Cryptography Functions - Win32 apps (2024)

Article
08/19/2021

Cryptography functions are categorized according to usage as follows:

CryptXML Functions
Signer Functions
Base Cryptography Functions
- Service Provider Functions
- Key Generation and Exchange Functions
- Object Encoding and Decoding Functions
- Data Encryption and Decryption Functions
- Hash and Digital Signature Functions
Certificate and Certificate Store Functions
- Certificate Store Functions
- Certificate and Certificate Store Maintenance Functions
- Certificate Functions
- Certificate Revocation List Functions
- Certificate Trust List Functions
- Extended Property Functions
MakeCert Functions
Certificate Verification Functions
- Verification Functions Using CTLs
- Certificate Chain Verification Functions
Message Functions
- Low-level Message Functions
- Simplified Message Functions
Auxiliary Functions
- Data Management Functions
- Data Conversion Functions
- Enhanced Key Usage Functions
- Key Identifier Functions
- OID Support Functions
- Remote Object Retrieval Functions
- PFX Functions
Certificate Services Backup and Restore Functions
Callback Functions
Catalog Definition Functions
Catalog Functions
WinTrust Functions
Object Locator Functions

CryptXML Functions

The cryptographic XML functions provide an API for creating and representing digital signatures by using XML formatted data. For information about XML formatted signatures, see the XML-Signature Syntax and Processing specification at https://go.microsoft.com/fwlink/p/?linkid=139649.

Function	Description
A_SHAFinal	Computes the final hash of the data entered by the MD5Update function.
A_SHAInit	Initiates the hashing of a stream of data.
A_SHAUpdate	Adds data to a specified hash object.
CryptXmlCreateReference	Creates a reference to an XML signature.
CryptXmlAddObject	Adds the Object element to the Signature in the Document Context opened for encoding.
CryptXmlClose	Closes a cryptographic XML object handle.
CryptXmlDigestReference	Used by an application to digest the resolved reference. This function applies transforms before updating the digest.
CryptXmlDllCloseDigest	Frees the CRYPT_XML_DIGEST allocated by the CryptXmlDllCreateDigest function.
CryptXmlDllCreateDigest	Creates a digest object for the specified method.
CryptXmlDllCreateKey	Parses the KeyValue element and creates a Cryptography API: Next Generation (CNG) BCrypt key handle to verify a signature.
CryptXmlDllDigestData	Puts data into the digest.
CryptXmlDllEncodeAlgorithm	Encodes SignatureMethod or DigestMethod elements for agile algorithms with default parameters.
CryptXmlDllEncodeKeyValue	Encodes a KeyValue element.
CryptXmlDllFinalizeDigest	Retrieves the digest value.
CryptXmlDllGetAlgorithmInfo	Decodes the XML algorithm and returns information about the algorithm.
CryptXmlDllGetInterface	Retrieves a pointer to the cryptographic extension functions for the specified algorithm.
CryptXmlDllSignData	Signs data.
CryptXmlDllVerifySignature	Verifies a signature.
CryptXmlEncode	Encodes signature data by using the supplied XML writer callback function.
CryptXmlGetAlgorithmInfo	Decodes the CRYPT_XML_ALGORITHM structure and returns information about the algorithm.
CryptXmlGetDocContext	Returns the document context specified by the supplied handle.
CryptXmlGetReference	Returns the Reference element specified by the supplied handle.
CryptXmlGetSignature	Returns an XML Signature element.
CryptXmlGetStatus	Returns a CRYPT_XML_STATUS structure that contains status information about the object specified by the supplied handle.
CryptXmlGetTransforms	Returns information about the default transform chain engine.
CryptXmlImportPublicKey	Imports the public key specified by the supplied handle.
CryptXmlOpenToEncode	Opens an XML digital signature to encode and returns a handle of the opened Signature element. The handle encapsulates a document context with a single CRYPT_XML_SIGNATURE structure and remains open until the CryptXmlClose function is called.
CryptXmlOpenToDecode	Opens an XML digital signature to decode and returns the handle of the document context that encapsulates a CRYPT_XML_SIGNATURE structure. The document context can include one or more Signature elements.
CryptXmlSetHMACSecret	Sets the HMAC secret on the handle before calling the CryptXmlSign or CryptXmlVerify function.
CryptXmlSign	Creates a cryptographic signature of a SignedInfo element.
CryptXmlVerifySignature	Performs a cryptographic signature validation of a SignedInfo element.
PFN_CRYPT_XML_WRITE_CALLBACK	Creates a transform for a specified data provider.
PFN_CRYPT_XML_CREATE_TRANSFORM	Writes cryptographic XML data.
PFN_CRYPT_XML_DATA_PROVIDER_READ	Reads cryptographic XML data.
PFN_CRYPT_XML_DATA_PROVIDER_CLOSE	Releases the cryptographic XML data provider.
PFN_CRYPT_XML_ENUM_ALG_INFO	Enumerates predefined and registered CRYPT_XML_ALGORITHM_INFO entries.

Signer Functions

Provides functions to sign and time stamp data.

Function	Description
SignerFreeSignerContext	Frees a SIGNER_CONTEXT structure allocated by a previous call to the SignerSignEx function.
SignError	Calls the GetLastError function and converts the return code to an HRESULT.
SignerSign	Signs the specified file.
SignerSignEx	Signs the specified file and returns a pointer to the signed data.
SignerSignEx2	Signs and time stamps the specified file, allowing multiple nested signatures.
SignerTimeStamp	Time stamps the specified subject. This function supports Authenticode time stamping. To perform X.509 Public Key Infrastructure (RFC 3161) time stamping, use the SignerTimeStampEx2 function.
SignerTimeStampEx	Time stamps the specified subject and optionally returns a pointer to a SIGNER_CONTEXT structure that contains a pointer to a BLOB. This function supports Authenticode time stamping. To perform X.509 Public Key Infrastructure (RFC 3161) time stamping, use the SignerTimeStampEx2 function.
SignerTimeStampEx2	Time stamps the specified subject and optionally returns a pointer to a SIGNER_CONTEXT structure that contains a pointer to a BLOB. This function can be used to perform X.509 Public Key Infrastructure, RFC 3161–compliant, time stamps.
SignerTimeStampEx3	Time stamps the specified subject and supports setting time stamps on multiple signatures.

Base Cryptography Functions

Base cryptographic functions provide the most flexible means of developing cryptography applications. All communication with a cryptographic service provider (CSP) occurs through these functions.

A CSP is an independent module that performs all cryptographic operations. At least one CSP is required with each application that uses cryptographic functions. A single application can occasionally use more than one CSP.

If more than one CSP is used, the one to use can be specified in the CryptoAPI cryptographic function calls. One CSP, the Microsoft Base Cryptographic Provider, is bundled with the CryptoAPI. This CSP is used as a default provider by many of the CryptoAPI functions if no other CSP is specified.

Each CSP provides a different implementation of the cryptographic support provided to CryptoAPI. Some provide stronger cryptographic algorithms; others contain hardware components, such as smart cards. In addition, some CSPs can occasionally communicate directly with users, such as when digital signatures are performed by using the user's signature private key.

Base cryptographic functions are in the following broad groups:

Service Provider Functions
Key Generation and Exchange Functions
Object Encoding and Decoding Functions
Data Encryption and Decryption Functions
Hash and Digital Signature Functions

Service Provider Functions

Applications use the following service functions to connect and disconnect a cryptographic service provider (CSP).

Function	Description
CryptAcquireContext	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Acquires a handle to the current user's key container within a particular CSP.
CryptContextAddRef	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Increments the reference count on an HCRYPTPROV handle.
CryptEnumProviders	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Enumerates the providers on a computer.
CryptEnumProviderTypes	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Enumerates the types of providers supported on the computer.
CryptGetDefaultProvider	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Determines the default CSP either for the current user or for the computer for a specified provider type.
CryptGetProvParam	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Retrieves the parameters that govern the operations of a CSP.
CryptInstallDefaultContext	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Installs a previously acquired HCRYPTPROV context to be used as a default context.
CryptReleaseContext	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Releases the handle acquired by the CryptAcquireContext function.
CryptSetProvider and CryptSetProviderEx	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Specifies the user default CSP for a particular CSP type.
CryptSetProvParam	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Specifies attributes of a CSP.
CryptUninstallDefaultContext	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Removes a default context previously installed by CryptInstallDefaultContext.
FreeCryptProvFromCertEx	Releases the handle either to a cryptographic service provider (CSP) or to a Cryptography API: Next Generation (CNG) key.

Key Generation and Exchange Functions

Key generation and exchange functions exchange keys with other users and create, configure, and destroy cryptographic keys.

Function	Description
CryptDeriveKey	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Creates a key derived from a password.
CryptDestroyKey	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Destroys a key.
CryptDuplicateKey	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Makes an exact copy of a key, including the state of the key.
CryptExportKey	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Transfers a key from the CSP into a key BLOB in the application's memory space.
CryptGenKey	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Creates a random key.
CryptGenRandom	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Generates random data.
CryptGetKeyParam	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Retrieves a key's parameters.
CryptGetUserKey	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Gets a handle to the key exchange or signature key.
CryptImportKey	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Transfers a key from a key BLOB to a CSP.
CryptSetKeyParam	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Specifies a key's parameters.

Object Encoding and Decoding Functions

These are generalized encoding and decoding functions. They are used to encode and decode certificates, certificate revocation lists (CRLs), certificate requests, and certificate extensions.

Function	Description
CryptDecodeObject	Decodes a structure of type lpszStructType.
CryptDecodeObjectEx	Decodes a structure of type lpszStructType. CryptDecodeObjectEx supports the one-pass memory allocation option.
CryptEncodeObject	Encodes a structure of type lpszStructType.
CryptEncodeObjectEx	Encodes a structure of type lpszStructType. CryptEncodeObjectEx supports the one-pass memory allocation option.

Data Encryption and Decryption Functions

The following functions support encryption and decryption operations. CryptEncrypt and CryptDecrypt require a cryptographic key before being called. This is done by using the CryptGenKey, CryptDeriveKey, or CryptImportKey function. The encryption algorithm is specified when the key is created. CryptSetKeyParam can set additional encryption parameters.

Function	Description
CryptDecrypt	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Decrypts a section of ciphertext by using the specified encryption key.
CryptEncrypt	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Encrypts a section of plaintext by using the specified encryption key.
CryptProtectData	Performs encryption on the data in a DATA_BLOB structure.
CryptProtectMemory	Encrypts memory to protect sensitive information.
CryptUnprotectData	Performs a decryption and integrity check of the data in a DATA_BLOB.
CryptUnprotectMemory	Decrypts memory that was encrypted using CryptProtectMemory.

Hash and Digital Signature Functions

These functions compute hashes of data and also create and verify digital signatures. Hashes are also known as message digests.

Function	Description
CryptCreateHash	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Creates an empty hash object.
CryptDestroyHash	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Destroys a hash object.
CryptDuplicateHash	Duplicates a hash object.
CryptGetHashParam	Retrieves a hash object parameter.
CryptHashData	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Hashes a block of data, adding it to the specified hash object.
CryptHashSessionKey	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Hashes a session key, adding it to the specified hash object.
CryptSetHashParam	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Sets a hash object parameter.
CryptSignHash	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Signs the specified hash object.
CryptUIWizDigitalSign	Displays a wizard that digitally signs a document or a BLOB.
CryptUIWizFreeDigitalSignContext	Releases a pointer to a CRYPTUI_WIZ_DIGITAL_SIGN_CONTEXT structure.
CryptVerifySignature	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Verifies a digital signature, given a handle to the hash object.
PFNCFILTERPROC	Filters the certificates that appear in the digital signature wizard displayed by the CryptUIWizDigitalSign function.

Certificate and Certificate Store Functions

Certificate and certificate store functions manage the use, storage, and retrieval of certificates, certificate revocation lists (CRLs), and certificate trust lists (CTLs). These functions are divided into the following groups:

Certificate Store Functions
Certificate and Certificate Store Maintenance Functions
Certificate Functions
Certificate Revocation List Functions
Certificate Trust List Functions
Extended Property Functions
MakeCert Functions

Certificate Store Functions

A user site can, over time, collect many certificates. Typically, a site has certificates for the user of the site as well as other certificates that describe those individuals and entities with whom the user communicates. For each entity, there can be more than one certificate. For each individual certificate, there should be a chain of verifying certificates that provides a trail back to a trusted root certificate. Certificate stores and their related functions provide functionality to store, retrieve, enumerate, verify, and use the information stored in the certificates.

Function	Description
CertAddStoreToCollection	Adds a sibling certificate store to a collection certificate store.
CertCloseStore	Closes a certificate store handle.
CertControlStore	Allows an application to be notified when there is a difference between the contents of a cached store and the contents of the store that is persisted to storage. It also provides desynchronization of the cached store, if necessary, and provides a means to commit changes made in the cached store to persisted storage.
CertDuplicateStore	Duplicates a store handle by incrementing the reference count.
CertEnumPhysicalStore	Enumerates the physical stores for a specified system store.
CertEnumSystemStore	Enumerates all available system stores.
CertEnumSystemStoreLocation	Enumerates all of the locations that have an available system store.
CertGetStoreProperty	Gets a store property.
CertOpenStore	Opens a certificate store using a specified store provider type.
CertOpenSystemStore	Opens a system certificate store based on a subsystem protocol.
CertRegisterPhysicalStore	Adds a physical store to a registry system store collection.
CertRegisterSystemStore	Registers a system store.
CertRemoveStoreFromCollection	Removes a sibling certificate store from a collection store.
CertSaveStore	Saves the certificate store.
CertSetStoreProperty	Sets a store property.
CertUnregisterPhysicalStore	Removes a physical store from a specified system store collection.
CertUnregisterSystemStore	Unregisters a specified system store.
CryptUIWizExport	Presents a wizard that exports a certificate, certificate trust list (CTL), certificate revocation list (CRL), or certificate store.
CryptUIWizImport	Presents a wizard that imports a certificate, certificate trust list (CTL), certificate revocation list (CRL), or certificate store.

Certificate and Certificate Store Maintenance Functions

CryptoAPI provides a set of general certificate and certificate store maintenance functions.

Function	Description
CertAddSerializedElementToStore	Adds the serialized certificate or CRL element to the store.
CertCreateContext	Creates the specified context from the encoded bytes. The new context is not put into a store.
CertEnumSubjectInSortedCTL	Enumerates the TrustedSubjects in a sorted CTL context.
CertFindSubjectInCTL	Finds the specified subject in a CTL.
CertFindSubjectInSortedCTL	Finds the specified subject in a sorted CTL.
OpenPersonalTrustDBDialog and OpenPersonalTrustDBDialogEx	Displays the Certificates dialog box.

Certificate Functions

Most Certificate functions have related functions to deal with CRLs and CTLs. For more information about related CRL and CTL functions, see Certificate Revocation List Functions and Certificate Trust List Functions.

Function	Description
CertAddCertificateContextToStore	Adds a certificate context to the certificate store.
CertAddCertificateLinkToStore	Adds a link in a certificate store to a certificate context in a different store.
CertAddEncodedCertificateToStore	Converts the encoded certificate to a certificate context, and then adds the context to the certificate store.
CertAddRefServerOcspResponse	Increments the reference count for an HCERT_SERVER_OCSP_RESPONSE handle.
CertAddRefServerOcspResponseContext	Increments the reference count for a CERT_SERVER_OCSP_RESPONSE_CONTEXT structure.
CertCloseServerOcspResponse	Closes an online certificate status protocol (OCSP) server response handle.
CertCreateCertificateContext	Creates a certificate context from an encoded certificate. The created context is not put in a certificate store.
CertCreateSelfSignCertificate	Creates a self-signed certificate.
CertDeleteCertificateFromStore	Deletes a certificate from the certificate store.
CertDuplicateCertificateContext	Duplicates a certificate context by incrementing its reference count.
CertEnumCertificatesInStore	Enumerates the certificate contexts in the certificate store.
CertFindCertificateInStore	Finds the first, or next, certificate context in the certificate store that meets a search criterion.
CertFreeCertificateContext	Frees a certificate context.
CertGetIssuerCertificateFromStore	Gets a certificate context from the certificate store for the first, or next, issuer of the specified subject certificate.
CertGetServerOcspResponseContext	Retrieves a non-blocking, time valid online certificate status protocol (OCSP) response context for the specified handle.
CertGetSubjectCertificateFromStore	Gets from the certificate store the subject certificate context, which is uniquely identified by its issuer and serial number.
CertGetValidUsages	Returns an array of usages that consist of the intersection of the valid usages for all certificates in an array of certificates.
CertOpenServerOcspResponse	Opens a handle to an online certificate status protocol (OCSP) response associated with a server certificate chain.
CertRetrieveLogoOrBiometricInfo	Performs a URL retrieval of logo or biometric information specified in either the szOID_LOGOTYPE_EXT or szOID_BIOMETRIC_EXT certificate extension.
CertSelectCertificate	Presents a dialog box that allows the user to select certificates from a set of certificates that match a given criteria.
CertSelectCertificateChains	Retrieves certificate chains based on specified selection criteria.
CertSelectionGetSerializedBlob	A helper function used to retrieve a serialized certificate BLOB from a CERT_SELECTUI_INPUT structure.
CertSerializeCertificateStoreElement	Serializes a certificate context's encoded certificate and an encoded representation of its properties.
CertVerifySubjectCertificateContext	Performs the enabled verification checks on the subject certificate using the issuer.
CryptUIDlgCertMgr	Displays a dialog box that allows the user to manage certificates.
CryptUIDlgSelectCertificate	Displays a dialog box that allows a user to select a certificate.
CryptUIDlgSelectCertificateFromStore	Displays a dialog box that allows the selection of a certificate from a specified store.
CryptUIDlgViewCertificate	Presents a dialog box that displays a specified certificate.
CryptUIDlgViewContext	Displays a certificate, CRL, or CTL.
CryptUIDlgViewSignerInfo	Displays a dialog box that contains the signer information for a signed message.
GetFriendlyNameOfCert	Retrieves the display name for a certificate.
RKeyCloseKeyService	Closes a key service handle.
RKeyOpenKeyService	Opens a key service handle on a remote computer.
RKeyPFXInstall	Installs a certificate on a remote computer.

Certificate Revocation List Functions

These functions manage the storage and retrieval of certificate revocation lists (CRLs).

Function	Description
CertAddCRLContextToStore	Adds a CRL context to the certificate store.
CertAddCRLLinkToStore	Adds a link in a store to a CRL context in a different store.
CertAddEncodedCRLToStore	Converts the encoded CRL to a CRL context, and then adds the context to the certificate store.
CertCreateCRLContext	Creates a CRL context from an encoded CRL. The created context is not put in a certificate store.
CertDeleteCRLFromStore	Deletes a CRL from the certificate store.
CertDuplicateCRLContext	Duplicates a CRL context by incrementing the reference count.
CertEnumCRLsInStore	Enumerates the CRL contexts in a store.
CertFindCertificateInCRL	Searches the certificate revocation list (CRL) for the specified certificate.
CertFindCRLInStore	Finds the first, or next, CRL context in the certificate store that matches a specific criterion.
CertFreeCRLContext	Frees a CRL context.
CertGetCRLFromStore	Gets the first, or next, CRL context from the certificate store for the specified issuer certificate.
CertSerializeCRLStoreElement	Serializes the CRL context's encoded CRL and its properties.

Certificate Trust List Functions

These functions manage the storage and retrieval of certificate trust lists (CTLs).

Function	Description
CertAddCTLContextToStore	Adds a CTL context to the certificate store.
CertAddCTLLinkToStore	Adds a link in a store to a CRL context in a different store.
CertAddEncodedCTLToStore	Converts the encoded CTL to a CTL context, and then adds the context to the certificate store.
CertCreateCTLContext	Creates a CTL context from an encoded certificate trust list. The created context is not put in a certificate store.
CertDeleteCTLFromStore	Deletes a CTL from the certificate store.
CertDuplicateCTLContext	Duplicates a CTL context by incrementing the reference count.
CertEnumCTLsInStore	Enumerates the CTL contexts in the certificate store.
CertFindCTLInStore	Finds the first, or next, CTL context in the certificate store that matches a specific criteria.
CertFreeCTLContext	Frees a CTL context.
CertModifyCertificatesToTrust	Modifies the set of certificates in a CTL for a given purpose.
CertSerializeCTLStoreElement	Serializes the CTL context's encoded CTL and its properties.

Extended Property Functions

The following functions work with extended properties of certificates, CRLs, and CTLs.

Function	Description
CertEnumCertificateContextProperties	Enumerates the properties for the specified certificate context.
CertEnumCRLContextProperties	Enumerates the properties for the specified CRL context.
CertEnumCTLContextProperties	Enumerates the properties for the specified CTL context.
CertGetCertificateContextProperty	Retrieves certificate properties.
CertGetCRLContextProperty	Retrieves CRL properties.
CertGetCTLContextProperty	Retrieves CTL properties.
CertSetCertificateContextProperty	Sets certificate properties.
CertSetCRLContextProperty	Sets CRL properties.
CertSetCTLContextProperty	Sets CTL properties.

MakeCert Functions

The following functions support the MakeCert tool.

Function	Description
FreeCryptProvFromCert	Releases the handle to a cryptographic service provider (CSP) and optionally deletes the temporary container created by the GetCryptProvFromCert function.
GetCryptProvFromCert	Gets a handle to a CSP and a key specification for a certificate context.
PvkFreeCryptProv	Releases the handle to a CSP and optionally deletes the temporary container created by the PvkGetCryptProv function.
PvkGetCryptProv	Gets a handle to a CSP based on either a private key file name or a key container name.
PvkPrivateKeyAcquireContextFromMemory	Creates a temporary container in the CSP and loads a private key from memory into the container.
PvkPrivateKeySave	Saves a private key and its corresponding public key to a specified file.
SignError	Calls GetLastError and converts the return code to an HRESULT.

Certificate Verification Functions

Certificates are verified using CTLs or certificate chains. Functions are provided for both of these:

Verification Functions Using CTLs
Certificate Chain Verification Functions

Verification Functions Using CTLs

These functions use CTLs in the verification process. Additional functions for working with CTLs can be found in Certificate Trust List Functions and Extended Property Functions.

The following functions use CTLs directly for verification.

Function	Description
CertVerifyCTLUsage	Verifies the usage of a CTL.
CryptMsgEncodeAndSignCTL	Encodes and signs a CTL as a message.
CryptMsgGetAndVerifySigner	Retrieves and verifies a CTL from a message.
CryptMsgSignCTL	Signs a message that contains a CTL.

Certificate Chain Verification Functions

Certificate chains are built to provide trust information about individual certificates.

Function Name	Description
CertCreateCertificateChainEngine	Creates a new, nondefault chain engine for an application.
CertCreateCTLEntryFromCertificateContextProperties	Creates a CTL entry whose attributes are the certificate context's properties.
CertDuplicateCertificateChain	Duplicates a certificate chain by incrementing the chain's reference count and returning a pointer to the chain.
CertFindChainInStore	Finds the first, or next, certificate chain context in a store.
CertFreeCertificateChain	Frees a certificate chain by reducing its reference count.
CertFreeCertificateChainEngine	Frees a nondefault certificate chain engine.
CertFreeCertificateChainList	Frees the array of pointers to chain contexts.
CertGetCertificateChain	Builds a chain context starting from an end certificate and going back to a trusted root certificate, if possible.
CertIsValidCRLForCertificate	Checks a CRL to determine whether it would include a specific certificate if that certificate were revoked.
CertSetCertificateContextPropertiesFromCTLEntry	Sets properties on the certificate context using the attributes in the CTL entry.
CertVerifyCertificateChainPolicy	Checks a certificate chain to verify its validity, including its compliance with any specified validity policy criteria.

Message Functions

CryptoAPI message functions consist of two groups of functions: low-level message functions and simplified message functions.

Low-level message functions create and work directly with PKCS #7 messages. These functions encode PKCS #7 data for transmission and decode PKCS #7 data received. They also decrypt and verify the signatures of received messages. For an overview of the PKCS #7 standard and low-level messages, see Low-level Messages.

Simplified message functions are at a higher level and wrap several low-level message functions and certificate functions into single functions that perform a specific task in a specific manner. These functions reduce the number of function calls needed to accomplish a task, thereby simplifying CryptoAPI use. For an overview of simplified messages, see Simplified Messages.

Low-level Message Functions

Low-level message functions provide the functionality necessary to encode data for transmission and to decode PKCS #7 messages received. Functionality is also provided to decrypt and verify the signatures of received messages. Use of these low-level message functions in most applications is not recommended. For most applications, the use of Simplified Message Functions, which wrap several low-level message functions into a single function call, is preferred.

Function	Description
CryptMsgCalculateEncodedLength	Calculates the length of an encoded cryptographic message.
CryptMsgClose	Closes a handle of a cryptographic message.
CryptMsgControl	Performs a special control function after the final CryptMsgUpdate of an encoded or decoded cryptographic message.
CryptMsgCountersign	Countersigns an already existing signature in a message.
CryptMsgCountersignEncoded	Countersigns an already existing signature (encoded SignerInfo, as defined by PKCS #7).
CryptMsgDuplicate	Duplicates a cryptographic message handle by incrementing the reference count. The reference count keeps track of the lifetime of the message.
CryptMsgGetParam	Acquires a parameter after encoding or decoding a cryptographic message.
CryptMsgOpenToDecode	Opens a cryptographic message for decoding.
CryptMsgOpenToEncode	Opens a cryptographic message for encoding.
CryptMsgUpdate	Updates the contents of a cryptographic message.
CryptMsgVerifyCountersignatureEncoded	Verifies a countersignature in terms of the SignerInfo structure (as defined by PKCS #7).
CryptMsgVerifyCountersignatureEncodedEx	Verifies that the pbSignerInfoCounterSignature parameter contains the encrypted hash of the encryptedDigest field of the pbSignerInfo parameter structure.

Simplified Message Functions

simplified message functions wrap Low-level Message Functions into a single function to accomplish a specified task.

Function	Description
CryptDecodeMessage	Decodes a cryptographic message.
CryptDecryptAndVerifyMessageSignature	Decrypts the specified message, and verifies the signer.
CryptDecryptMessage	Decrypts the specified message.
CryptEncryptMessage	Encrypts the message for the recipient or recipients.
CryptGetMessageCertificates	Returns the certificate store that contains the message's certificates and CRLs.
CryptGetMessageSignerCount	Returns the count of signers in the signed message.
CryptHashMessage	Creates a hash of the message.
CryptSignAndEncryptMessage	Signs the message, and then encrypts it for the recipient or recipients.
CryptSignMessageWithKey	Signs a message using a CSP's private key specified in the parameters to the function.
CryptSignMessage	Signs the message.
CryptVerifyDetachedMessageHash	Verifies a hashed message that contains a detached hash.
CryptVerifyDetachedMessageSignature	Verifies a signed message that contains a detached signature or signatures.
CryptVerifyMessageHash	Verifies a hashed message.
CryptVerifyMessageSignature	Verifies a signed message.
CryptVerifyMessageSignatureWithKey	Verifies a signed message's signature by using specified public key information.

Auxiliary Functions

The auxiliary functions are grouped as follows:

Data Management Functions
Data Conversion Functions
Enhanced Key Usage Functions
Key Identifier Functions
OID Support Functions
Remote Object Retrieval Functions
PFX Functions

Data Management Functions

The following CryptoAPI functions manage data and certificates.

Function	Description
CertCompareCertificate	Compares two certificates to determine whether they are identical.
CertCompareCertificateName	Compares two certificate names to determine whether they are identical.
CertCompareIntegerBlob	Compares two integer BLOBs.
CertComparePublicKeyInfo	Compares two public keys to determine whether they are identical.
CertFindAttribute	Finds the first attribute identified by its object identifier (OID).
CertFindExtension	Finds the first extension identified by its OID.
CertFindRDNAttr	Finds the first RDN attribute identified by its OID in the name list of the Relative Distinguished Names.
CertGetIntendedKeyUsage	Acquires the intended key usage bytes from the certificate.
CertGetPublicKeyLength	Acquires the public/private key's bit length from the public key BLOB.
CertIsRDNAttrsInCertificateName	Compares the attributes in the certificate name with the specified CERT_RDN to determine whether all attributes are included there.
CertIsStrongHashToSign	Determines whether the specified hash algorithm and the public key in the signing certificate can be used to perform strong signing.
CertVerifyCRLRevocation	Verifies that the subject certificate is not on the certificate revocation list (CRL).
CertVerifyCRLTimeValidity	Verifies the time validity of a CRL.
CertVerifyRevocation	Verifies that the subject certificate is not on the CRL.
CertVerifyTimeValidity	Verifies the time validity of a certificate.
CertVerifyValidityNesting	Verifies that the subject's time validity nests within the issuer's time validity.
CryptExportPKCS8	This function is superseded by the CryptExportPKCS8Ex function.
CryptExportPKCS8Ex	Exports the private key in PKCS #8 format.
CryptExportPublicKeyInfo	Exports the public key information associated with the provider's corresponding private key.
CryptExportPublicKeyInfoEx	Exports the public key information associated with the provider's corresponding private key. This function differs from CryptExportPublicKeyInfo in that the user can specify the public key algorithm, thereby overriding the default provided by the CSP.
CryptExportPublicKeyInfoFromBCryptKeyHandle	Exports the public key info associated with a provider's corresponding private key.
CryptFindCertificateKeyProvInfo	Enumerates the cryptographic providers and their key containers to find the private key that corresponds to a certificate's public key.
CryptFindLocalizedName	Finds the localized name for a specified name, for example, finds the localized name for the store name of the Root system.
CryptHashCertificate	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Hashes the encoded content.
CryptHashCertificate2	Hashes a block of data by using a Cryptography API: Next Generation (CNG) hash provider.
CryptHashPublicKeyInfo	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Computes the hash of the encoded public key information.
CryptHashToBeSigned	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Computes the hash of the "to be signed" information in the encoded signed content (CERT_SIGNED_CONTENT_INFO).
CryptImportPKCS8	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Imports the private key in PKCS #8 format to a cryptographic service provider (CSP).
CryptImportPublicKeyInfo	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Converts and imports public key information into the provider, and returns a handle of the public key.
CryptImportPublicKeyInfoEx	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Converts and imports the public key information into the provider, and returns a handle of the public key. Additional parameters (over those specified by CryptImportPublicKeyInfo) that can be used to override defaults are provided to supplement CERT_PUBLIC_KEY_INFO.
CryptImportPublicKeyInfoEx2	Imports a public key into a CNG asymmetric provider.
CryptMemAlloc	Allocates memory for a buffer. This memory is used by all Crypt32.lib functions that return allocated buffers.
CryptMemFree	Frees memory allocated by CryptMemAlloc or CryptMemRealloc.
CryptMemRealloc	Frees memory currently allocated for a buffer, and allocates memory for a new buffer.
CryptQueryObject	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Retrieves information about the content of a BLOB or a file.
CryptSignAndEncodeCertificate	Encodes the "to be signed" information, signs this encoded information, and encodes the resulting signed, encoded information.
CryptSignCertificate	Signs the "to be signed" information in the encoded, signed content.
CryptSIPAddProvider	Adds a Subject Interface Package (SIP).
CryptSIPCreateIndirectData	Returns a SIP_INDIRECT_DATA structure that contains a hash of the supplied SIP_SUBJECTINFO structure, the digest algorithm, and an encoding attribute. The hash can be used as an indirect reference to the data.
CryptSIPGetCaps	Retrieves the capabilities of an SIP.
CryptSIPGetSignedDataMsg	Retrieves an Authenticode signature from the file.
CryptSIPLoad	Loads the dynamic link library that implements a subject interface package and assigns appropriate library export functions to a SIP_DISPATCH_INFO structure.
CryptSIPPutSignedDataMsg	Stores an Authenticode Signature in the target file.
CryptSIPRemoveProvider	Removes a SIP added by a previous call to the CryptSIPAddProvider function.
CryptSIPRemoveSignedDataMsg	Removes a specified Authenticode signature.
CryptSIPRetrieveSubjectGuid	Retrieves a GUID based on the header information in a specified file.
CryptSIPRetrieveSubjectGuidForCatalogFile	Retrieves the subject GUID associated with the specified file.
CryptSIPVerifyIndirectData	Validates the indirect hashed data against the supplied subject.
CryptUpdateProtectedState	Migrates the current user's master keys after the user's security identifier (SID) has changed.
CryptVerifyCertificateSignature	Verifies the signature of a subject certificate or a CRL by using the public key information.
CryptVerifyCertificateSignatureEx	An extended version of CryptVerifyCertificateSignature.
GetEncSChannel	Stores the encrypted Schannel DLL contents in memory.
pCryptSIPGetCaps	Implemented by an SIP to report capabilities.

Data Conversion Functions

The following CryptoAPI functions convert certificate structure members to different forms.

Function	Description
CertAlgIdToOID	Converts a CryptoAPI algorithm identifier (ALG_ID) to an Abstract Syntax Notation One (ASN.1) object identifier (OID) string.
CertGetNameString	Acquires the subject or issuer name from a certificate, and converts it to a null-terminated character string.
CertNameToStr	Converts a certificate name BLOB to a zero-terminated string.
CertOIDToAlgId	Converts the ASN.1 Object Identifier string to the CSP algorithm identifier.
CertRDNValueToStr	Converts a Name Value to a null-terminated string.
CertStrToName	Converts a null-terminated X.500 string to an encoded certificate name.
CryptBinaryToString	Converts a binary sequence into a formatted string.
CryptFormatObject	Formats encoded data, and returns a Unicode string.
CryptStringToBinary	Converts a formatted string to a binary sequence.

Enhanced Key Usage Functions

The following functions deal with the enhanced key usage (EKU) extension and the EKU extended property of certificates. The EKU extension and extended property specify and limit the valid uses of a certificate. The extensions are part of the certificate itself. They are set by the issuer of the certificate and are read-only. Certificate-extended properties are values associated with a certificate that can be set in an application.

Function	Description
CertAddEnhancedKeyUsageIdentifier	Adds a usage identifier to a certificate's EKU property.
CertGetEnhancedKeyUsage	Acquires, from a certificate, information about the EKU extension or property.
CertRemoveEnhancedKeyUsageIdentifier	Removes the usage identifier from a certificate's EKU extended property.
CertSetEnhancedKeyUsage	Sets the EKU property for a certificate.

Key Identifier Functions

Key identifier functions allow the user to create, set, retrieve, or locate a key identifier or its properties.

A key identifier is the unique identifier of a public/private key pair. It can be any unique identifier but is usually the 20-byte SHA1 hash of an encoded CERT_PUBLIC_KEY_INFO structure. A key identifier can be obtained through the certificate's CERT_KEY_IDENTIFIER_PROP_ID. The key identifier allows the use of that key pair to encrypt or decrypt messages without using the certificate.

Key identifiers are not associated with CRLs or CTLs.

A key identifier can have the same properties as a certificate context. For more information, see CertCreateContext.

Function	Description
CryptCreateKeyIdentifierFromCSP	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Creates a key identifier from a CSP's public key BLOB.
CryptEnumKeyIdentifierProperties	Enumerates key identifiers and their properties.
CryptGetKeyIdentifierProperty	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Acquires a specific property from a specified key identifier.
CryptSetKeyIdentifierProperty	Important: This API is deprecated. New and existing software should start using Cryptography Next Generation APIs. Microsoft may remove this API in future releases. Sets a property of a specified key identifier.

OID Support Functions

These functions provide object identifier (OID) support. These functions install, register, and dispatch to OID and encoding type-specific functions.

The following CryptoAPI functions use these OID support functions:

For an overview of this process, see Extending CryptoAPI Functionality.

The following functions work with OIDs.

Function	Description
CryptEnumOIDFunction	Enumerates the registered OID functions identified by their encoding type, function name, and OID.
CryptEnumOIDInfo	Enumerates the registered OID information identified by their group, and calls pfnEnumOIDInfo for matches.
CryptFindOIDInfo	Uses the specified key and group to find OID information.
CryptFreeOIDFunctionAddress	Releases the handle count that was incremented and returned by CryptGetOIDFunctionAddress or CryptGetDefaultOIDFunctionAddress.
CryptGetDefaultOIDDllList	Acquires the list of registered default DLL entries for the specified function set and encoding type.
CryptGetDefaultOIDFunctionAddress	Either acquires the first or next installed default function, or loads the DLL that contains the default function.
CryptGetOIDFunctionAddress	Searches the list of installed functions for an encoding type and OID match. If a match is not found there, the registry is searched for a match.
CryptGetOIDFunctionValue	Acquires the value for the specified encoding type, function name, OID, and value name.
CryptInitOIDFunctionSet	Initializes and returns a handle of the OID function set identified by the function name supplied.
CryptInstallOIDFunctionAddress	Installs a set of callable OID function addresses.
CryptRegisterDefaultOIDFunction	Registers the DLL that contains the default function to be called for the specified encoding type and function name.
CryptRegisterOIDFunction	Registers the DLL that contains the function to be called for the specified encoding type, function name, and OID.
CryptRegisterOIDInfo	Registers the OID information specified in the CRYPT_OID_INFO structure, persisting it to the registry.
CryptSetOIDFunctionValue	Sets the value for the specified encoding type, function name, OID, and value name.
CryptUnregisterDefaultOIDFunction	Removes the registration for the DLL that contains the default function to be called for the specified encoding type and function name.
CryptUnregisterOIDFunction	Removes the registration for the DLL that contains the function to be called for the specified encoding type, function name, and OID.
CryptUnregisterOIDInfo	Removes the registration for the specified OID information.

Remote Object Retrieval Functions

The following functions allow the user to retrieve a Public Key Infrastructure (PKI) object, acquire the URL of a certificate, CTL, or CRL, or to extract a URL from an object.

Function	Description
CryptGetObjectUrl	Acquires the URL of the remote object from a certificate, CTL, or CRL.
CryptRetrieveObjectByUrl	Retrieves the PKI object from a location specified by a URL.

PFX Functions

The following functions support Personal Information Exchange (PFX) format BLOBs.

Function	Description
PFXExportCertStore	Exports from the referenced certificate store the certificates and, if available, their associated private keys.
PFXExportCertStoreEx	Exports from the referenced certificate store the certificates and, if available, their associated private keys.
PFXImportCertStore	Imports a PFX BLOB, and returns the handle of a store that contains certificates and any associated private keys.
PFXIsPFXBlob	Attempts to decode the outer layer of a BLOB as a PFX packet.
PFXVerifyPassword	Attempts to decode the outer layer of a BLOB as a PFX packet and to decrypt it with the given password.

Certificate Services Backup and Restore Functions

Certificate Services includes functions for backing up and restoring the Certificate Services database. These Certificate Services backup and restore functions are contained in Certadm.dll. Unlike the other API elements associated with Certificate Services, these functions are not encapsulated in an object that can be used to call class methods. Instead, the backup and restore APIs are called by first loading the Certadm.dll library into memory by calling LoadLibrary and then determining the address of the functions by calling GetProcAddress. When you have finished calling the Certificate Services backup and restore functions, call FreeLibrary to free Certadm.dll resources from memory.

Note

Backup and restore functions provided by Certadm.dll do not backup or restore the Certificate Service's private keys. For information about backing up the Certificate Services private keys, see Backing Up and Restoring the Certificate Services Private Key.

To call the backup and restore functions, you must have backup and restore privileges. For details, see Setting the Backup and Restore Privileges.

Note

If CoInitializeEx was previously called in the same thread used to call the Certificate Services backup and restore APIs, the COINIT_APARTMENTTHREADED flag must have been passed to CoInitializeEx. That is, when using the same thread, you cannot call the Certificate Services backup and restore API if the thread has previously passed in the COINIT_MULTITHREADED flag in a call to CoInitializeEx.

The Certificate Services Backup APIs are defined in Certbcli.h. However, when you create your program, use Certsrv.h as the include file.

The following APIs are exported by Certadm.dll.

Function	Description
CertSrvBackupClose	Closes an opened file.
CertSrvBackupEnd	Ends a backup session.
CertSrvBackupFree	Frees a buffer allocated by the backup and restore APIs.
CertSrvBackupGetBackupLogs	Returns a list of log files that need to be backed up.
CertSrvBackupGetDatabaseNames	Returns a list of database files that need to be backed up.
CertSrvBackupGetDynamicFileList	Retrieves the list of Certificate Services dynamic file names that need to be backed up for the given backup context.
CertSrvBackupOpenFile	Opens a file in preparation for backing it up.
CertSrvBackupPrepare	Prepares the database for the online backup.
CertSrvBackupRead	Reads the contents of an opened file.
CertSrvBackupTruncateLogs	Truncates the log files.
CertSrvIsServerOnline	Determines whether a Certificate Services server is online (actively running).
CertSrvRestoreEnd	Ends a restore session.
CertSrvRestoreGetDatabaseLocations	Retrieves database locations (used for both backup and restore scenarios).
CertSrvRestorePrepare	Begins a restore session.
CertSrvRestoreRegister	Registers a restore operation.
CertSrvRestoreRegisterComplete	Completes a previously registered restore operation.
CertSrvRestoreRegisterThroughFile	Registers a restore operation.
CertSrvServerControl	Sends a control command to the Certificate Services instance.

Callback Functions

The callback functions in this section are used to register or install application-defined certificate store providers and to provide related functionality through callback functions. Callback functions are implemented by an application and are called by CryptoAPI functions. Callback functions enable the application to control, in part, the way that CryptoAPI functions manipulate data.

Callback function	Use
CertChainFindByIssuerCallback	An application-defined callback function that allows the application to filter certificates that might be added to the certificate chain.
CertDllOpenStoreProv	Defines the store provider open function.
CertEnumPhysicalStoreCallback	Callback function used by the CertEnumPhysicalStore function to format and present information on each physical store found.
CertEnumSystemStoreCallback	Callback function used by the CertEnumSystemStore function to format and present information on each physical store found.
CertEnumSystemStoreLocationCallback	Callback function used by the CertEnumSystemStoreLocation function to format and present information on each physical store found.
CertStoreProvCloseCallback	Determines what happens when an open store's reference count becomes zero.
CertStoreProvControl	Allows an application to be notified when there is a difference between the contents of a cached store in use and the contents of that store as it is persisted to storage.
CertStoreProvDeleteCertCallback	Determines actions to be taken before a certificate is deleted from a certificate store.
CertStoreProvDeleteCRLCallback	Determines actions to be taken before a certificate revocation list (CRL) is deleted from a certificate store.
CertStoreProvDeleteCTL	Determines whether a CTL can be deleted.
CertStoreProvFindCert	Finds the first, or next, certificate in a store that matches specified criteria.
CertStoreProvFindCRL	Finds the first, or next, CRL in a store that matches specified criteria.
CertStoreProvFindCTL	Finds the first, or next, CTL in a store that matches specified criteria.
CertStoreProvFreeFindCert	Frees a previously found certificate context.
CertStoreProvFreeFindCRL	Frees a previously found CRL context.
CertStoreProvFreeFindCTL	Frees a previously found CTL context.
CertStoreProvGetCertProperty	Retrieves a specified property of a certificate.
CertStoreProvGetCRLProperty	Retrieves a specified property of a CRL.
CertStoreProvGetCTLProperty	Retrieves a specified property of a CTL.
CertStoreProvReadCertCallback	Currently not used but might be exported to future CSPs.
CertStoreProvReadCRLCallback	Currently not used but might be exported to future CSPs.
CertStoreProvReadCTL	Read the provider's copy of the CTL context, and, if it exists, create a new CTL context.
CertStoreProvSetCertPropertyCallback	Determines actions to be taken before a call to CertSetCertificateContextProperty or CertGetCertificateContextProperty.
CertStoreProvSetCRLPropertyCallback	Determines actions to be taken before a call to CertSetCRLContextProperty or CertGetCRLContextProperty.
CertStoreProvSetCTLProperty	Determines whether a property can be set on a CTL.
CertStoreProvWriteCertCallback	Determines actions to be taken before adding a certificate to a store.
CertStoreProvWriteCRLCallback	Determines actions to be taken before adding a CRL to a store.
CertStoreProvWriteCTL	Determines whether a CTL can be added to the store.
CRYPT_ENUM_KEYID_PROP	Callback function used by the CryptEnumKeyIdentifierProperties function.
CRYPT_ENUM_OID_FUNCTION	Callback function used by the CryptEnumOIDFunction function.
CRYPT_ENUM_OID_INFO	Callback function used by the CryptEnumOIDInfo function.
CryptGetSignerCertificateCallback	Callback function used with the CRYPT_VERIFY_MESSAGE_PARA structure to get and verify a message signer's certificate.
PCRYPT_DECRYPT_PRIVATE_KEY_FUNC	Callback function used by the CryptImportPKCS8 function.
PCRYPT_ENCRYPT_PRIVATE_KEY_FUNC	Callback function used when creating the CRYPT_ENCRYPTED_PRIVATE_KEY_INFO structure.
PCRYPT_RESOLVE_HCRYPTPROV_FUNC	Callback function used by the CryptImportPKCS8 function.
PFN_CDF_PARSE_ERROR_CALLBACK	A user-defined function called for Catalog Definition Function errors while parsing a catalog definition file (CDF).
PFN_CERT_CREATE_CONTEXT_SORT_FUNC	Called for each sorted context entry when a context is created.
PFN_CMSG_CNG_IMPORT_CONTENT_ENCRYPT_KEY	A CNG object identifier (OID) installable function for import of an already decrypted content encryption key (CEK).
PFN_CMSG_CNG_IMPORT_KEY_AGREE	Imports a content encryption key for a key transport recipient of an enveloped message.
PFN_CMSG_CNG_IMPORT_KEY_TRANS	A CNG OID installable function for import and decryption of a key-transport-recipient, encrypted, content encryption key (CEK).
PFN_CMSG_EXPORT_KEY_AGREE	Encrypts and exports the content encryption key for a key agreement recipient of an enveloped message.
PFN_CMSG_EXPORT_KEY_TRANS	Encrypts and exports the content encryption key for a key transport recipient of an enveloped message.
PFN_CMSG_EXPORT_MAIL_LIST	Encrypts and exports the content encryption key for a mailing list recipient of an enveloped message.
PFN_CMSG_GEN_CONTENT_ENCRYPT_KEY	Generates the symmetric key used to encrypt content for an enveloped message.
PFN_CMSG_IMPORT_KEY_AGREE	Imports a content encryption key for a key transport recipient of an enveloped message.
PFN_CMSG_IMPORT_KEY_TRANS	Imports a content encryption key for a key transport recipient of an enveloped message.
PFN_CMSG_IMPORT_MAIL_LIST	Imports a content encryption key for a key transport recipient of an enveloped message.
PFN_CRYPT_EXPORT_PUBLIC_KEY_INFO_EX2_FUNC	Called by CryptExportPublicKeyInfoEx to export a public key BLOB and encode it.
PFN_CRYPT_EXTRACT_ENCODED_SIGNATURE_PARAMETERS_FUNC	Called to decode and return the hash algorithm identifier and optionally the signature parameters.
PFN_CRYPT_SIGN_AND_ENCODE_HASH_FUNC	Called to sign and encode a computed hash.
PFN_CRYPT_VERIFY_ENCODED_SIGNATURE_FUNC	Called to decrypt an encoded signature and compare it to a computed hash.
PFN_IMPORT_PUBLIC_KEY_INFO_EX2_FUNC	Called by CryptImportPublicKeyInfoEx2 to decode the public key algorithm identifier, load the algorithm provider, and import the key pair.
PFNCCERTDISPLAYPROC	A user-defined callback function that allows the caller of the CryptUIDlgSelectCertificate function to handle the display of certificates that the user selects to view.
PFNCMFILTERPROC	Filters each certificate to decide if it will appear in the certificate selection dialog box displayed by the CertSelectCertificate function.
PFNCMHOOKPROC	Called before messages are processed by the certificate selection dialog box produced by the CertSelectCertificate function.

Catalog Definition Functions

These functions are used to create a catalog. All of these functions are called by MakeCat.

Function	Description
CryptCATCDFClose	Closes a catalog definition file and frees the memory for the corresponding CRYPTCATCDF structure.
CryptCATCDFEnumAttributesWithCDFTag	Enumerates the attributes of member files in the CatalogFiles section of a CDF.
CryptCATCDFEnumCatAttributes	Enumerates catalog-level attributes within the CatalogHeader section of a CDF.
CryptCATCDFEnumMembersByCDFTagEx	Enumerates the individual file members in the CatalogFiles section of a CDF.
CryptCATCDFOpen	Opens an existing CDF for reading and initializes a CRYPTCATCDF structure.

Catalog Functions

These functions are used to manage a catalog.

Function	Description
CryptCATAdminAcquireContext	Acquires a handle to a catalog administrator context. This handle can be used by subsequent calls to the CryptCATAdminAddCatalog, CryptCATAdminEnumCatalogFromHash, and CryptCATAdminRemoveCatalog functions.
CryptCATAdminAcquireContext2	Acquires a handle to a catalog administrator context for a given hash algorithm and hash policy.
CryptCATAdminAddCatalog	Adds a catalog to the catalog database.
CryptCATAdminCalcHashFromFileHandle	Calculates the hash for a file.
CryptCATAdminCalcHashFromFileHandle2	Calculates the hash for a file by using the specified algorithm.
CryptCATAdminEnumCatalogFromHash	Enumerates the catalogs that contain a specified hash.
CryptCATAdminReleaseCatalogContext	Releases a handle to a catalog context previously returned by the CryptCATAdminAddCatalog function.
CryptCATAdminReleaseContext	Releases the handle previously assigned by the CryptCATAdminAcquireContext function.
CryptCATAdminRemoveCatalog	Deletes a catalog file and removes that catalog's entry from the Windows catalog database.
CryptCATAdminResolveCatalogPath	Retrieves the fully qualified path of the specified catalog.
CryptCATCatalogInfoFromContext	Retrieves catalog information from a specified catalog context.
CryptCATClose	Closes a catalog handle opened previously by the CryptCATOpen function.
CryptCATEnumerateAttr	Enumerates the attributes associated with a member of a catalog.
CryptCATEnumerateCatAttr	Enumerates the attributes associated with a catalog.
CryptCATEnumerateMember	Enumerates the members of a catalog.
CryptCATGetAttrInfo	Retrieves information about an attribute of a member of a catalog.
CryptCATGetMemberInfo	Retrieves member information from the catalog's PKCS #7. In addition to retrieving the member information for a specified reference tag, this function opens a member context.
CryptCATOpen	Opens a catalog, and returns a context handle to the open catalog.
IsCatalogFile	Retrieves a Boolean value that indicates whether the specified file is a catalog file.

WinTrust Functions

The following functions are used to perform various trust operations.

Function	Description
WintrustAddActionID	Adds a trust provider action to the user's system.
WintrustGetRegPolicyFlags	Retrieves policy flags for a policy provider.
WintrustAddDefaultForUsage	Specifies the default usage identifier and callback information for a provider
WintrustGetDefaultForUsage	Retrieves the default usage identifier and callback information.
WintrustLoadFunctionPointers	Loads function entry points for a specified action GUID.
WintrustRemoveActionID	Removes an action added by the WintrustAddActionID function.
WintrustSetDefaultIncludePEPageHashes	Sets the default setting that determines whether page hashes are included when creating subject interface package (SIP) indirect data for portable executable files.
WintrustSetRegPolicyFlags	Sets policy flags for a policy provider.
WinVerifyTrust	Performs a trust verification action on a specified object.
WinVerifyTrustEx	Performs a trust verification action on a specified object and takes a pointer to a WINTRUST_DATA structure.
WTHelperCertCheckValidSignature	Checks whether a signature is valid.
WTHelperCertFindIssuerCertificate	Finds an issuer certificate from the specified certificate stores that matches the specified subject certificate.
WTHelperCertIsSelfSigned	Checks whether a certificate is self-signed.
WTHelperGetFileHash	Verifies the signature of a signed file and obtains the hash value and algorithm identifier for the file.
WTHelperGetProvCertFromChain	Retrieves a trust provider certificate from the certificate chain.
WTHelperGetProvPrivateDataFromChain	Receives a CRYPT_PROVIDER_PRIVDATA structure from the chain by using the provider ID.
WTHelperGetProvSignerFromChain	Retrieves a signer or countersigner by index from the chain.
WTHelperProvDataFromStateData	Retrieves trust provider information from a specified handle.

Object Locator Functions

The following callback functions can be implemented by a custom provider that is intended to be called by the Secure Channel (Schannel) security package to retrieve certificates.

Function	Description
PFN_CRYPT_OBJECT_LOCATOR_PROVIDER_FLUSH	Specifies that an object has changed.
PFN_CRYPT_OBJECT_LOCATOR_PROVIDER_GET	Retrieves an object.
PFN_CRYPT_OBJECT_LOCATOR_PROVIDER_RELEASE	Releases the provider.
PFN_CRYPT_OBJECT_LOCATOR_PROVIDER_FREE_PASSWORD	Releases the password used to encrypt a PFX byte array.
PFN_CRYPT_OBJECT_LOCATOR_PROVIDER_FREE	Releases the object returned by the provider.
PFN_CRYPT_OBJECT_LOCATOR_PROVIDER_FREE_IDENTIFIER	Releases memory for an object identifier.
PFN_CRYPT_OBJECT_LOCATOR_PROVIDER_INITIALIZE	Initializes the provider.

FAQs

Cryptography Functions - Win32 apps? ›

Some common applications that use cryptographic functions include: Cryptographic key generation and exchange. Data encryption and decryption. Digital signature creation and verification.

Read On ›

What are the five primary functions of cryptography? ›

Key principles of cryptography

Confidentiality. Confidentiality agreements have rules and guidelines to keep the information secure and private. ...
Authentication. ...
Encryption. ...
Data integrity. ...
Non-repudiation. ...
Key management. ...
Symmetric cryptography. ...
Asymmetric cryptography.

More items...

Feb 13, 2023

Discover More Details ›

What are the applications of cryptography? ›

Some common applications that use cryptographic functions include: Cryptographic key generation and exchange. Data encryption and decryption. Digital signature creation and verification.

What is the main function of cryptography? ›

Individuals and organizations use cryptography on a daily basis to protect their privacy and keep their conversations and data confidential. Cryptography ensures confidentiality by encrypting sent messages using an algorithm with a key only known to the sender and recipient.

See Details ›

What is a function in cryptography? ›

A cryptographic hash function is an algorithm that takes an arbitrary amount of data input—a credential—and produces a fixed-size output of enciphered text called a hash value, or just “hash.” That enciphered text can then be stored instead of the password itself, and later used to verify the user.

Find Out More ›

What are the four functions of cryptography? ›

Cryptography is a technique of securing communication by converting plain text into ciphertext. It involves various algorithms and protocols to ensure data confidentiality, integrity, authentication, and non-repudiation.

Tell Me More ›

What are 4 key cryptography pillars? ›

Data Confidentiality, Data Integrity, Authentication and Non-repudiation are core principles of modern-day cryptography. Confidentiality refers to certain rules and guidelines usually executed under confidentiality agreements which ensure that the information is restricted to certain people or places.

Show Me More ›

How is cryptography used in daily applications? ›

Cryptographic protocols, such as Secure Sockets Layer (SSL) and Transport Layer Security (TLS), are used to secure communication over the internet. These protocols encrypt data exchanged between websites, mobile apps, and users, protecting sensitive information from interception by unauthorized parties.

Explore More ›

What are the three types of cryptography? ›

Cryptography and its Types

It protects information and communications through codes so only those for whom the information is intended can read and process it. There are three main types of cryptography: symmetric key encryption, asymmetric key encryption, and public-key encryption.

What are the two most basic functions in cryptography? ›

Answer and Explanation:

Substitution: In this method, every letter/symbol in the document or plaintext file is mapped into some other elements.
Transposition: This method incorporates re-arrangement of those elements that are saved in the plaintext file.

Show Me More ›

Which type of function is used in cryptography? ›

Hash functions are mathematical functions that transform or "map" a given data set into a bit string of fixed size, also known as the "hash value." Hash functions are used in cryptography and have variable levels of complexity and difficulty.

Read The Full Story ›

What are the two main goals of cryptography? ›

Cryptography has four major goals: confidentiality, integrity, authentication, and non-repudiation. Put another way, the goals are data privacy (confidential treatment), data authenticity (verified source), and data integrity (original and unaltered message).

See Details ›

How to use hash function in cryptography? ›

The hash function generates a hash code by operating on two blocks of fixed-length binary data. Hashing algorithm is a process for using the hash function, specifying how the message will be broken up and how the results from previous message blocks are chained together.

Get More Info Here ›

What are two common hash functions? ›

The most common hash functions used in digital forensics are Message Digest 5 (MD5), and Secure Hashing Algorithm (SHA) 1 and 2.

What are Boolean functions in cryptography? ›

Boolean functions are the building blocks of symmetric cryptographic systems. Symmetrical cryptographic algorithms are fundamental tools in the design of all types of digital security systems (i.e. communications, financial and e-commerce).

What is a function in network security? ›

Hash Function is a function that has a huge role in making a System Secure as it converts normal data given to it as an irregular value of fixed length. We can imagine it to be a Shaker in our homes. When we put data into this function it outputs an irregular value.

View Details ›

How do you define a function? ›

A function is defined as a relation between a set of inputs having one output each. In simple words, a function is a relationship between inputs where each input is related to exactly one output.

What is a function in algorithm? ›

Algorithm: An algorithm is a recipe or a description of a mechanical set of steps for performing some task. Function: A function is any relationship between inputs and outputs in which each input leads to exactly one output.

Learn More ›

What is the definition of of a function? ›

function, in mathematics, an expression, rule, or law that defines a relationship between one variable (the independent variable) and another variable (the dependent variable). Functions are ubiquitous in mathematics and are essential for formulating physical relationships in the sciences.

Discover More Details ›