Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The InitializeDecode method decodes an existing signed or unsigned PKCS #7 request object and uses it to initialize the new PKCS #7 object. The existing request is contained in a byte array that has been encoded by using Distinguished Encoding Rules (DER) as defined by the Abstract Syntax Notation One (ASN.1) standard. The byte array is represented by a string that is either a pure binary sequence or is Unicode encoded.
Syntax
HRESULT InitializeDecode(
[in] BSTR strEncodedData,
[in] EncodingType Encoding
);
Parameters
[in] strEncodedData
A BSTR variable that contains the DER-encoded request.
[in] Encoding
An EncodingType enumeration value that specifies the type of Unicode encoding applied to the input string that contains the DER-encoded request. The default value is XCN_CRYPT_STRING_BASE64.
Return value
If the function succeeds, the function returns S_OK.
If the function fails, it returns an HRESULT value that indicates the error. Possible values include, but are not limited to, those in the following table. For a list of common error codes, see Common HRESULT Values.
| Return code/value | Description |
|---|---|
|
The request object has already been initialized. |
Remarks
The InitializeDecode method:
- Decodes the PKCS #7 request specified on input.
- Uses the decoded object to create an inner PKCS #10 request with the following collections:
- An empty ICryptAttributes collection.
- An empty IX509Extensions collection.
- An empty IObjectIds collection for critical extensions.
- An empty IObjectIds collection for attribute and extension OIDs to be suppressed from the new request.
- Adds the decoded extensions to the IX509Extensions collection.
- Adds the decoded attributes to the ICryptAttributes collection
- Sets the ClientId property.
- Sets the TemplateObjectId property.
- Uses the signature on the original PKCS #7 request to create a new ISignerCertificate object.
- Retrieves an IX509SignatureInformation object from the ISignerCertificate object.
- Initializes the new IX509SignatureInformation object by using the original signature and hash algorithms.
- Sets the PKCS #10 request as the inner request object.
By default, the InitializeDecode method assumes that the certificate request to be decoded is for an end user. Beginning with Windows 8 and Windows Server 2012, you can change this default behavior. After creating an instance of the IX509CertificateRequestPkcs7 interface, call InitializeDecode by setting the Encoding parameter to XCN_CRYPT_STRING_BINARY and the strEncodedData parameter to one of the following values:
| Value | Description |
|---|---|
| L"ContextMachine" | The encoded certificate request is for a computer. |
| L"ContextUser" | The encoded certificate request is for an end user. |
| L"ContextAdministratorForceMachine" | The encoded certificate is being requested by an administrator acting on the behalf of a computer. |
Then, call the InitializeDecode method again with the encoded certificate set in the strEncodedData argument.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows Vista [desktop apps only] |
| Minimum supported server | Windows Server 2008 [desktop apps only] |
| Target Platform | Windows |
| Header | certenroll.h |
| DLL | CertEnroll.dll |