT_V3 = 2;
1521  
1522  //+-------------------------------------------------------------------------
1523  //  Certificate Information Flags
1524  //--------------------------------------------------------------------------
1525  
1526    CERT_INFO_VERSION_FLAG                 = 1;
1527    CERT_INFO_SERIAL_NUMBER_FLAG           = 2;
1528    CERT_INFO_SIGNATURE_ALGORITHM_FLAG     = 3;
1529    CERT_INFO_ISSUER_FLAG                  = 4;
1530    CERT_INFO_NOT_BEFORE_FLAG              = 5;
1531    CERT_INFO_NOT_AFTER_FLAG               = 6;
1532    CERT_INFO_SUBJECT_FLAG                 = 7;
1533    CERT_INFO_SUBJECT_PUBLIC_KEY_INFO_FLAG = 8;
1534    CERT_INFO_ISSUER_UNIQUE_ID_FLAG        = 9;
1535    CERT_INFO_SUBJECT_UNIQUE_ID_FLAG       = 10;
1536    CERT_INFO_EXTENSION_FLAG               = 11;
1537  
1538  //+-------------------------------------------------------------------------
1539  //  An entry in a CRL
1540  //
1541  //  The Extension BLOBs are the encoded representation of the information.
1542  //--------------------------------------------------------------------------
1543  
1544  type
1545    PCRL_ENTRY = ^CRL_ENTRY;
1546    CRL_ENTRY = record
1547      SerialNumber :CRYPT_INTEGER_BLOB;
1548      RevocationDate :TFILETIME;
1549      cExtension :DWORD;
1550      rgExtension :PCERT_EXTENSION;
1551    end;
1552  
1553  //+-------------------------------------------------------------------------
1554  //  Information stored in a CRL
1555  //
1556  //  The Issuer, Algorithm and Extension BLOBs are the encoded
1557  //  representation of the information.
1558  //--------------------------------------------------------------------------
1559  
1560  type
1561    PCRL_INFO = ^CRL_INFO;
1562    CRL_INFO = record
1563      dwVersion           :DWORD;
1564      SignatureAlgorithm  :CRYPT_ALGORITHM_IDENTIFIER;
1565      Issuer              :CERT_NAME_BLOB;
1566      ThisUpdate          :TFILETIME;
1567      NextUpdate          :TFILETIME;
1568      cCRLEntry           :DWORD;
1569      rgCRLEntry          :PCRL_ENTRY;
1570      cExtension          :DWORD;
1571      rgExtension         :PCERT_EXTENSION;
1572    end;
1573  
1574  //+-------------------------------------------------------------------------
1575  //  CRL versions
1576  //--------------------------------------------------------------------------
1577  const 
1578    CRL_V1 = 0;
1579    CRL_V2 = 1;
1580  
1581  //+-------------------------------------------------------------------------
1582  //  Information stored in a certificate request
1583  //
1584  //  The Subject, Algorithm, PublicKey and Attribute BLOBs are the encoded
1585  //  representation of the information.
1586  //--------------------------------------------------------------------------
1587  
1588  type
1589    PCERT_REQUEST_INFO = ^CERT_REQUEST_INFO;
1590    CERT_REQUEST_INFO = record
1591      dwVersion            :DWORD;
1592      Subject              :CERT_NAME_BLOB;
1593      SubjectPublicKeyInfo :CERT_PUBLIC_KEY_INFO;
1594      cAttribute           :DWORD;
1595      rgAttribute          :PCRYPT_ATTRIBUTE;
1596    end;
1597  
1598  //+-------------------------------------------------------------------------
1599  //  Certificate Request versions
1600  //--------------------------------------------------------------------------
1601  const CERT_REQUEST_V1 = 0;
1602  
1603  //+-------------------------------------------------------------------------
1604  //  Information stored in Netscape's Keygen request
1605  //--------------------------------------------------------------------------
1606  type
1607    PCERT_KEYGEN_REQUEST_INFO = ^CERT_KEYGEN_REQUEST_INFO;
1608    CERT_KEYGEN_REQUEST_INFO = record
1609      dwVersion            :DWORD;
1610      SubjectPublicKeyInfo :CERT_PUBLIC_KEY_INFO;
1611      pwszChallengeString  :LPWSTR;        // encoded as IA5
1612    end;
1613  
1614  const 
1615    CERT_KEYGEN_REQUEST_V1 = 0;
1616  
1617  
1618  //+-------------------------------------------------------------------------
1619  //  Certificate, CRL, Certificate Request or Keygen Request Signed Content
1620  //
1621  //  The "to be signed" encoded content plus its signature. The ToBeSigned
1622  //  is the encoded CERT_INFO, CRL_INFO, CERT_REQUEST_INFO or
1623  //  CERT_KEYGEN_REQUEST_INFO.
1624  //--------------------------------------------------------------------------
1625  type
1626    PCERT_SIGNED_CONTENT_INFO = ^CERT_SIGNED_CONTENT_INFO;
1627    CERT_SIGNED_CONTENT_INFO = record
1628      ToBeSigned          :CRYPT_DER_BLOB;
1629      SignatureAlgorithm  :CRYPT_ALGORITHM_IDENTIFIER;
1630      Signature           :CRYPT_BIT_BLOB;
1631  end;
1632  
1633  //+-------------------------------------------------------------------------
1634  //  Certificate Trust List (CTL)
1635  //--------------------------------------------------------------------------
1636  
1637  //+-------------------------------------------------------------------------
1638  //  CTL Usage. Also used for EnhancedKeyUsage extension.
1639  //--------------------------------------------------------------------------
1640  
1641  type
1642    PCTL_USAGE =^CTL_USAGE;
1643    CTL_USAGE = record
1644      cUsageIdentifier :DWORD;
1645      rgpszUsageIdentifier :PLPSTR;      // array of pszObjId
1646    end;
1647  
1648  type
1649    CERT_ENHKEY_USAGE = CTL_USAGE;
1650    PCERT_ENHKEY_USAGE = ^CERT_ENHKEY_USAGE;
1651  
1652  
1653  //+-------------------------------------------------------------------------
1654  //  An entry in a CTL
1655  //--------------------------------------------------------------------------
1656  type
1657    PCTL_ENTRY = ^CTL_ENTRY;
1658    CTL_ENTRY = record
1659      SubjectIdentifier :CRYPT_DATA_BLOB;    // For example, its hash
1660      cAttribute        :DWORD;
1661      rgAttribute       :PCRYPT_ATTRIBUTE;   // OPTIONAL
1662    end;
1663  
1664  //+-------------------------------------------------------------------------
1665  //  Information stored in a CTL
1666  //--------------------------------------------------------------------------
1667  type
1668    PCTL_INFO = ^CTL_INFO;
1669    CTL_INFO = record
1670      dwVersion           :DWORD;
1671      SubjectUsage        :CTL_USAGE;
1672      ListIdentifier      :CRYPT_DATA_BLOB;     // OPTIONAL
1673      SequenceNumber      :CRYPT_INTEGER_BLOB;  // OPTIONAL
1674      ThisUpdate          :TFILETIME;
1675      NextUpdate          :TFILETIME;           // OPTIONAL
1676      SubjectAlgorithm    :CRYPT_ALGORITHM_IDENTIFIER;
1677      cCTLEntry           :DWORD;
1678      rgCTLEntry          :PCTL_ENTRY;          // OPTIONAL
1679      cExtension          :DWORD;
1680      rgExtension         :PCERT_EXTENSION;     // OPTIONAL
1681    end;
1682  
1683  //+-------------------------------------------------------------------------
1684  //  CTL versions
1685  //--------------------------------------------------------------------------
1686  const 
1687    CTL_V1 = 0;
1688  
1689  //+-------------------------------------------------------------------------
1690  //  TimeStamp Request
1691  //
1692  //  The pszTimeStamp is the OID for the Time type requested
1693  //  The pszContentType is the Content Type OID for the content, usually DATA
1694  //  The Content is a un-decoded blob
1695  //--------------------------------------------------------------------------
1696  
1697  type
1698    PCRYPT_TIME_STAMP_REQUEST_INFO = ^CRYPT_TIME_STAMP_REQUEST_INFO;
1699    CRYPT_TIME_STAMP_REQUEST_INFO = record
1700      pszTimeStampAlgorithm :LPSTR;   // pszObjId
1701      pszContentType        :LPSTR;   // pszObjId
1702      Content               :CRYPT_OBJID_BLOB;
1703      cAttribute            :DWORD;
1704      rgAttribute           :PCRYPT_ATTRIBUTE;
1705    end;
1706  
1707  //+-------------------------------------------------------------------------
1708  //  Certificate and Message encoding types
1709  //
1710  //  The encoding type is a DWORD containing both the certificate and message
1711  //  encoding types. The certificate encoding type is stored in the LOWORD.
1712  //  The message encoding type is stored in the HIWORD. Some functions or
1713  //  structure fields require only one of the encoding types. The following
1714  //  naming convention is used to indicate which encoding type(s) are
1715  //  required:
1716  //      dwEncodingType              (both encoding types are required)
1717  //      dwMsgAndCertEncodingType    (both encoding types are required)
1718  //      dwMsgEncodingType           (only msg encoding type is required)
1719  //      dwCertEncodingType          (only cert encoding type is required)
1720  //
1721  //  Its always acceptable to specify both.
1722  //--------------------------------------------------------------------------
1723  
1724  const 
1725    CERT_ENCODING_TYPE_MASK = $0000FFFF;
1726    CMSG_ENCODING_TYPE_MASK = $FFFF0000;
1727  
1728  //#define GET_CERT_ENCODING_TYPE(X)   (X & CERT_ENCODING_TYPE_MASK)
1729  //#define GET_CMSG_ENCODING_TYPE(X)   (X & CMSG_ENCODING_TYPE_MASK)
1730  function GET_CERT_ENCODING_TYPE(X :DWORD):DWORD;
1731  function GET_CMSG_ENCODING_TYPE(X :DWORD):DWORD;
1732  
1733  const 
1734    CRYPT_ASN_ENCODING  = $00000001;
1735    CRYPT_NDR_ENCODING = $00000002;
1736    X509_ASN_ENCODING = $00000001;
1737    X509_NDR_ENCODING = $00000002;
1738    PKCS_7_ASN_ENCODING = $00010000;
1739    PKCS_7_NDR_ENCODING = $00020000;
1740  
1741  //+-------------------------------------------------------------------------
1742  //  format the specified data structure according to the certificate
1743  //  encoding type.
1744  //
1745  //--------------------------------------------------------------------------
1746  
1747  function CryptFormatObject(dwCertEncodingType :DWORD;
1748                             dwFormatType       :DWORD;
1749                             dwFormatStrType    :DWORD;
1750                             pFormatStruct      :PVOID;
1751                             lpszStructType     :LPCSTR;
1752                       const pbEncoded          :PBYTE;
1753                             cbEncoded          :DWORD;
1754                             pbFormat           :PVOID;
1755                             pcbFormat          :PDWORD):BOOL ; stdcall;
1756  
1757  //+-------------------------------------------------------------------------
1758  //  Encode / decode the specified data structure according to the certificate
1759  //  encoding type.
1760  //
1761  //  See below for a list of the predefined data structures.
1762  //--------------------------------------------------------------------------
1763  
1764  function CryptEncodeObject(dwCertEncodingType :DWORD;
1765                             lpszStructType     :LPCSTR;
1766                       const pvStructInfo       :PVOID;
1767                             pbEncoded          :PBYTE;
1768                             pcbEncoded         :PDWORD ):BOOL ; stdcall;
1769  
1770  function CryptDecodeObject(dwCertEncodingType :DWORD;
1771                             lpszStructType     :LPCSTR;
1772                       const pbEncoded          :PBYTE;
1773                             cbEncoded          :DWORD;
1774                             dwFlags            :DWORD;
1775                             pvStructInfo       :PVOID;
1776                             pcbStructInfo      :PDWORD):BOOL ; stdcall;
1777  
1778  // When the following flag is set the nocopy optimization is enabled.
1779  // This optimization where appropriate, updates the pvStructInfo fields
1780  // to point to content residing within pbEncoded instead of making a copy
1781  // of and appending to pvStructInfo.
1782  //
1783  // Note, when set, pbEncoded can't be freed until pvStructInfo is freed.
1784  const 
1785    CRYPT_DECODE_NOCOPY_FLAG = $1;
1786  
1787  //+-------------------------------------------------------------------------
1788  //  Predefined X509 certificate data structures that can be encoded / decoded.
1789  //--------------------------------------------------------------------------
1790    CRYPT_ENCODE_DECODE_NONE         = 0;
1791    X509_CERT                        = (LPCSTR(1));
1792    X509_CERT_TO_BE_SIGNED           = (LPCSTR(2));
1793    X509_CERT_CRL_TO_BE_SIGNED       = (LPCSTR(3));
1794    X509_CERT_REQUEST_TO_BE_SIGNED   = (LPCSTR(4));
1795    X509_EXTENSIONS                  = (LPCSTR(5));
1796    X509_NAME_VALUE                  = (LPCSTR(6));
1797    X509_NAME                        = (LPCSTR(7));
1798    X509_PUBLIC_KEY_INFO             = (LPCSTR(8));
1799  
1800  //+-------------------------------------------------------------------------
1801  //  Predefined X509 certificate extension data structures that can be
1802  //  encoded / decoded.
1803  //--------------------------------------------------------------------------
1804    X509_AUTHORITY_KEY_ID            = (LPCSTR(9));
1805    X509_KEY_ATTRIBUTES              = (LPCSTR(10));
1806    X509_KEY_USAGE_RESTRICTION       = (LPCSTR(11));
1807    X509_ALTERNATE_NAME              = (LPCSTR(12));
1808    X509_BASIC_CONSTRAINTS          = (LPCSTR(13));
1809    X509_KEY_USAGE                   = (LPCSTR(14));
1810    X509_BASIC_CONSTRAINTS2          = (LPCSTR(15));
1811    X509_CERT_POLICIES               = (LPCSTR(16));
1812  
1813  //+-------------------------------------------------------------------------
1814  //  Additional predefined data structures that can be encoded / decoded.
1815  //--------------------------------------------------------------------------
1816    PKCS_UTC_TIME                    = (LPCSTR(17));
1817    PKCS_TIME_REQUEST                = (LPCSTR(18));
1818    RSA_CSP_PUBLICKEYBLOB            = (LPCSTR(19));
1819    X509_UNICODE_NAME                = (LPCSTR(20));
1820  
1821    X509_KEYGEN_REQUEST_TO_BE_SIGNED  = (LPCSTR(21));
1822    PKCS_ATTRIBUTE                    = (LPCSTR(22));
1823    PKCS_CONTENT_INFO_SEQUENCE_OF_ANY = (LPCSTR(23));
1824  
1825  //+-------------------------------------------------------------------------
1826  //  Predefined primitive data structures that can be encoded / decoded.
1827  //--------------------------------------------------------------------------
1828    X509_UNICODE_NAME_VALUE    = (LPCSTR(24));
1829    X509_ANY_STRING            = X509_NAME_VALUE;
1830    X509_UNICODE_ANY_STRING    = X509_UNICODE_NAME_VALUE;
1831    X509_OCTET_STRING          = (LPCSTR(25));
1832    X509_BITS                  = (LPCSTR(26));
1833    X509_INTEGER               = (LPCSTR(27));
1834    X509_MULTI_BYTE_INTEGER    = (LPCSTR(28));
1835    X509_ENUMERATED            = (LPCSTR(29));
1836    X509_CHOICE_OF_TIME        = (LPCSTR(30));
1837  
1838  //+-------------------------------------------------------------------------
1839  //  More predefined X509 certificate extension data structures that can be
1840  //  encoded / decoded.
1841  //--------------------------------------------------------------------------
1842  
1843    X509_AUTHORITY_KEY_ID2        = (LPCSTR(31));
1844  //  X509_AUTHORITY_INFO_ACCESS          (LPCSTR(32));
1845    X509_CRL_REASON_CODE          = X509_ENUMERATED;
1846    PKCS_CONTENT_INFO             = (LPCSTR(33));
1847    X509_SEQUENCE_OF_ANY          = (LPCSTR(34));
1848    X509_CRL_DIST_POINTS          = (LPCSTR(35));
1849    X509_ENHANCED_KEY_USAGE       = (LPCSTR(36));
1850    PKCS_CTL                      = (LPCSTR(37));
1851  
1852    X509_MULTI_BYTE_UINT          = (LPCSTR(38));
1853    X509_DSS_PUBLICKEY            =  X509_MULTI_BYTE_UINT;
1854    X509_DSS_PARAMETERS           = (LPCSTR(39));
1855    X509_DSS_SIGNATURE            = (LPCSTR(40));
1856    PKCS_RC2_CBC_PARAMETERS       = (LPCSTR(41));
1857    PKCS_SMIME_CAPABILITIES       = (LPCSTR(42));
1858  
1859  //+-------------------------------------------------------------------------
1860  //  Predefined PKCS #7 data structures that can be encoded / decoded.
1861  //--------------------------------------------------------------------------
1862    PKCS7_SIGNER_INFO             = (LPCSTR(500));
1863  
1864  //+-------------------------------------------------------------------------
1865  //  Predefined Software Publishing Credential (SPC)  data structures that
1866  //  can be encoded / decoded.
1867  //
1868  //  Predefined values: 2000 .. 2999
1869  //
1870  //  See spc.h for value and data structure definitions.
1871  //--------------------------------------------------------------------------
1872  //+-------------------------------------------------------------------------
1873  //  Extension Object Identifiers
1874  //--------------------------------------------------------------------------
1875  const 
1876    szOID_AUTHORITY_KEY_IDENTIFIER      = '2.5.29.1';
1877    szOID_KEY_ATTRIBUTES                = '2.5.29.2';
1878    szOID_KEY_USAGE_RESTRICTION         = '2.5.29.4';
1879    szOID_SUBJECT_ALT_NAME              = '2.5.29.7';
1880    szOID_ISSUER_ALT_NAME               = '2.5.29.8';
1881    szOID_BASIC_CONSTRAINTS             = '2.5.29.10';
1882    szOID_KEY_USAGE                     = '2.5.29.15';
1883    szOID_BASIC_CONSTRAINTS2            = '2.5.29.19';
1884    szOID_CERT_POLICIES                 = '2.5.29.32';
1885  
1886    szOID_AUTHORITY_KEY_IDENTIFIER2     =  '2.5.29.35';
1887    szOID_SUBJECT_KEY_IDENTIFIER        = '2.5.29.14';
1888    szOID_SUBJECT_ALT_NAME2             = '2.5.29.17';
1889    szOID_ISSUER_ALT_NAME2              = '2.5.29.18';
1890    szOID_CRL_REASON_CODE               = '2.5.29.21';
1891    szOID_CRL_DIST_POINTS               = '2.5.29.31';
1892    szOID_ENHANCED_KEY_USAGE            = '2.5.29.37';
1893  
1894  
1895  // Internet Public Key Infrastructure
1896    szOID_PKIX                          = '1.3.6.1.5.5.7';
1897    szOID_AUTHORITY_INFO_ACCESS         = '1.3.6.1.5.5.7.2';
1898  
1899  // Microsoft extensions or attributes
1900    szOID_CERT_EXTENSIONS               = '1.3.6.1.4.1.311.2.1.14';
1901    szOID_NEXT_UPDATE_LOCATION          = '1.3.6.1.4.1.311.10.2';
1902  
1903  //  Microsoft PKCS #7 ContentType Object Identifiers
1904    szOID_CTL                           = '1.3.6.1.4.1.311.10.1';
1905  
1906  //+-------------------------------------------------------------------------
1907  //  Extension Object Identifiers (currently not implemented)
1908  //--------------------------------------------------------------------------
1909    szOID_POLICY_MAPPINGS               = '2.5.29.5';
1910    szOID_SUBJECT_DIR_ATTRS             = '2.5.29.9';
1911  
1912  //+-------------------------------------------------------------------------
1913  //  Enhanced Key Usage (Purpose) Object Identifiers
1914  //--------------------------------------------------------------------------
1915  const szOID_PKIX_KP                       = '1.3.6.1.5.5.7.3';
1916  
1917  // Consistent key usage bits: DIGITAL_SIGNATURE, KEY_ENCIPHERMENT
1918  // or KEY_AGREEMENT
1919    szOID_PKIX_KP_SERVER_AUTH           = '1.3.6.1.5.5.7.3.1';
1920  
1921  // Consistent key usage bits: DIGITAL_SIGNATURE
1922    szOID_PKIX_KP_CLIENT_AUTH           = '1.3.6.1.5.5.7.3.2';
1923  
1924  // Consistent key usage bits: DIGITAL_SIGNATURE
1925    szOID_PKIX_KP_CODE_SIGNING          = '1.3.6.1.5.5.7.3.3';
1926  
1927  // Consistent key usage bits: DIGITAL_SIGNATURE, NON_REPUDIATION and/or
1928  // (KEY_ENCIPHERMENT or KEY_AGREEMENT)
1929    szOID_PKIX_KP_EMAIL_PROTECTION      = '1.3.6.1.5.5.7.3.4';
1930  
1931  //+-------------------------------------------------------------------------
1932  //  Microsoft Enhanced Key Usage (Purpose) Object Identifiers
1933  //+-------------------------------------------------------------------------
1934  
1935  //  Signer of CTLs
1936    szOID_KP_CTL_USAGE_SIGNING          = '1.3.6.1.4.1.311.10.3.1';
1937  
1938  //  Signer of TimeStamps
1939    szOID_KP_TIME_STAMP_SIGNING         = '1.3.6.1.4.1.311.10.3.2';
1940  
1941  //+-------------------------------------------------------------------------
1942  //  Microsoft Attribute Object Identifiers
1943  //+-------------------------------------------------------------------------
1944    szOID_YESNO_TRUST_ATTR              = '1.3.6.1.4.1.311.10.4.1';
1945  
1946  //+-------------------------------------------------------------------------
1947  //  X509_CERT
1948  //
1949  //  The "to be signed" encoded content plus its signature. The ToBeSigned
1950  //  content is the CryptEncodeObject() output for one of the following:
1951  //  X509_CERT_TO_BE_SIGNED, X509_CERT_CRL_TO_BE_SIGNED or
1952  //  X509_CERT_REQUEST_TO_BE_SIGNED.
1953  //
1954  //  pvStructInfo points to CERT_SIGNED_CONTENT_INFO.
1955  //--------------------------------------------------------------------------
1956  
1957  //+-------------------------------------------------------------------------
1958  //  X509_CERT_TO_BE_SIGNED
1959  //
1960  //  pvStructInfo points to CERT_INFO.
1961  //
1962  //  For CryptDecodeObject(), the pbEncoded is the "to be signed" plus its
1963  //  signature (output of a X509_CERT CryptEncodeObject()).
1964  //
1965  //  For CryptEncodeObject(), the pbEncoded is just the "to be signed".
1966  //--------------------------------------------------------------------------
1967  
1968  //+-------------------------------------------------------------------------
1969  //  X509_CERT_CRL_TO_BE_SIGNED
1970  //
1971  //  pvStructInfo points to CRL_INFO.
1972  //
1973  //  For CryptDecodeObject(), the pbEncoded is the "to be signed" plus its
1974  //  signature (output of a X509_CERT CryptEncodeObject()).
1975  //
1976  //  For CryptEncodeObject(), the pbEncoded is just the "to be signed".
1977  //--------------------------------------------------------------------------
1978  
1979  //+-------------------------------------------------------------------------
1980  //  X509_CERT_REQUEST_TO_BE_SIGNED
1981  //
1982  //  pvStructInfo points to CERT_REQUEST_INFO.
1983  //
1984  //  For CryptDecodeObject(), the pbEncoded is the "to be signed" plus its
1985  //  signature (output of a X509_CERT CryptEncodeObject()).
1986  //
1987  //  For CryptEncodeObject(), the pbEncoded is just the "to be signed".
1988  //--------------------------------------------------------------------------
1989  
1990  //+-------------------------------------------------------------------------
1991  //  X509_EXTENSIONS
1992  //  szOID_CERT_EXTENSIONS
1993  //
1994  //  pvStructInfo points to following CERT_EXTENSIONS.
1995  //--------------------------------------------------------------------------
1996  type
1997    PCERT_EXTENSIONS = ^CERT_EXTENSIONS;
1998    CERT_EXTENSIONS = record
1999      cExtension  :DWORD;
2000      rgExtension :PCERT_EXTENSION;
2001    end;
2002  
2003  //+-------------------------------------------------------------------------
2004  //  X509_NAME_VALUE
2005  //  X509_ANY_STRING
2006  //
2007  //  pvStructInfo points to CERT_NAME_VALUE.
2008  //--------------------------------------------------------------------------
2009  
2010  //+-------------------------------------------------------------------------
2011  //  X509_UNICODE_NAME_VALUE
2012  //  X509_UNICODE_ANY_STRING
2013  //
2014  //  pvStructInfo points to CERT_NAME_VALUE.
2015  //
2016  //  The name values are unicode strings.
2017  //
2018  //  For CryptEncodeObject:
2019  //    Value.pbData points to the unicode string.
2020  //    If Value.cbData = 0, then, the unicode string is NULL terminated.
2021  //    Otherwise, Value.cbData is the unicode string byte count. The byte count
2022  //    is twice the character count.
2023  //
2024  //    If the unicode string contains an invalid character for the specified
2025  //    dwValueType, then, *pcbEncoded is updated with the unicode character
2026  //    index of the first invalid character. LastError is set to:
2027  //    CRYPT_E_INVALID_NUMERIC_STRING, CRYPT_E_INVALID_PRINTABLE_STRING or
2028  //    CRYPT_E_INVALID_IA5_STRING.
2029  //
2030  //    The unicode string is converted before being encoded according to
2031  //    the specified dwValueType. If dwValueType is set to 0, LastError
2032  //    is set to E_INVALIDARG.
2033  //
2034  //    If the dwValueType isn't one of the character strings (its a
2035  //    CERT_RDN_ENCODED_BLOB or CERT_RDN_OCTET_STRING), then, CryptEncodeObject
2036  //    will return FALSE with LastError set to CRYPT_E_NOT_CHAR_STRING.
2037  //
2038  //  For CryptDecodeObject:
2039  //    Value.pbData points to a NULL terminated unicode string. Value.cbData
2040  //    contains the byte count of the unicode string excluding the NULL
2041  //    terminator. dwValueType contains the type used in the encoded object.
2042  //    Its not forced to CERT_RDN_UNICODE_STRING. The encoded value is
2043  //    converted to the unicode string according to the dwValueType.
2044  //
2045  //    If the encoded object isn't one of the character string types, then,
2046  //    CryptDecodeObject will return FALSE with LastError set to
2047  //    CRYPT_E_NOT_CHAR_STRING. For a non character string, decode using
2048  //    X509_NAME_VALUE or X509_ANY_STRING.
2049  //--------------------------------------------------------------------------
2050  
2051  //+-------------------------------------------------------------------------
2052  //  X509_NAME
2053  //
2054  //  pvStructInfo points to CERT_NAME_INFO.
2055  //--------------------------------------------------------------------------
2056  
2057  //+-------------------------------------------------------------------------
2058  //  X509_UNICODE_NAME
2059  //
2060  //  pvStructInfo points to CERT_NAME_INFO.
2061  //
2062  //  The RDN attribute values are unicode strings except for the dwValueTypes of
2063  //  CERT_RDN_ENCODED_BLOB or CERT_RDN_OCTET_STRING. These dwValueTypes are
2064  //  the same as for a X509_NAME. Their values aren't converted to/from unicode.
2065  //
2066  //  For CryptEncodeObject:
2067  //    Value.pbData points to the unicode string.
2068  //    If Value.cbData = 0, then, the unicode string is NULL terminated.
2069  //    Otherwise, Value.cbData is the unicode string byte count. The byte count
2070  //    is twice the character count.
2071  //
2072  //    If dwValueType = 0 (CERT_RDN_ANY_TYPE), the pszObjId is used to find
2073  //    an acceptable dwValueType. If the unicode string contains an
2074  //    invalid character for the found or specified dwValueType, then,
2075  //    *pcbEncoded is updated with the error location of the invalid character.
2076  //    See below for details. LastError is set to:
2077  //    CRYPT_E_INVALID_NUMERIC_STRING, CRYPT_E_INVALID_PRINTABLE_STRING or
2078  //    CRYPT_E_INVALID_IA5_STRING.
2079  //
2080  //    The unicode string is converted before being encoded according to
2081  //    the specified or ObjId matching dwValueType.
2082  //
2083  //  For CryptDecodeObject:
2084  //    Value.pbData points to a NULL terminated unicode string. Value.cbData
2085  //    contains the byte count of the unicode string excluding the NULL
2086  //    terminator. dwValueType contains the type used in the encoded object.
2087  //    Its not forced to CERT_RDN_UNICODE_STRING. The encoded value is
2088  //    converted to the unicode string according to the dwValueType.
2089  //
2090  //    If the dwValueType of the encoded value isn't a character string
2091  //    type, then, it isn't converted to UNICODE. Use the
2092  //    IS_CERT_RDN_CHAR_STRING() macro on the dwValueType to check
2093  //    that Value.pbData points to a converted unicode string.
2094  //--------------------------------------------------------------------------
2095  
2096  //+-------------------------------------------------------------------------
2097  //  Unicode Name Value Error Location Definitions
2098  //
2099  //  Error location is returned in *pcbEncoded by
2100  //  CryptEncodeObject(X509_UNICODE_NAME)
2101  //
2102  //  Error location consists of:
2103  //    RDN_INDEX     - 10 bits << 22
2104  //    ATTR_INDEX    - 6 bits << 16
2105  //    VALUE_INDEX   - 16 bits (unicode character index)
2106  //--------------------------------------------------------------------------
2107  const 
2108    CERT_UNICODE_RDN_ERR_INDEX_MASK     = $3FF;
2109    CERT_UNICODE_RDN_ERR_INDEX_SHIFT    = 22;
2110    CERT_UNICODE_ATTR_ERR_INDEX_MASK    = $003F;
2111    CERT_UNICODE_ATTR_ERR_INDEX_SHIFT   = 16;
2112    CERT_UNICODE_VALUE_ERR_INDEX_MASK   = $0000FFFF;
2113    CERT_UNICODE_VALUE_ERR_INDEX_SHIFT  = 0;
2114  
2115  {#define GET_CERT_UNICODE_RDN_ERR_INDEX(X)   \
2116      ((X >> CERT_UNICODE_RDN_ERR_INDEX_SHIFT) & CERT_UNICODE_RDN_ERR_INDEX_MASK)}
2117  function  GET_CERT_UNICODE_RDN_ERR_INDEX(X :integer):integer;
2118  {#define GET_CERT_UNICODE_ATTR_ERR_INDEX(X)  \
2119      ((X >> CERT_UNICODE_ATTR_ERR_INDEX_SHIFT) & CERT_UNICODE_ATTR_ERR_INDEX_MASK)}
2120  function  GET_CERT_UNICODE_ATTR_ERR_INDEX(X :integer):integer;
2121  {#define GET_CERT_UNICODE_VALUE_ERR_INDEX(X) \
2122      (X & CERT_UNICODE_VALUE_ERR_INDEX_MASK)}
2123  function  GET_CERT_UNICODE_VALUE_ERR_INDEX(X :integer):integer;
2124  
2125  //+-------------------------------------------------------------------------
2126  //  X509_PUBLIC_KEY_INFO
2127  //
2128  //  pvStructInfo points to CERT_PUBLIC_KEY_INFO.
2129  //--------------------------------------------------------------------------
2130  
2131  
2132  //+-------------------------------------------------------------------------
2133  //  X509_AUTHORITY_KEY_ID
2134  //  szOID_AUTHORITY_KEY_IDENTIFIER
2135  //
2136  //  pvStructInfo points to following CERT_AUTHORITY_KEY_ID_INFO.
2137  //--------------------------------------------------------------------------
2138  type
2139    PCERT_AUTHORITY_KEY_ID_INFO = ^CERT_AUTHORITY_KEY_ID_INFO;
2140    CERT_AUTHORITY_KEY_ID_INFO = record
2141      KeyId            :CRYPT_DATA_BLOB;
2142      CertIssuer       :CERT_NAME_BLOB;
2143      CertSerialNumber :CRYPT_INTEGER_BLOB;
2144    end;
2145  
2146  //+-------------------------------------------------------------------------
2147  //  X509_KEY_ATTRIBUTES
2148  //  szOID_KEY_ATTRIBUTES
2149  //
2150  //  pvStructInfo points to following CERT_KEY_ATTRIBUTES_INFO.
2151  //--------------------------------------------------------------------------
2152  type
2153    PCERT_PRIVATE_KEY_VALIDITY = ^CERT_PRIVATE_KEY_VALIDITY;
2154    CERT_PRIVATE_KEY_VALIDITY = record
2155      NotBefore :TFILETIME;
2156      NotAfter  :TFILETIME;
2157    end;
2158  
2159  type
2160    PCERT_KEY_ATTRIBUTES_INFO = ^CERT_KEY_ATTRIBUTES_INFO;
2161    CERT_KEY_ATTRIBUTES_INFO = record
2162      KeyId                  :CRYPT_DATA_BLOB;
2163      IntendedKeyUsage       :CRYPT_BIT_BLOB;
2164      pPrivateKeyUsagePeriod :PCERT_PRIVATE_KEY_VALIDITY;     // OPTIONAL
2165    end;
2166  
2167  const 
2168    CERT_DIGITAL_SIGNATURE_KEY_USAGE    = $80;
2169    CERT_NON_REPUDIATION_KEY_USAGE      = $40;
2170    CERT_KEY_ENCIPHERMENT_KEY_USAGE     = $20;
2171    CERT_DATA_ENCIPHERMENT_KEY_USAGE    = $10;
2172    CERT_KEY_AGREEMENT_KEY_USAGE        = $08;
2173    CERT_KEY_CERT_SIGN_KEY_USAGE        = $04;
2174    CERT_OFFLINE_CRL_SIGN_KEY_USAGE     = $02;
2175  
2176    CERT_CRL_SIGN_KEY_USAGE             = $02;
2177  
2178  //+-------------------------------------------------------------------------
2179  //  X509_KEY_USAGE_RESTRICTION
2180  //  szOID_KEY_USAGE_RESTRICTION
2181  //
2182  //  pvStructInfo points to following CERT_KEY_USAGE_RESTRICTION_INFO.
2183  //--------------------------------------------------------------------------
2184  type
2185    PCERT_POLICY_ID = ^CERT_POLICY_ID;
2186    CERT_POLICY_ID = record
2187      cCertPolicyElementId     :DWORD;
2188      rgpszCertPolicyElementId :PLPSTR;  // pszObjId
2189    end;
2190  
2191  type
2192    PCERT_KEY_USAGE_RESTRICTION_INFO = ^CERT_KEY_USAGE_RESTRICTION_INFO;
2193    CERT_KEY_USAGE_RESTRICTION_INFO = record
2194      cCertPolicyId      :DWORD;
2195      rgCertPolicyId     :PCERT_POLICY_ID;
2196      RestrictedKeyUsage :CRYPT_BIT_BLOB;
2197    end;
2198  
2199  // See CERT_KEY_ATTRIBUTES_INFO for definition of the RestrictedKeyUsage bits
2200  
2201  //+-------------------------------------------------------------------------
2202  //  X509_ALTERNATE_NAME
2203  //  szOID_SUBJECT_ALT_NAME
2204  //  szOID_ISSUER_ALT_NAME
2205  //  szOID_SUBJECT_ALT_NAME2
2206  //  szOID_ISSUER_ALT_NAME2
2207  //
2208  //  pvStructInfo points to following CERT_ALT_NAME_INFO.
2209  //--------------------------------------------------------------------------
2210  
2211  type
2212    PCERT_ALT_NAME_ENTRY = ^CERT_ALT_NAME_ENTRY;
2213    CERT_ALT_NAME_ENTRY = record
2214      dwAltNameChoice :DWORD;
2215      case integer of
2216      {1}0: ({OtherName :Not implemented});
2217      {2}1: (pwszRfc822Name  :LPWSTR);            //(encoded IA5)
2218      {3}2: (pwszDNSName     :LPWSTR);