Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The CRYPT_OID_INFO structure contains information about an object identifier (OID). These structures give the relationship among an OID identifier, its name, its group, and other information about the OID. These structures can be listed by using the CryptEnumOIDInfo function. New CRYPT_OID_STRUCTURES can be added by using the CryptRegisterOIDInfo function.
Syntax
typedef struct _CRYPT_OID_INFO {
DWORD cbSize;
LPCSTR pszOID;
LPCWSTR pwszName;
DWORD dwGroupId;
union {
DWORD dwValue;
ALG_ID Algid;
DWORD dwLength;
} DUMMYUNIONNAME;
CRYPT_DATA_BLOB ExtraInfo;
LPCWSTR pwszCNGAlgid;
LPCWSTR pwszCNGExtraAlgid;
} CRYPT_OID_INFO, *PCRYPT_OID_INFO;
Members
cbSize
The size, in bytes, of this structure.
pszOID
The OID associated with this OID information.
pwszName
The display name associated with an OID.
dwGroupId
The group identifier value associated with this OID information.
This member can be one of the following dwGroupId group identifiers.
DUMMYUNIONNAME
DUMMYUNIONNAME.dwValue
A numeric value associated with this OID information. This member is used with dwGroupId CRYPT_SIGN_ALG_OID_GROUP_ID.
DUMMYUNIONNAME.Algid
The algorithm identifier associated with this OID information.
This member applies for the following values of dwGroupId:
- CRYPT_HASH_ALG_OID_GROUP_ID
- CRYPT_ENCRYPT_ALG_OID_GROUP_ID
- CRYPT_PUBKEY_ALG_OID_GROUP_ID
- CRYPT_SIGN_ALG_OID_GROUP_ID
DUMMYUNIONNAME.dwLength
This member is not implemented. It is always set to zero.
ExtraInfo
Extra information used to find or register OID information. This member applies for the following values of dwGroupId:
- CRYPT_PUBKEY_ALG_OID_GROUP_ID
- CRYPT_SIGN_ALG_OID_GROUP_ID
- CRYPT_RDN_ATTR_OID_GROUP_ID
The OIDs in the CRYPT_ENCRYPT_ALG_OID_GROUP_ID OID group have a bit length set for the AES algorithms in the DWORD[0] member of the ExtraInfo member.
The OIDs in the CRYPT_PUBKEY_ALG_OID_GROUP_ID group have a flag set in the DWORD[0] member of the ExtraInfo member.
The OIDs in the ECC curve name public keys, for example, szOID_ECC_CURVE_P256 ("1.2.840.10045.3.1.7"), have a flag set in the DWORD[0] member, a BCRYPT_ECCKEY_BLOB dwMagic field value set in the DWORD[1] member, and a bit length where the BCRYPT_ECCKEY_BLOB cbKey value equals dwBitLength / 8 + ((dwBitLength % 8) ? 1 : 0) set in the DWORD[2] member of the ExtraInfo member.
The OIDs in the CRYPT_SIGN_ALG_OID_GROUP_ID group have a public key algorithm identifier set in the DWORD[0] member, a flag set in the DWORD[1] member, and an optional provider type set in the DWORD[2] member of the ExtraInfo member.
The OIDs in the CRYPT_RDN_ATTR_OID_GROUP_ID group have a null-terminated list of acceptable RDN attribute value types set in an array of DWORD values in the ExtraInfo member. An omitted list implies an array of values where the first value in the array is CERT_RDN_PRINTABLE_STRING, the second value in the array is CERT_RDN_UNICODE_STRING, and the third value in the array is zero.
The following values are used for the flags in the ExtraInfo member.
Value | Meaning |
---|---|
|
This flag is no longer used.
Stop the reformatting of the signature before the CryptVerifySignature function is called or after the CryptSignHash function is called. |
|
Omit NULL parameters when encoding. |
|
The public key is only used for encryption. |
|
The public key is only used for signatures. |
|
This flag is no longer used.
Include the parameters of the public key algorithm in the digestEncryptionAlgorithm parameters for the PKCS #7 message. |
Post-quantum use
CRYPT_PUBKEY_ALG_OID_GROUP_ID has the following ExtraInfo fields when used with PQ OIDs (above):
Field | Description |
---|---|
DWORD[0] | Flags |
DWORD[1] | Public Magic (e.g. BCRYPT_MLDSA_PUBLIC_MAGIC) |
DWORD[2] | Private Magic (e.g. BCRYPT_MLDSA_PRIVATE_SEED_MAGIC) |
DWORD[4] | Public Key Byte Length |
DWORD[5] | Private Key Byte Length |
DWORD[6] | Signature Byte Length |
CRYPT_SIGN_ALG_OID_GROUP_ID has the following ExtraInfo fields when used with PQ OIDs:
Field | Description |
---|---|
DWORD[0] | Flags |
DWORD[1] | Signature Byte Length |
CRYPT_HASH_ALG_OID_GROUP_ID can be set to L”NoHash” to indicate no hash before signing, and the PQ key will directly sign the ToBeSigned bytes.
pwszCNGAlgid
The algorithm identifier string passed to the CNG functions (the BCrypt* and NCrypt* functions that are defined in Bcrypt.h and Ncrypt.h). CNG functions use algorithm identifier strings, such as L"SHA1", instead of the ALG_ID data type constants, such as CALG_SHA1. Windows Server 2003 and Windows XP: This member is not available.
Note
The pwszCNGAlgid member is only available if you include the following statement in your code.
#define CRYPT_OID_INFO_HAS_EXTRA_FIELDS
This member applies for the following values of dwGroupId:
- CRYPT_HASH_ALG_OID_GROUP_ID
- CRYPT_ENCRYPT_ALG_OID_GROUP_ID
- CRYPT_PUBKEY_ALG_OID_GROUP_ID
- CRYPT_SIGN_ALG_OID_GROUP_ID
Set the pwszCNGAlgid member to the empty string, L"", for the other values of dwGroupId.
The pwszCNGAlgid member can also be set to a string value that is not passed directly to the CNG functions. The following table lists these values and their meanings:
Value | Meaning |
---|---|
CRYPT_OID_INFO_ECC_PARAMETERS_ALGORITHM | The ECC curve algorithm is obtained from the encoded parameters of the OID algorithm. |
CRYPT_OID_INFO_ECC_WRAP_PARAMETERS_ALGORITHM | The key wrap algorithm is obtained from the encoded parameters of the OID algorithm. |
CRYPT_OID_INFO_HASH_PARAMETERS_ALGORITHM | The hash algorithm is obtained from the encoded parameters of the OID algorithm. |
CRYPT_OID_INFO_MGF1_PARAMETERS_ALGORITHM | The PKCS #1 v2.1 mask generation hash algorithm is obtained from the encoded parameters of the OID algorithm. |
CRYPT_OID_INFO_NO_SIGN_ALGORITHM | A public key algorithm that indicates the signature value is an unsigned hash. |
CRYPT_OID_INFO_OAEP_PARAMETERS_ALGORITHM | The RSAES-OAEP padding hash algorithm is obtained from the encoded parameters of the OID algorithm. |
CRYPT32_MLDSA_44_ALGORITHML"ML-DSA:44" |
The ML-DSA algorithm combines the CNG algorithm name for ML-DSA and the CNG parameter set 44 (NIST security category 2). |
CRYPT32_MLDSA_65_ALGORITHML"ML-DSA:65" |
The ML-DSA algorithm combines the CNG algorithm name for ML-DSA and the CNG parameter set 65(NIST security category 3). |
CRYPT32_MLDSA_87_ALGORITHML"ML-DSA:87" |
The ML-DSA algorithm combines the CNG algorithm name for ML-DSA and the CNG parameter set 87 (NIST security category 5). |
CRYPT_OID_INFO_NO_HASH_ALGORITHML"NoHash" |
For PQ digital signatures, indicates there is no hash before signing, and the PQ key will directly sign the ToBeSigned bytes. |
pwszCNGExtraAlgid
An extra algorithm string, other than the string in the pwszCNGAlgid member, that can be passed to the CNG functions (the BCrypt* and NCrypt* functions that are defined in Bcrypt.h and Ncrypt.h).
Windows Server 2003 and Windows XP: This member is not available.
#define CRYPT_OID_INFO_HAS_EXTRA_FIELDS
For the signature algorithms (CRYPT_SIGN_ALG_OID_GROUP_ID), this member is the public key algorithm string to pass to the CNG functions.
For ECC signatures, this member is the special CRYPT_OID_INFO_ECC_PARAMETERS_ALGORITHM string value.
For unsigned signatures, this member is the special CRYPT_OID_INFO_NO_SIGN_ALGORITHM string value.
For ECC curve name public keys, for example, szOID_ECC_CURVE_P256 ("1.2.840.10045.3.1.7"), this is the special CRYPT_OID_INFO_ECC_PARAMETERS_ALGORITHM string value.
For the other values of dwGroupId, set the pwszCNGExtraAlgid member to the empty string, L"".
Requirements
Requirement | Value |
---|---|
Minimum supported client | Windows XP [desktop apps only] |
Minimum supported server | Windows Server 2003 [desktop apps only] |
Header | wincrypt.h |