51. EPMO Open Source Coordination Office Redaction File Detail Report

Produced by Araxis Merge on 2/17/2017 12:43:25 PM Central Standard Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.

51.1 Files compared

#	Location	File	Last Modified
1	CPRS_V32_T20_cif.zip\OR_30_405V20_SRC.zip\XE3\PKI\Source	wcrypt2.pas	Thu Dec 15 14:29:30 2016 UTC
2	CPRS_V32_T20_cif.zip\OR_30_405V20_SRC.zip\XE3\PKI\Source	wcrypt2.pas	Fri Feb 17 18:32:41 2017 UTC

51.2 Comparison summary

Description	Between Files 1 and 2
Description	Text Blocks	Lines
Unchanged	2	17974
Changed	1	2
Inserted	0	0
Removed	0	0

51.3 Comparison options

Whitespace
Character case	Differences in character case are significant
Line endings	Differences in line endings (`CR` and `LF` characters) are ignored
CR/LF characters	Not shown in the comparison detail

51.4 Active regular expressions

No regular expressions were active.

51.5 Comparison detail

	1	{ ****** ****** ****** ****** ****** ****** ****** }
	2	{ }
	3	{ Borland Delphi Run time Libra ry }
	4	{ Cryptogr aphic API interface unit }
	5	{ }
	6	{ Portions created b y Microsof t are }
	7	{ Copyrigh t (C) 1993 -1998 Micr osoft Corp oration. }
	8	{ All Righ ts Reserve d. }
	9	{ }
	10	{ The orig inal file is: wincry pt.h, 1992 - 1997 }
	11	{ The orig inal Pasca l code is: wcrypt2.p as, releas ed 01 Jan 1998 }
	12	{ The init ial develo per of the Pascal co de is }
	13	{ Massimo Maria Ghis alberti ( nissl@dada .it) }
	14	{ }
	15	{ Portions created b y Massimo Maria Ghis alberti ar e }
	16	{ Copyrigh t (C) 1997 -1998 Mass imo Maria Ghisalbert i }
	17	{ }
	18	{ Contribu tor(s): }
	19	{ Peter Ta ng (peter. tang@citic orp.com) }
	20	{ Phil Shr impton (ph il@shrimpt on.co.uk) }
	21	{ }
	22	{ Obtained through: }
	23	{ }
	24	{ Joint En deavour of Delphi In novators ( Project JE DI) }
	25	{ }
	26	{ You may retrieve t he latest version of this file at the Pr oject }
	27	{ JEDI hom e page, lo cated at h ttp://delp hi-jedi.or g }
	28	{ }
	29	{ The cont ents of th is file ar e used wit h permissi on, subjec t to }
	30	{ the Mozi lla Public License V ersion 1.1 (the "Lic ense"); yo u may }
	31	{ not use this file except in compliance with the License. Y ou may }
	32	{ obtain a copy of t he License at }
	33	{ http://w ww.mozilla .org/MPL/M PL-1.1.htm l }
	34	{ }
	35	{ Software distribut ed under t he License is distri buted on a n }
	36	{ "AS IS" basis, WIT HOUT WARRA NTY OF ANY KIND, eit her expres s or }
	37	{ implied. See the L icense for the speci fic langua ge governi ng }
	38	{ rights a nd limitat ions under the Licen se. }
	39	{ }
	40	{ ****** ****** ****** ****** ****** ****** ****** }
	41
	42	unit wcryp t2;
	43
	44	{$DEFINE N T5} // {.DEFINE N T5}
	45
	46	{$ALIGN ON }
	47
	48	{$IFNDEF V ER90}
	49	{$WEAKPACK AGEUNIT}
	50	{$ENDIF}
	51
	52	interface
	53
	54	uses
	55	Windows
	56	{$IFDEF VE R90}
	57	,
	58	Ole2
	59	{$ENDIF};
	60
	61	const
	62	ADVAPI32 = 'advapi 32.dll';
	63	CRYPT32 = 'crypt32 .dll';
	64	SOFTPUB = 'softpub .dll';
	65	{$IFDEF NT 5}
	66	ADVAPI32 NT5 = 'adv api32.dll' ;
	67	{$ENDIF}
	68	{ Suppor t Type }
	69
	70	type
	71	PVOID = Pointer;
	72	LONG = D WORD;
	73	{$IFDEF UN ICODE}
	74	LPAWSTR = PWideCha r;
	75	{$ELSE}
	76	LPAWSTR = PAnsiCha r;
	77	{$ENDIF}
	78	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------- --
	79	// Type support fo r a pointe r to an ar ray of poi nter (type **name)
	80	PLPSTR = Pointer; // type fo r a pointe r to Array of pointe r a type
	81	PPCERT_I NFO = Poin ter; // ty pe for a p ointer to Array of p ointer a t ype
	82	PPVOID = Pointer; // type fo r a pointe r to Array of pointe r a type
	83	PPCCERT_ CONTEXT = Pointer; / / type for a pointer to Array of pointer a type
	84	PPCCTL_C ONTEXT = P ointer; // type for a pointer to Array o f pointer a type
	85	PPCCRL_C ONTEXT = P ointer; // type for a pointer to Array o f pointer a type
	86	PPCERT_C HAIN_ELEME NT = Point er; // typ e for a po inter to A rray of po inter a ty pe *rwf
	87	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------- --
	88
	89	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------- -
	90	//
	91	// Micro soft Windo ws
	92	// Copyr ight (C) M icrosoft C orporation , 1992 - 1 997.
	93	//
	94	// File: win crypt.h
	95	//
	96	// Conte nts: Cry ptographic API Proto types and Definition s
	97	//
	98	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------- -
	99
	100
	101	//
	102	// Algor ithm IDs a nd Flags
	103	//
	104
	105	// ALG_I D crackers
	106	function G ET_ALG_CLA SS(x: inte ger): inte ger;
	107	function G ET_ALG_TYP E(x: integ er): integ er;
	108	function G ET_ALG_SID (x: intege r): intege r;
	109
	110	Const
	111	// Algor ithm class es
	112	ALG_CLAS S_ANY = 0;
	113	ALG_CLAS S_SIGNATUR E = (1 shl 13);
	114	ALG_CLAS S_MSG_ENCR YPT = (2 s hl 13);
	115	ALG_CLAS S_DATA_ENC RYPT = (3 shl 13);
	116	ALG_CLAS S_HASH = ( 4 shl 13);
	117	ALG_CLAS S_KEY_EXCH ANGE = (5 shl 13);
	118
	119	// Algor ithm types
	120	ALG_TYPE _ANY = 0;
	121	ALG_TYPE _DSS = (1 shl 9);
	122	ALG_TYPE _RSA = (2 shl 9);
	123	ALG_TYPE _BLOCK = ( 3 shl 9);
	124	ALG_TYPE _STREAM = (4 shl 9);
	125	ALG_TYPE _DH = (5 s hl 9);
	126	ALG_TYPE _SECURECHA NNEL = (6 shl 9);
	127
	128	// Gener ic sub-ids
	129	ALG_SID_ ANY = 0;
	130
	131	// Some RSA sub-id s
	132	ALG_SID_ RSA_ANY = 0;
	133	ALG_SID_ RSA_PKCS = 1;
	134	ALG_SID_ RSA_MSATWO RK = 2;
	135	ALG_SID_ RSA_ENTRUS T = 3;
	136	ALG_SID_ RSA_PGP = 4;
	137
	138	// Some DSS sub-id s
	139	ALG_SID_ DSS_ANY = 0;
	140	ALG_SID_ DSS_PKCS = 1;
	141	ALG_SID_ DSS_DMS = 2;
	142
	143	// Block cipher su b ids
	144	// DES s ub_ids
	145	ALG_SID_ DES = 1;
	146	ALG_SID_ 3DES = 3;
	147	ALG_SID_ DESX = 4;
	148	ALG_SID_ IDEA = 5;
	149	ALG_SID_ CAST = 6;
	150	ALG_SID_ SAFERSK64 = 7;
	151	ALD_SID_ SAFERSK128 = 8;
	152	ALG_SID_ SAFERSK128 = 8;
	153	ALG_SID_ 3DES_112 = 9;
	154	ALG_SID_ CYLINK_MEK = 12;
	155	ALG_SID_ RC5 = 13;
	156
	157	// Added Sept. 201 0 source W indows 7 s dk
	158	ALG_SID_ AES_128 = 14;
	159	ALG_SID_ AES_192 = 15;
	160	ALG_SID_ AES_256 = 16;
	161	ALG_SID_ AES = 17;
	162
	163	// Forte zza sub-id s
	164	ALG_SID_ SKIPJACK = 10;
	165	ALG_SID_ TEK = 11;
	166
	167	// KP_MO DE
	168	CRYPT_MO DE_CBCI = 6; { ANSI CBC Interl eaved }
	169	CRYPT_MO DE_CFBP = 7; { ANSI CFB Pipeli ned }
	170	CRYPT_MO DE_OFBP = 8; { ANSI OFB Pipeli ned }
	171	CRYPT_MO DE_CBCOFM = 9; { ANS I CBC + OF Masking }
	172	CRYPT_MO DE_CBCOFMI = 10; { A NSI CBC + OFM Interl eaved }
	173
	174	// RC2 s ub-ids
	175	ALG_SID_ RC2 = 2;
	176
	177	// Strea m cipher s ub-ids
	178	ALG_SID_ RC4 = 1;
	179	ALG_SID_ SEAL = 2;
	180
	181	// Diffi e-Hellman sub-ids
	182	ALG_SID_ DH_SANDF = 1;
	183	ALG_SID_ DH_EPHEM = 2;
	184	ALG_SID_ AGREED_KEY _ANY = 3;
	185	ALG_SID_ KEA = 4;
	186
	187	// Hash sub ids
	188	ALG_SID_ MD2 = 1;
	189	ALG_SID_ MD4 = 2;
	190	ALG_SID_ MD5 = 3;
	191	ALG_SID_ SHA = 4;
	192	ALG_SID_ SHA1 = 4;
	193	ALG_SID_ MAC = 5;
	194	ALG_SID_ RIPEMD = 6 ;
	195	ALG_SID_ RIPEMD160 = 7;
	196	ALG_SID_ SSL3SHAMD5 = 8;
	197	ALG_SID_ HMAC = 9;
	198	// Added Sept. 201 0 source W indows 7 S DK
	199	ALG_SID_ SHA_256 = 12;
	200	ALG_SID_ SHA_384 = 13;
	201	ALG_SID_ SHA_512 = 14;
	202
	203	// secur e channel sub ids
	204	ALG_SID_ SSL3_MASTE R = 1;
	205	ALG_SID_ SCHANNEL_M ASTER_HASH = 2;
	206	ALG_SID_ SCHANNEL_M AC_KEY = 3 ;
	207	ALG_SID_ PCT1_MASTE R = 4;
	208	ALG_SID_ SSL2_MASTE R = 5;
	209	ALG_SID_ TLS1_MASTE R = 6;
	210	ALG_SID_ SCHANNEL_E NC_KEY = 7 ;
	211
	212	// Our s illy examp le sub-id
	213	ALG_SID_ EXAMPLE = 80;
	214
	215	{$IFNDEF A LGIDDEF}
	216	{$DEFINE A LGIDDEF}
	217
	218
	219	Type
	220	ALG_ID = ULONG;
	221	{$ENDIF}
	222
	223	// algor ithm ident ifier defi nitions
	224	Const
	225	CALG_MD2 = (ALG_CL ASS_HASH o r ALG_TYPE _ANY or AL G_SID_MD2) ;
	226	CALG_MD4 = (ALG_CL ASS_HASH o r ALG_TYPE _ANY or AL G_SID_MD4) ;
	227	CALG_MD5 = (ALG_CL ASS_HASH o r ALG_TYPE _ANY or AL G_SID_MD5) ;
	228	CALG_SHA = (ALG_CL ASS_HASH o r ALG_TYPE _ANY or AL G_SID_SHA) ;
	229	CALG_SHA 1 = (ALG_C LASS_HASH or ALG_TYP E_ANY or A LG_SID_SHA 1);
	230	CALG_MAC = (ALG_CL ASS_HASH o r ALG_TYPE _ANY or AL G_SID_MAC) ;
	231	CALG_RSA _SIGN = (A LG_CLASS_S IGNATURE o r ALG_TYPE _RSA or AL G_SID_RSA_ ANY);
	232	CALG_DSS _SIGN = (A LG_CLASS_S IGNATURE o r ALG_TYPE _DSS or AL G_SID_DSS_ ANY);
	233	CALG_RSA _KEYX = (A LG_CLASS_K EY_EXCHANG E or ALG_T YPE_RSA or ALG_SID_R SA_ANY);
	234	CALG_DES = (ALG_CL ASS_DATA_E NCRYPT or ALG_TYPE_B LOCK or AL G_SID_DES) ;
	235	CALG_3DE S_112 = (A LG_CLASS_D ATA_ENCRYP T or ALG_T YPE_BLOCK or ALG_SID _3DES_112) ;
	236	CALG_3DE S = (ALG_C LASS_DATA_ ENCRYPT or ALG_TYPE_ BLOCK or A LG_SID_3DE S);
	237	CALG_RC2 = (ALG_CL ASS_DATA_E NCRYPT or ALG_TYPE_B LOCK or AL G_SID_RC2) ;
	238	CALG_RC4 = (ALG_CL ASS_DATA_E NCRYPT or ALG_TYPE_S TREAM or A LG_SID_RC4 );
	239	CALG_SEA L = (ALG_C LASS_DATA_ ENCRYPT or ALG_TYPE_ STREAM or ALG_SID_SE AL);
	240	CALG_DH_ SF = (ALG_ CLASS_KEY_ EXCHANGE o r ALG_TYPE _DH or ALG _SID_DH_SA NDF);
	241	CALG_DH_ EPHEM = (A LG_CLASS_K EY_EXCHANG E or ALG_T YPE_DH or ALG_SID_DH _EPHEM);
	242	CALG_AGR EEDKEY_ANY = (ALG_CL ASS_KEY_EX CHANGE or ALG_TYPE_D H or ALG_S ID_AGREED_ KEY_ANY);
	243	CALG_KEA _KEYX = (A LG_CLASS_K EY_EXCHANG E or ALG_T YPE_DH or ALG_SID_KE A);
	244	CALG_HUG HES_MD5 = (ALG_CLASS _KEY_EXCHA NGE or ALG _TYPE_ANY or ALG_SID _MD5);
	245	CALG_SKI PJACK = (A LG_CLASS_D ATA_ENCRYP T or ALG_T YPE_BLOCK or ALG_SID _SKIPJACK) ;
	246	CALG_TEK = (ALG_CL ASS_DATA_E NCRYPT or ALG_TYPE_B LOCK or AL G_SID_TEK) ;
	247	CALG_CYL INK_MEK = (ALG_CLASS _DATA_ENCR YPT or ALG _TYPE_BLOC K or ALG_S ID_CYLINK_ MEK);
	248	CALG_SSL 3_SHAMD5 = (ALG_CLAS S_HASH or ALG_TYPE_A NY or ALG_ SID_SSL3SH AMD5);
	249	CALG_SSL 3_MASTER = (ALG_CLAS S_MSG_ENCR YPT or ALG _TYPE_SECU RECHANNEL or ALG_SID _SSL3_MAST ER);
	250	CALG_SCH ANNEL_MAST ER_HASH = (ALG_CLASS _MSG_ENCRY PT or ALG_ TYPE_SECUR ECHANNEL o r ALG_SID_ SCHANNEL_M ASTER_HASH );
	251	CALG_SCH ANNEL_MAC_ KEY = (ALG _CLASS_MSG _ENCRYPT o r ALG_TYPE _SECURECHA NNEL or AL G_SID_SCHA NNEL_MAC_K EY);
	252	CALG_SCH ANNEL_ENC_ KEY = (ALG _CLASS_MSG _ENCRYPT o r ALG_TYPE _SECURECHA NNEL or AL G_SID_SCHA NNEL_ENC_K EY);
	253	CALG_PCT 1_MASTER = (ALG_CLAS S_MSG_ENCR YPT or ALG _TYPE_SECU RECHANNEL or ALG_SID _PCT1_MAST ER);
	254	CALG_SSL 2_MASTER = (ALG_CLAS S_MSG_ENCR YPT or ALG _TYPE_SECU RECHANNEL or ALG_SID _SSL2_MAST ER);
	255	CALG_TLS 1_MASTER = (ALG_CLAS S_MSG_ENCR YPT or ALG _TYPE_SECU RECHANNEL or ALG_SID _TLS1_MAST ER);
	256	CALG_RC5 = (ALG_CL ASS_DATA_E NCRYPT or ALG_TYPE_B LOCK or AL G_SID_RC5) ;
	257	CALG_HMA C = (ALG_C LASS_HASH or ALG_TYP E_ANY or A LG_SID_HMA C);
	258	// Added Sept. 201 0 source W indows 7 S DK
	259	CALG_AES _128 = (AL G_CLASS_DA TA_ENCRYPT or ALG_TY PE_BLOCK o r ALG_SID_ AES_128);
	260	CALG_AES _192 = (AL G_CLASS_DA TA_ENCRYPT or ALG_TY PE_BLOCK o r ALG_SID_ AES_192);
	261	CALG_AES _256 = (AL G_CLASS_DA TA_ENCRYPT or ALG_TY PE_BLOCK o r ALG_SID_ AES_256);
	262	CALG_AES = (ALG_CL ASS_DATA_E NCRYPT or ALG_TYPE_B LOCK or AL G_SID_AES) ;
	263	CALG_SHA _256 = (AL G_CLASS_HA SH or ALG_ TYPE_ANY o r ALG_SID_ SHA_256);
	264	CALG_SHA _384 = (AL G_CLASS_HA SH or ALG_ TYPE_ANY o r ALG_SID_ SHA_384);
	265	CALG_SHA _512 = (AL G_CLASS_HA SH or ALG_ TYPE_ANY o r ALG_SID_ SHA_512);
	266
	267	type
	268	PVTableP rovStruc = ^VTablePr ovStruc;
	269
	270	VTablePr ovStruc = record
	271	Versio n: DWORD;
	272	FuncVe rifyImage: TFarProc;
	273	FuncRe turnhWnd: TFarProc;
	274	dwProv Type: DWOR D;
	275	pbCont extInfo: P BYTE;
	276	cbCont extInfo: D WORD;
	277	end;
	278
	279	// type HCRYPTPROV = ULONG;
	280	// type HCRYPTKEY = ULONG;
	281	// type HCRYPTHASH = ULONG;
	282
	283	const
	284	// dwFla gs definit ions for C ryptAcquir eContext
	285	CRYPT_VE RIFYCONTEX T = $F0000 000;
	286	CRYPT_NE WKEYSET = $00000008;
	287	CRYPT_DE LETEKEYSET = $000000 10;
	288	CRYPT_MA CHINE_KEYS ET = $0000 0020;
	289
	290	// dwFla g definiti ons for Cr yptGenKey
	291	CRYPT_EX PORTABLE = $00000001 ;
	292	CRYPT_US ER_PROTECT ED = $0000 0002;
	293	CRYPT_CR EATE_SALT = $0000000 4;
	294	CRYPT_UP DATE_KEY = $00000008 ;
	295	CRYPT_NO _SALT = $0 0000010;
	296	CRYPT_PR EGEN = $00 000040;
	297	CRYPT_RE CIPIENT = $00000010;
	298	CRYPT_IN ITIATOR = $00000040;
	299	CRYPT_ON LINE = $00 000080;
	300	CRYPT_SF = $000001 00;
	301	CRYPT_CR EATE_IV = $00000200;
	302	CRYPT_KE K = $00000 400;
	303	CRYPT_DA TA_KEY = $ 00000800;
	304
	305	// dwFla gs definit ions for C ryptDerive Key
	306	CRYPT_SE RVER = $00 000400;
	307
	308	KEY_LENG TH_MASK = $FFFF0000;
	309
	310	// dwFla g definiti ons for Cr yptExportK ey
	311	CRYPT_Y_ ONLY = $00 000001;
	312	CRYPT_SS L2_SLUMMIN G = $00000 002;
	313
	314	// dwFla gs definit ions for C ryptHashSe ssionKey
	315	CRYPT_LI TTLE_ENDIA N = $00000 001;
	316
	317	// dwFla g definiti ons for Cr yptSetProv iderEx and CryptGetD efaultProv ider
	318	CRYPT_MA CHINE_DEFA ULT = $000 00001;
	319	CRYPT_US ER_DEFAULT = $000000 02;
	320	CRYPT_DE LETE_DEFAU LT = $0000 0004;
	321
	322	// expor ted key bl ob definit ions
	323	SIMPLEBL OB = $1;
	324	PUBLICKE YBLOB = $6 ;
	325	PRIVATEK EYBLOB = $ 7;
	326	PLAINTEX TKEYBLOB = $8;
	327	AT_KEYEX CHANGE = 1 ;
	328	AT_SIGNA TURE = 2;
	329	CRYPT_US ERDATA = 1 ;
	330
	331	// dwPar am
	332	KP_IV = 1; // Init ialization vector
	333	KP_SALT = 2; // Sa lt value
	334	KP_PADDI NG = 3; // Padding v alues
	335	KP_MODE = 4; // Mo de of the cipher
	336	KP_MODE_ BITS = 5; // Number of bits to feedback
	337	KP_PERMI SSIONS = 6 ; // Key p ermissions DWORD
	338	KP_ALGID = 7; // K ey algorit hm
	339	KP_BLOCK LEN = 8; / / Block si ze of the cipher
	340	KP_KEYLE N = 9; // Length of key in bit s
	341	KP_SALT_ EX = 10; / / Length o f salt in bytes
	342	KP_P = 1 1; // DSS/ Diffie-Hel lman P val ue
	343	KP_G = 1 2; // DSS/ Diffie-Hel lman G val ue
	344	KP_Q = 1 3; // DSS Q value
	345	KP_X = 1 4; // Diff ie-Hellman X value
	346	KP_Y = 1 5; // Y va lue
	347	KP_RA = 16; // For tezza RA v alue
	348	KP_RB = 17; // For tezza RB v alue
	349	KP_INFO = 18; // f or putting informati on into an RSA envel ope
	350	KP_EFFEC TIVE_KEYLE N = 19; // setting a nd getting RC2 effec tive key l ength
	351	KP_SCHAN NEL_ALG = 20; // for setting t he Secure Channel al gorithms
	352	KP_CLIEN T_RANDOM = 21; // fo r setting the Secure Channel c lient rand om data
	353	KP_SERVE R_RANDOM = 22; // fo r setting the Secure Channel s erver rand om data
	354	KP_RP = 23;
	355	KP_PRECO MP_MD5 = 2 4;
	356	KP_PRECO MP_SHA = 2 5;
	357	KP_CERTI FICATE = 2 6; // for setting Se cure Chann el certifi cate data (PCT1)
	358	KP_CLEAR _KEY = 27; // for se tting Secu re Channel clear key data (PCT 1)
	359	KP_PUB_E X_LEN = 28 ;
	360	KP_PUB_E X_VAL = 29 ;
	361
	362	// KP_PA DDING
	363	PKCS5_PA DDING = 1; { PKCS 5 (sec 6.2) padding me thod }
	364	RANDOM_P ADDING = 2 ;
	365	ZERO_PAD DING = 3;
	366
	367	// KP_MO DE
	368	CRYPT_MO DE_CBC = 1 ; // Ciphe r block ch aining
	369	CRYPT_MO DE_ECB = 2 ; // Elect ronic code book
	370	CRYPT_MO DE_OFB = 3 ; // Outpu t feedback mode
	371	CRYPT_MO DE_CFB = 4 ; // Ciphe r feedback mode
	372	CRYPT_MO DE_CTS = 5 ; // Ciphe rtext stea ling mode
	373
	374	// KP_PE RMISSIONS
	375	CRYPT_EN CRYPT = $0 001; // Al low encryp tion
	376	CRYPT_DE CRYPT = $0 002; // Al low decryp tion
	377	CRYPT_EX PORT = $00 04; // All ow key to be exporte d
	378	CRYPT_RE AD = $0008 ; // Allow parameter s to be re ad
	379	CRYPT_WR ITE = $001 0; // Allo w paramete rs to be s et
	380	CRYPT_MA C = $0020; // Allow MACs to be used with key
	381	CRYPT_EX PORT_KEY = $0040; // Allow key to be use d for expo rting keys
	382	CRYPT_IM PORT_KEY = $0080; // Allow key to be use d for impo rting keys
	383
	384	HP_ALGID = $0001; // Hash al gorithm
	385	HP_HASHV AL = $0002 ; // Hash value
	386	HP_HASHS IZE = $000 4; // Hash value siz e
	387
	388	HP_HMAC_ INFO = $00 05; // inf ormation f or creatin g an HMAC
	389
	390	CRYPT_FA ILED = FAL SE;
	391	CRYPT_SU CCEED = TR UE;
	392
	393	{ Certif icate Name Types } // J LI
	394	CERT_NAM E_EMAIL_TY PE = 1;
	395	CERT_NAM E_RDN_TYPE = 2;
	396	CERT_NAM E_ATTR_TYP E = 3;
	397	CERT_NAM E_SIMPLE_D ISPLAY_TYP E = 4;
	398	CERT_NAM E_FRIENDLY _DISPLAY_T YPE = 5;
	399	CERT_NAM E_DNS_TYPE = 6; // D RP - From http://msd n.microsof t.com/en-u s/library/ windows/de sktop/aa37 6086%28v=v s.85%29.as px
	400	CERT_NAM E_URL_TYPE = 7; // D RP - From http://msd n.microsof t.com/en-u s/library/ windows/de sktop/aa37 6086%28v=v s.85%29.as px
	401	CERT_NAM E_UPN_TYPE = 8; // D RP - From http://msd n.microsof t.com/en-u s/library/ windows/de sktop/aa37 6086%28v=v s.85%29.as px
	402
	403	CERT_SYS TEM_STORE_ MASK = $FF FF0000; // JLI
	404
	405	{ +----- ---------- ---------- ---------- ---------- ---------- ---------- --------
	406	' Cer tificate, CRL and CT L property IDs
	407	'
	408	' See CertSetCe rtificateC ontextProp erty or Ce rtGetCerti ficateCont extPropert y
	409	' for usage inf ormation.
	410	'----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	411	}
	412	{ CERT_K EY_PROV_HA NDLE_PROP_ ID = 1; / / JLI
	413	CERT_K EY_PROV_IN FO_PROP_ID = 2;
	414	CERT_S HA1_HASH_P ROP_ID = 3 ;
	415	CERT_M D5_HASH_PR OP_ID = 4;
	416
	417	CERT_H ASH_PROP_I D = CERT_S HA1_HASH_P ROP_ID;
	418	CERT_K EY_CONTEXT _PROP_ID = 5;
	419	CERT_K EY_SPEC_PR OP_ID = 6;
	420	CERT_I E30_RESERV ED_PROP_ID = 7;
	421	CERT_P UBKEY_HASH _RESERVED_ PROP_ID = 8;
	422	CERT_E NHKEY_USAG E_PROP_ID = 9;
	423	CERT_C TL_USAGE_P ROP_ID = C ERT_ENHKEY _USAGE_PRO P_ID;
	424	CERT_N EXT_UPDATE _LOCATION_ PROP_ID = 10;
	425	CERT_F RIENDLY_NA ME_PROP_ID = 11;
	426	CERT_P VK_FILE_PR OP_ID = 12 ;
	427	CERT_D ESCRIPTION _PROP_ID = 13;
	428	CERT_A CCESS_STAT E_PROP_ID = 14;
	429	CERT_S IGNATURE_H ASH_PROP_I D = 15;
	430	CERT_S MART_CARD_ DATA_PROP_ ID = 16;
	431	CERT_E FS_PROP_ID = 17;
	432	CERT_F ORTEZZA_DA TA_PROP_ID = 18;
	433	CERT_A RCHIVED_PR OP_ID = 19 ;
	434	CERT_K EY_IDENTIF IER_PROP_I D = 20;
	435	CERT_A UTO_ENROLL _PROP_ID = 21;
	436	CERT_P UBKEY_ALG_ PARA_PROP_ ID = 22;
	437
	438	CERT_F IRST_RESER VED_PROP_I D = 23;
	439	// No te, 32 - 3 5 are rese rved for t he CERT, C RL, CTL an d KeyId fi le element IDs.
	440	const
	441	CERT_L AST_RESERV ED_PROP_ID = $7FFF;
	442	CERT_F IRST_USER_ PROP_ID = $8000;
	443	CERT_L AST_USER_P ROP_ID = $ FFFF;
	444	}
	445
	446	function R CRYPT_SUCC EEDED(rt: BOOL): BOO L;
	447	function R CRYPT_FAIL ED(rt: BOO L): BOOL;
	448
	449	const
	450	// Crypt GetProvPar am
	451	PP_ENUMA LGS = 1;
	452	PP_ENUMC ONTAINERS = 2;
	453	PP_IMPTY PE = 3;
	454	PP_NAME = 4;
	455	PP_VERSI ON = 5;
	456	PP_CONTA INER = 6;
	457	PP_CHANG E_PASSWORD = 7;
	458	PP_KEYSE T_SEC_DESC R = 8; // get/set se curity des criptor of keyset
	459	PP_CERTC HAIN = 9; // for ret rieving ce rtificates from toke ns
	460	PP_KEY_T YPE_SUBTYP E = 10;
	461	PP_PROVT YPE = 16;
	462	PP_KEYST ORAGE = 17 ;
	463	PP_APPLI _CERT = 18 ;
	464	PP_SYM_K EYSIZE = 1 9;
	465	PP_SESSI ON_KEYSIZE = 20;
	466	PP_UI_PR OMPT = 21;
	467	PP_ENUMA LGS_EX = 2 2;
	468	CRYPT_FI RST = 1;
	469	CRYPT_NE XT = 2;
	470	CRYPT_IM PL_HARDWAR E = 1;
	471	CRYPT_IM PL_SOFTWAR E = 2;
	472	CRYPT_IM PL_MIXED = 3;
	473	CRYPT_IM PL_UNKNOWN = 4;
	474	PP_SIGNA TURE_PIN = 33;
	475
	476	// key s torage fla gs
	477	CRYPT_SE C_DESCR = $00000001;
	478	CRYPT_PS TORE = $00 000002;
	479	CRYPT_UI _PROMPT = $00000004;
	480
	481	// proto col flags
	482	CRYPT_FL AG_PCT1 = $0001;
	483	CRYPT_FL AG_SSL2 = $0002;
	484	CRYPT_FL AG_SSL3 = $0004;
	485	CRYPT_FL AG_TLS1 = $0008;
	486
	487	// Crypt SetProvPar am
	488	PP_CLIEN T_HWND = 1 ;
	489	PP_CONTE XT_INFO = 11;
	490	PP_KEYEX CHANGE_KEY SIZE = 12;
	491	PP_SIGNA TURE_KEYSI ZE = 13;
	492	PP_KEYEX CHANGE_ALG = 14;
	493	PP_SIGNA TURE_ALG = 15;
	494	PP_DELET EKEY = 24;
	495
	496	PROV_RSA _FULL = 1;
	497	PROV_RSA _SIG = 2;
	498	PROV_DSS = 3;
	499	PROV_FOR TEZZA = 4;
	500	PROV_MS_ EXCHANGE = 5;
	501	PROV_SSL = 6;
	502	PROV_RSA _AES = 24; // Added Sept 2010 source Win dows 7 SDK .
	503
	504	PROV_RSA _SCHANNEL = 12;
	505	PROV_DSS _DH = 13;
	506	PROV_EC_ ECDSA_SIG = 14;
	507	PROV_EC_ ECNRA_SIG = 15;
	508	PROV_EC_ ECDSA_FULL = 16;
	509	PROV_EC_ ECNRA_FULL = 17;
	510	PROV_SPY RUS_LYNKS = 20;
	511
	512	// STT d efined Pro viders
	513	PROV_STT _MER = 7;
	514	PROV_STT _ACQ = 8;
	515	PROV_STT _BRND = 9;
	516	PROV_STT _ROOT = 10 ;
	517	PROV_STT _ISS = 11;
	518
	519	// Provi der friend ly names
	520	MS_DEF_P ROV_A = 'M icrosoft B ase Crypto graphic Pr ovider v1. 0';
	521	{$IFNDEF V ER90}
	522	MS_DEF_P ROV_W = Wi deString(' Microsoft Base Crypt ographic P rovider v1 .0');
	523	{$ELSE}
	524	MS_DEF_P ROV_W = (' Microsoft Base Crypt ographic P rovider v1 .0');
	525	{$ENDIF}
	526
	527	{$IFDEF UN ICODE}
	528	MS_DEF_P ROV = MS_D EF_PROV_W;
	529	{$ELSE}
	530	MS_DEF_P ROV = MS_D EF_PROV_A;
	531	{$ENDIF}
	532	MS_ENHAN CED_PROV_A = 'Micros oft Enhanc ed Cryptog raphic Pro vider v1.0 ';
	533	{$IFNDEF V ER90}
	534	MS_ENHAN CED_PROV_W = WideStr ing('Micro soft Enhan ced Crypto graphic Pr ovider v1. 0');
	535	{$ELSE}
	536	MS_ENHAN CED_PROV_W = ('Micro soft Enhan ced Crypto graphic Pr ovider v1. 0');
	537	{$ENDIF}
	538
	539	{$IFDEF UN ICODE}
	540	MS_ENHAN CED_PROV = MS_ENHANC ED_PROV_W;
	541	{$ELSE}
	542	MS_ENHAN CED_PROV = MS_ENHANC ED_PROV_A;
	543	{$ENDIF}
	544	MS_DEF_R SA_SIG_PRO V_A = 'Mic rosoft RSA Signature Cryptogra phic Provi der';
	545	{$IFNDEF V ER90}
	546	MS_DEF_R SA_SIG_PRO V_W = Wide String('Mi crosoft RS A Signatur e Cryptogr aphic Prov ider');
	547	{$ELSE}
	548	MS_DEF_R SA_SIG_PRO V_W = ('Mi crosoft RS A Signatur e Cryptogr aphic Prov ider');
	549	{$ENDIF}
	550
	551	{$IFDEF UN ICODE}
	552	MS_DEF_R SA_SIG_PRO V = MS_DEF _RSA_SIG_P ROV_W;
	553	{$ELSE}
	554	MS_DEF_R SA_SIG_PRO V = MS_DEF _RSA_SIG_P ROV_A;
	555	{$ENDIF}
	556	MS_DEF_R SA_SCHANNE L_PROV_A = 'Microsof t Base RSA SChannel Cryptograp hic Provid er';
	557	{$IFNDEF V ER90}
	558	MS_DEF_R SA_SCHANNE L_PROV_W = WideStrin g('Microso ft Base RS A SChannel Cryptogra phic Provi der');
	559	{$ELSE}
	560	MS_DEF_R SA_SCHANNE L_PROV_W = ('Microso ft Base RS A SChannel Cryptogra phic Provi der');
	561	{$ENDIF}
	562
	563	{$IFDEF UN ICODE}
	564	MS_DEF_R SA_SCHANNE L_PROV = M S_DEF_RSA_ SCHANNEL_P ROV_W;
	565	{$ELSE}
	566	MS_DEF_R SA_SCHANNE L_PROV = M S_DEF_RSA_ SCHANNEL_P ROV_A;
	567	{$ENDIF}
	568	MS_ENHAN CED_RSA_SC HANNEL_PRO V_A = 'Mic rosoft Enh anced RSA SChannel C ryptograph ic Provide r';
	569	{$IFNDEF V ER90}
	570	MS_ENHAN CED_RSA_SC HANNEL_PRO V_W = Wide String('Mi crosoft En hanced RSA SChannel Cryptograp hic Provid er');
	571	{$ELSE}
	572	MS_ENHAN CED_RSA_SC HANNEL_PRO V_W = ('Mi crosoft En hanced RSA SChannel Cryptograp hic Provid er');
	573	{$ENDIF}
	574
	575	{$IFDEF UN ICODE}
	576	MS_ENHAN CED_RSA_SC HANNEL_PRO V = MS_ENH ANCED_RSA_ SCHANNEL_P ROV_W;
	577	{$ELSE}
	578	MS_ENHAN CED_RSA_SC HANNEL_PRO V = MS_ENH ANCED_RSA_ SCHANNEL_P ROV_A;
	579	{$ENDIF}
	580	MS_DEF_D SS_PROV_A = 'Microso ft Base DS S Cryptogr aphic Prov ider';
	581	{$IFNDEF V ER90}
	582	MS_DEF_D SS_PROV_W = WideStri ng('Micros oft Base D SS Cryptog raphic Pro vider');
	583	{$ELSE}
	584	MS_DEF_D SS_PROV_W = ('Micros oft Base D SS Cryptog raphic Pro vider');
	585	{$ENDIF}
	586
	587	{$IFDEF UN ICODE}
	588	MS_DEF_D SS_PROV = MS_DEF_DSS _PROV_W;
	589	{$ELSE}
	590	MS_DEF_D SS_PROV = MS_DEF_DSS _PROV_A;
	591	{$ENDIF}
	592	MS_DEF_D SS_DH_PROV _A = 'Micr osoft Base DSS and D iffie-Hell man Crypto graphic Pr ovider';
	593	{$IFNDEF V ER90}
	594	MS_DEF_D SS_DH_PROV _W = WideS tring('Mic rosoft Bas e DSS and Diffie-Hel lman Crypt ographic P rovider');
	595	{$ELSE}
	596	MS_DEF_D SS_DH_PROV _W = ('Mic rosoft Bas e DSS and Diffie-Hel lman Crypt ographic P rovider');
	597	{$ENDIF}
	598
	599	{$IFDEF UN ICODE}
	600	MS_DEF_D SS_DH_PROV = MS_DEF_ DSS_DH_PRO V_W;
	601	{$ELSE}
	602	MS_DEF_D SS_DH_PROV = MS_DEF_ DSS_DH_PRO V_A;
	603	{$ENDIF}
	604	// Added Sept 2010 source Wi ndows 7 SD K
	605	MS_STRON G_PROV_A = 'Microsof t Strong C ryptograph ic Provide r';
	606	MS_ENH_R SA_AES_PRO V_A = 'Mic rosoft Enh anced RSA and AES Cr yptographi c Provider ';
	607	MS_ENH_R SA_AES_PRO V_XP_A = ' Microsoft Enhanced R SA and AES Cryptogra phic Provi der (Proto type)';
	608
	609	MAXUIDLE N = 64;
	610	CUR_BLOB _VERSION = 2;
	611
	612	{ struct ure for us e with Cry ptSetHashP aram with CALG_HMAC }
	613	type
	614	PHMAC_IN FO = ^HMAC _INFO;
	615
	616	HMAC_INF O = record
	617	HashAl gid: ALG_I D;
	618	pbInne rString: P BYTE;
	619	cbInne rString: D WORD;
	620	pbOute rString: P BYTE;
	621	cbOute rString: D WORD;
	622	end;
	623
	624	// struc ture for u se with Cr yptSetHash Param with CALG_HMAC
	625	type
	626	PSCHANNE L_ALG = ^S CHANNEL_AL G;
	627
	628	SCHANNEL _ALG = rec ord
	629	dwUse: DWORD;
	630	Algid: ALG_ID;
	631	cBits: DWORD;
	632	end;
	633
	634	// uses of algorti hms for SC HANNEL_ALG structure
	635	const
	636	SCHANNEL _MAC_KEY = $00000000 ;
	637	SCHANNEL _ENC_KEY = $00000001 ;
	638
	639	type
	640	PPROV_EN UMALGS = ^ PROV_ENUMA LGS;
	641
	642	PROV_ENU MALGS = re cord
	643	aiAlgi d: ALG_ID;
	644	dwBitL en: DWORD;
	645	dwName Len: DWORD ;
	646	szName : array [0 .. 20 - 1 ] of Char;
	647	end;
	648
	649	type
	650	PPROV_EN UMALGS_EX = ^PROV_EN UMALGS_EX;
	651
	652	PROV_ENU MALGS_EX = record
	653	aiAlgi d: ALG_ID;
	654	dwDefa ultLen: DW ORD;
	655	dwMinL en: DWORD;
	656	dwMaxL en: DWORD;
	657	dwProt ocols: DWO RD;
	658	dwName Len: DWORD ;
	659	szName : array [0 .. 20 - 1 ] of Char;
	660	dwLong NameLen: D WORD;
	661	szLong Name: arra y [0 .. 40 - 1] of C har;
	662	end;
	663
	664	type
	665	PPUBLICK EYSTRUC = ^PUBLICKEY STRUC;
	666
	667	PUBLICKE YSTRUC = r ecord
	668	bType: BYTE;
	669	bVersi on: BYTE;
	670	reserv ed: Word;
	671	aiKeyA lg: ALG_ID ;
	672	end;
	673
	674	type
	675	BLOBHEAD ER = PUBLI CKEYSTRUC;
	676	PBLOBHEA DER = ^BLO BHEADER;
	677
	678	type
	679	PRSAPUBK EY = ^RSAP UBKEY;
	680
	681	RSAPUBKE Y = record
	682	magic: DWORD; // Has to be RSA1
	683	bitlen : DWORD; / / # of bit s in modul us
	684	pubexp : DWORD; / / public e xponent
	685	// Mod ulus data follows
	686	end;
	687
	688	type
	689	PPUBKEY = ^PUBKEY;
	690
	691	PUBKEY = record
	692	magic: DWORD;
	693	bitlen : DWORD; / / # of bit s in modul us
	694	end;
	695
	696	type
	697	DHPUBKEY = PUBKEY;
	698	DSSPUBKE Y = PUBKEY ;
	699	KEAPUBKE Y = PUBKEY ;
	700	TEKPUBKE Y = PUBKEY ;
	701
	702	type
	703	PDSSSEED = ^DSSSEE D;
	704
	705	DSSSEED = record
	706	counte r: DWORD;
	707	seed: array [0 . . 20 - 1] of BYTE;
	708	end;
	709
	710	type
	711	PKEY_TYP E_SUBTYPE = ^KEY_TYP E_SUBTYPE;
	712
	713	KEY_TYPE _SUBTYPE = record
	714	dwKeyS pec: DWORD ;
	715	Type_: TGUID; { conflict w ith base D elphi type : original name 'Typ e' }
	716	Subtyp e: TGUID;
	717	end;
	718
	719	type
	720	HCRYPTPR OV = ULONG ;
	721	PHCRYPTP ROV = ^HCR YPTPROV;
	722	HCRYPTKE Y = ULONG;
	723	PHCRYPTK EY = ^HCRY PTKEY;
	724	HCRYPTHA SH = ULONG ;
	725	PHCRYPTH ASH = ^HCR YPTHASH;
	726
	727	function C ryptAcquir eContextA( phProv: PH CRYPTPROV;
	728	pszConta iner: PAns iChar;
	729	pszProvi der: PAnsi Char;
	730	dwProvTy pe: DWORD;
	731	dwFlags: DWORD): B OOL; stdca ll;
	732
	733	function C ryptAcquir eContext(p hProv: PHC RYPTPROV;
	734	pszConta iner: LPAW STR;
	735	pszProvi der: LPAWS TR;
	736	dwProvTy pe: DWORD;
	737	dwFlags: DWORD): B OOL; stdca ll;
	738
	739	function C ryptAcquir eContextW( phProv: PH CRYPTPROV;
	740	pszConta iner: PWid eChar;
	741	pszProvi der: PWide Char;
	742	dwProvTy pe: DWORD;
	743	dwFlags: DWORD): B OOL; stdca ll;
	744
	745	function C ryptReleas eContext(h Prov: HCRY PTPROV;
	746	dwFlags: DWORD): B OOL; stdca ll;
	747
	748	function C ryptGenKey (hProv: HC RYPTPROV;
	749	Algid: A LG_ID;
	750	dwFlags: DWORD;
	751	phKey: P HCRYPTKEY) : BOOL; st dcall;
	752
	753	function C ryptDerive Key(hProv: HCRYPTPRO V;
	754	Algid: A LG_ID;
	755	hBaseDat a: HCRYPTH ASH;
	756	dwFlags: DWORD;
	757	phKey: P HCRYPTKEY) : BOOL; st dcall;
	758
	759	function C ryptDestro yKey(hKey: HCRYPTKEY ): BOOL; s tdcall;
	760
	761	function C ryptSetKey Param(hKey : HCRYPTKE Y;
	762	dwParam: DWORD;
	763	pbData: PBYTE;
	764	dwFlags: DWORD): B OOL; stdca ll;
	765
	766	function C ryptGetKey Param(hKey : HCRYPTKE Y;
	767	dwParam: DWORD;
	768	pbData: PBYTE;
	769	pdwDataL en: PDWORD ;
	770	dwFlags: DWORD): B OOL; stdca ll;
	771
	772	function C ryptSetHas hParam(hHa sh: HCRYPT HASH;
	773	dwParam: DWORD;
	774	pbData: PBYTE;
	775	dwFlags: DWORD): B OOL; stdca ll;
	776
	777	function C ryptGetHas hParam(hHa sh: HCRYPT HASH;
	778	dwParam: DWORD;
	779	pbData: PBYTE;
	780	pdwDataL en: PDWORD ;
	781	dwFlags: DWORD): B OOL; stdca ll;
	782
	783	function C ryptSetPro vParam(hPr ov: HCRYPT PROV;
	784	dwParam: DWORD;
	785	pbData: PBYTE;
	786	dwFlags: DWORD): B OOL; stdca ll;
	787
	788	function C ryptGetPro vParam(hPr ov: HCRYPT PROV;
	789	dwParam: DWORD;
	790	pbData: PBYTE;
	791	pdwDataL en: PDWORD ;
	792	dwFlags: DWORD): B OOL; stdca ll;
	793
	794	function C ryptGenRan dom(hProv: HCRYPTPRO V;
	795	dwLen: D WORD;
	796	pbBuffer : PBYTE): BOOL; stdc all;
	797
	798	function C ryptGetUse rKey(hProv : HCRYPTPR OV;
	799	dwKeySpe c: DWORD;
	800	phUserKe y: PHCRYPT KEY): BOOL ; stdcall;
	801
	802	function C ryptExport Key(hKey: HCRYPTKEY;
	803	hExpKey: HCRYPTKEY ;
	804	dwBlobTy pe: DWORD;
	805	dwFlags: DWORD;
	806	pbData: PBYTE;
	807	pdwDataL en: PDWORD ): BOOL; s tdcall;
	808
	809	function C ryptImport Key(hProv: HCRYPTPRO V;
	810	pbData: PBYTE;
	811	dwDataLe n: DWORD;
	812	hPubKey: HCRYPTKEY ;
	813	dwFlags: DWORD;
	814	phKey: P HCRYPTKEY) : BOOL; st dcall;
	815
	816	function C ryptEncryp t(hKey: HC RYPTKEY;
	817	hHash: H CRYPTHASH;
	818	Final: B OOL;
	819	dwFlags: DWORD;
	820	pbData: PBYTE;
	821	pdwDataL en: PDWORD ;
	822	dwBufLen : DWORD): BOOL; stdc all;
	823
	824	function C ryptDecryp t(hKey: HC RYPTKEY;
	825	hHash: H CRYPTHASH;
	826	Final: B OOL;
	827	dwFlags: DWORD;
	828	pbData: PBYTE;
	829	pdwDataL en: PDWORD ): BOOL; s tdcall;
	830
	831	function C ryptCreate Hash(hProv : HCRYPTPR OV;
	832	Algid: A LG_ID;
	833	hKey: HC RYPTKEY;
	834	dwFlags: DWORD;
	835	phHash: PHCRYPTHAS H): BOOL; stdcall;
	836
	837	function C ryptHashDa ta(hHash: HCRYPTHASH ;
	838	const pb Data: PBYT E;
	839	dwDataLe n: DWORD;
	840	dwFlags: DWORD): B OOL; stdca ll;
	841
	842	function C ryptHashSe ssionKey(h Hash: HCRY PTHASH;
	843	hKey: HC RYPTKEY;
	844	dwFlags: DWORD): B OOL; stdca ll;
	845
	846	function C ryptDestro yHash(hHas h: HCRYPTH ASH): BOOL ; stdcall;
	847
	848	function C ryptSignHa shA(hHash: HCRYPTHAS H;
	849	dwKeySpe c: DWORD;
	850	sDescrip tion: PAns iChar;
	851	dwFlags: DWORD;
	852	pbSignat ure: PBYTE ;
	853	pdwSigLe n: PDWORD) : BOOL; st dcall;
	854
	855	function C ryptSignHa sh(hHash: HCRYPTHASH ;
	856	dwKeySpe c: DWORD;
	857	sDescrip tion: LPAW STR;
	858	dwFlags: DWORD;
	859	pbSignat ure: PBYTE ;
	860	pdwSigLe n: PDWORD) : BOOL; st dcall;
	861
	862	function C ryptSignHa shW(hHash: HCRYPTHAS H;
	863	dwKeySpe c: DWORD;
	864	sDescrip tion: PWid eChar;
	865	dwFlags: DWORD;
	866	pbSignat ure: PBYTE ;
	867	pdwSigLe n: PDWORD) : BOOL; st dcall;
	868
	869	function C ryptSignHa shU(hHash: HCRYPTHAS H;
	870	dwKeySpe c: DWORD;
	871	sDescrip tion: PWid eChar;
	872	dwFlags: DWORD;
	873	pbSignat ure: PBYTE ;
	874	pdwSigLe n: PDWORD) : BOOL; st dcall;
	875
	876	function C ryptVerify SignatureA (hHash: HC RYPTHASH;
	877	const pb Signature: PBYTE;
	878	dwSigLen : DWORD;
	879	hPubKey: HCRYPTKEY ;
	880	sDescrip tion: PAns iChar;
	881	dwFlags: DWORD): B OOL; stdca ll;
	882
	883	function C ryptVerify Signature( hHash: HCR YPTHASH;
	884	const pb Signature: PBYTE;
	885	dwSigLen : DWORD;
	886	hPubKey: HCRYPTKEY ;
	887	sDescrip tion: LPAW STR;
	888	dwFlags: DWORD): B OOL; stdca ll;
	889
	890	function C ryptVerify SignatureW (hHash: HC RYPTHASH;
	891	const pb Signature: PBYTE;
	892	dwSigLen : DWORD;
	893	hPubKey: HCRYPTKEY ;
	894	sDescrip tion: PWid eChar;
	895	dwFlags: DWORD): B OOL; stdca ll;
	896
	897	function C ryptSetPro viderA(psz ProvName: PAnsiChar;
	898	dwProvTy pe: DWORD) : BOOL; st dcall;
	899
	900	function C ryptSetPro vider(pszP rovName: L PAWSTR;
	901	dwProvTy pe: DWORD) : BOOL; st dcall;
	902
	903	function C ryptSetPro viderW(psz ProvName: PWideChar;
	904	dwProvTy pe: DWORD) : BOOL; st dcall;
	905
	906	function C ryptSetPro viderU(psz ProvName: PWideChar;
	907	dwProvTy pe: DWORD) : BOOL; st dcall;
	908
	909	{$IFDEF NT 5}
	910
	911	function C ryptSetPro viderExA(p szProvName : LPCSTR;
	912	dwProvTy pe: DWORD;
	913	pdwReser ved: PDWOR D;
	914	dwFlags: DWORD): B OOL; stdca ll;
	915
	916	function C ryptSetPro viderExW(p szProvName : LPCWSTR;
	917	dwProvTy pe: DWORD;
	918	pdwReser ved: PDWOR D;
	919	dwFlags: DWORD): B OOL; stdca ll;
	920
	921	function C ryptSetPro viderEx(ps zProvName: LPAWSTR;
	922	dwProvTy pe: DWORD;
	923	pdwReser ved: PDWOR D;
	924	dwFlags: DWORD): B OOL; stdca ll;
	925
	926	function C ryptGetDef aultProvid erA(dwProv Type: DWOR D;
	927	pdwReser ved: DWORD ;
	928	dwFlags: DWORD;
	929	pszProvN ame: LPSTR ;
	930	pcbProvN ame: PDWOR D): BOOL; stdcall;
	931
	932	function C ryptGetDef aultProvid erW(dwProv Type: DWOR D;
	933	pdwReser ved: DWORD ;
	934	dwFlags: DWORD;
	935	pszProvN ame: LPWST R;
	936	pcbProvN ame: PDWOR D): BOOL; stdcall;
	937
	938	function C ryptGetDef aultProvid er(dwProvT ype: DWORD ;
	939	pdwReser ved: DWORD ;
	940	dwFlags: DWORD;
	941	pszProvN ame: LPAWS TR;
	942	pcbProvN ame: PDWOR D): BOOL; stdcall;
	943
	944	function C ryptEnumPr oviderType sA(dwIndex : DWORD;
	945	pdwReser ved: PDWOR D;
	946	dwFlags: DWORD;
	947	pdwProvT ype: PDWOR D;
	948	pszTypeN ame: LPSTR ;
	949	pcbTypeN ame: PDWOR D): BOOL; stdcall;
	950
	951	function C ryptEnumPr oviderType sW(dwIndex : DWORD;
	952	pdwReser ved: PDWOR D;
	953	dwFlags: DWORD;
	954	pdwProvT ype: PDWOR D;
	955	pszTypeN ame: LPWST R;
	956	pcbTypeN ame: PDWOR D): BOOL; stdcall;
	957
	958	function C ryptEnumPr oviderType s(dwIndex: DWORD;
	959	pdwReser ved: PDWOR D;
	960	dwFlags: DWORD;
	961	pdwProvT ype: PDWOR D;
	962	pszTypeN ame: LPAWS TR;
	963	pcbTypeN ame: PDWOR D): BOOL; stdcall;
	964
	965	function C ryptEnumPr ovidersA(d wIndex: DW ORD;
	966	pdwReser ved: PDWOR D;
	967	dwFlags: DWORD;
	968	pdwProvT ype: PDWOR D;
	969	pszProvN ame: LPSTR ;
	970	pcbProvN ame: PDWOR D): BOOL; stdcall;
	971
	972	function C ryptEnumPr ovidersW(d wIndex: DW ORD;
	973	pdwReser ved: PDWOR D;
	974	dwFlags: DWORD;
	975	pdwProvT ype: PDWOR D;
	976	pszProvN ame: LPWST R;
	977	pcbProvN ame: PDWOR D): BOOL; stdcall;
	978
	979	// see htt p://msdn.m icrosoft.c om/en-us/l ibrary/aa3 79929.aspx
	980	function C ryptEnumPr oviders(dw Index: DWO RD;
	981	pdwReser ved: PDWOR D;
	982	dwFlags: DWORD;
	983	pdwProvT ype: PDWOR D;
	984	pszProvN ame: LPAWS TR;
	985	pcbProvN ame: PDWOR D): BOOL; stdcall;
	986
	987	function C ryptContex tAddRef(hP rov: HCRYP TPROV;
	988	pdwReser ved: PDWOR D;
	989	dwFlags: DWORD): B OOL; stdca ll;
	990
	991	function C ryptDuplic ateKey(hKe y: HCRYPTK EY;
	992	pdwReser ved: PDWOR D;
	993	dwFlags: DWORD;
	994	phKey: P HCRYPTKEY) : BOOL; st dcall;
	995
	996	function C ryptDuplic ateHash(hH ash: HCRYP THASH;
	997	pdwReser ved: PDWOR D;
	998	dwFlags: DWORD;
	999	phHash: PHCRYPTHAS H): BOOL; stdcall;
	1000
	1001	{$ENDIF NT 5}
	1002
	1003	function C ryptEnumPr ovidersU(d wIndex: DW ORD;
	1004	pdwReser ved: PDWOR D;
	1005	dwFlags: DWORD;
	1006	pdwProvT ype: PDWOR D;
	1007	pszProvN ame: LPWST R;
	1008	pcbProvN ame: PDWOR D): BOOL; stdcall;
	1009
	1010	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	1011	// CRYPTOA PI BLOB de finitions
	1012	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	1013
	1014	type
	1015	PCRYPTOA PI_BLOB = ^CRYPTOAPI _BLOB;
	1016
	1017	CRYPTOAP I_BLOB = r ecord
	1018	cbData : DWORD;
	1019	pbData : PBYTE;
	1020	end;
	1021
	1022	type
	1023	CRYPT_IN TEGER_BLOB = CRYPTOA PI_BLOB;
	1024	PCRYPT_I NTEGER_BLO B = ^CRYPT _INTEGER_B LOB;
	1025	CRYPT_UI NT_BLOB = CRYPTOAPI_ BLOB;
	1026	PCRYPT_U INT_BLOB = ^CRYPT_UI NT_BLOB;
	1027	CRYPT_OB JID_BLOB = CRYPTOAPI _BLOB;
	1028	PCRYPT_O BJID_BLOB = ^CRYPT_O BJID_BLOB;
	1029	CERT_NAM E_BLOB = C RYPTOAPI_B LOB;
	1030	PCERT_NA ME_BLOB = ^CERT_NAME _BLOB;
	1031	CERT_RDN _VALUE_BLO B = CRYPTO API_BLOB;
	1032	PCERT_RD N_VALUE_BL OB = ^CERT _RDN_VALUE _BLOB;
	1033	CERT_BLO B = CRYPTO API_BLOB;
	1034	PCERT_BL OB = ^CERT _BLOB;
	1035	CRL_BLOB = CRYPTOA PI_BLOB;
	1036	PCRL_BLO B = ^CRL_B LOB;
	1037	DATA_BLO B = CRYPTO API_BLOB;
	1038	PDATA_BL OB = ^DATA _BLOB; // JEFFJEFF t emporary ( too generi c)
	1039	CRYPT_DA TA_BLOB = CRYPTOAPI_ BLOB;
	1040	PCRYPT_D ATA_BLOB = ^CRYPT_DA TA_BLOB;
	1041	CRYPT_HA SH_BLOB = CRYPTOAPI_ BLOB;
	1042	PCRYPT_H ASH_BLOB = ^CRYPT_HA SH_BLOB;
	1043	CRYPT_DI GEST_BLOB = CRYPTOAP I_BLOB;
	1044	PCRYPT_D IGEST_BLOB = ^CRYPT_ DIGEST_BLO B;
	1045	CRYPT_DE R_BLOB = C RYPTOAPI_B LOB;
	1046	PCRYPT_D ER_BLOB = ^CRYPT_DER _BLOB;
	1047	CRYPT_AT TR_BLOB = CRYPTOAPI_ BLOB;
	1048	PCRYPT_A TTR_BLOB = ^CRYPT_AT TR_BLOB;
	1049
	1050	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1051	// In a CRYPT_BIT_ BLOB the l ast byte m ay contain 0-7 unuse d bits. Th erefore, t he
	1052	// overa ll bit len gth is cbD ata * 8 - cUnusedBit s.
	1053	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1054
	1055	type
	1056	PCRYPT_B IT_BLOB = ^CRYPT_BIT _BLOB;
	1057
	1058	CRYPT_BI T_BLOB = r ecord
	1059	cbData : DWORD;
	1060	pbData : PBYTE;
	1061	cUnuse dBits: DWO RD;
	1062	end;
	1063
	1064	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1065	// Type used for a ny algorit hm
	1066	//
	1067	// Where the Param eters CRYP T_OBJID_BL OB is in i ts encoded represent ation. For most
	1068	// algor ithm types , the Para meters CRY PT_OBJID_B LOB is NUL L (Paramet ers.cbData = 0).
	1069	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1070
	1071	type
	1072	PCRYPT_A LGORITHM_I DENTIFIER = ^CRYPT_A LGORITHM_I DENTIFIER;
	1073
	1074	CRYPT_AL GORITHM_ID ENTIFIER = record
	1075	pszObj Id: LPSTR;
	1076	Parame ters: CRYP T_OBJID_BL OB;
	1077	end;
	1078
	1079	// Follo wing are t he definit ions of va rious algo rithm obje ct identif iers
	1080	// RSA
	1081	const
	1082	szOID_RS A = '1.2.8 40.113549' ;
	1083	szOID_PK CS = '1.2. 840.113549 .1';
	1084	szOID_RS A_HASH = ' 1.2.840.11 3549.2';
	1085	szOID_RS A_ENCRYPT = '1.2.840 .113549.3' ;
	1086
	1087	szOID_PK CS_1 = '1. 2.840.1135 49.1.1';
	1088	szOID_PK CS_2 = '1. 2.840.1135 49.1.2';
	1089	szOID_PK CS_3 = '1. 2.840.1135 49.1.3';
	1090	szOID_PK CS_4 = '1. 2.840.1135 49.1.4';
	1091	szOID_PK CS_5 = '1. 2.840.1135 49.1.5';
	1092	szOID_PK CS_6 = '1. 2.840.1135 49.1.6';
	1093	szOID_PK CS_7 = '1. 2.840.1135 49.1.7';
	1094	szOID_PK CS_8 = '1. 2.840.1135 49.1.8';
	1095	szOID_PK CS_9 = '1. 2.840.1135 49.1.9';
	1096	szOID_PK CS_10 = '1 .2.840.113 549.1.10';
	1097
	1098	szOID_RS A_RSA = '1 .2.840.113 549.1.1.1' ;
	1099	szOID_RS A_MD2RSA = '1.2.840. 113549.1.1 .2';
	1100	szOID_RS A_MD4RSA = '1.2.840. 113549.1.1 .3';
	1101	szOID_RS A_MD5RSA = '1.2.840. 113549.1.1 .4';
	1102	szOID_RS A_SHA1RSA = '1.2.840 .113549.1. 1.5';
	1103	szOID_RS A_SETOAEP_ RSA = '1.2 .840.11354 9.1.1.6';
	1104
	1105	// Added Sept. 201 0 source W indows 7 s dk
	1106	szOID_RS AES_OAEP = '1.2.840. 113549.1.1 .7';
	1107	szOID_RS A_MGF1 = ' 1.2.840.11 3549.1.1.8 ';
	1108	szOID_RS A_PSPECIFI ED = '1.2. 840.113549 .1.1.9';
	1109	szOID_RS A_SSA_PSS = '1.2.840 .113549.1. 1.10';
	1110	szOID_RS A_SHA256RS A = '1.2.8 40.113549. 1.1.11';
	1111	szOID_RS A_SHA384RS A = '1.2.8 40.113549. 1.1.12';
	1112	szOID_RS A_SHA512RS A = '1.2.8 40.113549. 1.1.13';
	1113
	1114	szOID_RS A_data = ' 1.2.840.11 3549.1.7.1 ';
	1115	szOID_RS A_signedDa ta = '1.2. 840.113549 .1.7.2';
	1116	szOID_RS A_envelope dData = '1 .2.840.113 549.1.7.3' ;
	1117	szOID_RS A_signEnvD ata = '1.2 .840.11354 9.1.7.4';
	1118	szOID_RS A_digested Data = '1. 2.840.1135 49.1.7.5';
	1119	szOID_RS A_hashedDa ta = '1.2. 840.113549 .1.7.5';
	1120	szOID_RS A_encrypte dData = '1 .2.840.113 549.1.7.6' ;
	1121
	1122	szOID_RS A_emailAdd r = '1.2.8 40.113549. 1.9.1';
	1123	szOID_RS A_unstruct Name = '1. 2.840.1135 49.1.9.2';
	1124	szOID_RS A_contentT ype = '1.2 .840.11354 9.1.9.3';
	1125	szOID_RS A_messageD igest = '1 .2.840.113 549.1.9.4' ;
	1126	szOID_RS A_signingT ime = '1.2 .840.11354 9.1.9.5';
	1127	szOID_RS A_counterS ign = '1.2 .840.11354 9.1.9.6';
	1128	szOID_RS A_challeng ePwd = '1. 2.840.1135 49.1.9.7';
	1129	szOID_RS A_unstruct Addr = '1. 2.840.1135 49.1.9.8';
	1130	szOID_RS A_extCertA ttrs = '1. 2.840.1135 49.1.9.9';
	1131	szOID_RS A_SMIMECap abilities = '1.2.840 .113549.1. 9.15';
	1132	szOID_RS A_preferSi gnedData = '1.2.840. 113549.1.9 .15.1';
	1133
	1134	szOID_RS A_MD2 = '1 .2.840.113 549.2.2';
	1135	szOID_RS A_MD4 = '1 .2.840.113 549.2.4';
	1136	szOID_RS A_MD5 = '1 .2.840.113 549.2.5';
	1137
	1138	szOID_RS A_RC2CBC = '1.2.840. 113549.3.2 ';
	1139	szOID_RS A_RC4 = '1 .2.840.113 549.3.4';
	1140	szOID_RS A_DES_EDE3 _CBC = '1. 2.840.1135 49.3.7';
	1141	szOID_RS A_RC5_CBCP ad = '1.2. 840.113549 .3.9';
	1142
	1143	// ITU-T UsefulDef initions
	1144	szOID_DS = '2.5';
	1145	szOID_DS ALG = '2.5 .8';
	1146	szOID_DS ALG_CRPT = '2.5.8.1' ;
	1147	szOID_DS ALG_HASH = '2.5.8.2' ;
	1148	szOID_DS ALG_SIGN = '2.5.8.3' ;
	1149	szOID_DS ALG_RSA = '2.5.8.1.1 ';
	1150
	1151	// NIST OSE Implem entors' Wo rkshop (OI W)
	1152	// http: //nemo.ncs l.nist.gov /oiw/agree ments/stab le/OSI/12s _9506.w51
	1153	// http: //nemo.ncs l.nist.gov /oiw/agree ments/work ing/OSI/12 w_9503.w51
	1154	szOID_OI W = '1.3.1 4';
	1155	// NIST OSE Implem entors' Wo rkshop (OI W) Securit y SIG algo rithm iden tifiers
	1156	szOID_OI WSEC = '1. 3.14.3.2';
	1157	szOID_OI WSEC_md4RS A = '1.3.1 4.3.2.2';
	1158	szOID_OI WSEC_md5RS A = '1.3.1 4.3.2.3';
	1159	szOID_OI WSEC_md4RS A2 = '1.3. 14.3.2.4';
	1160	szOID_OI WSEC_desEC B = '1.3.1 4.3.2.6';
	1161	szOID_OI WSEC_desCB C = '1.3.1 4.3.2.7';
	1162	szOID_OI WSEC_desOF B = '1.3.1 4.3.2.8';
	1163	szOID_OI WSEC_desCF B = '1.3.1 4.3.2.9';
	1164	szOID_OI WSEC_desMA C = '1.3.1 4.3.2.10';
	1165	szOID_OI WSEC_rsaSi gn = '1.3. 14.3.2.11' ;
	1166	szOID_OI WSEC_dsa = '1.3.14.3 .2.12';
	1167	szOID_OI WSEC_shaDS A = '1.3.1 4.3.2.13';
	1168	szOID_OI WSEC_mdc2R SA = '1.3. 14.3.2.14' ;
	1169	szOID_OI WSEC_shaRS A = '1.3.1 4.3.2.15';
	1170	szOID_OI WSEC_dhCom mMod = '1. 3.14.3.2.1 6';
	1171	szOID_OI WSEC_desED E = '1.3.1 4.3.2.17';
	1172	szOID_OI WSEC_sha = '1.3.14.3 .2.18';
	1173	szOID_OI WSEC_mdc2 = '1.3.14. 3.2.19';
	1174	szOID_OI WSEC_dsaCo mm = '1.3. 14.3.2.20' ;
	1175	szOID_OI WSEC_dsaCo mmSHA = '1 .3.14.3.2. 21';
	1176	szOID_OI WSEC_rsaXc hg = '1.3. 14.3.2.22' ;
	1177	szOID_OI WSEC_keyHa shSeal = ' 1.3.14.3.2 .23';
	1178	szOID_OI WSEC_md2RS ASign = '1 .3.14.3.2. 24';
	1179	szOID_OI WSEC_md5RS ASign = '1 .3.14.3.2. 25';
	1180	szOID_OI WSEC_sha1 = '1.3.14. 3.2.26';
	1181	szOID_OI WSEC_dsaSH A1 = '1.3. 14.3.2.27' ;
	1182	szOID_OI WSEC_dsaCo mmSHA1 = ' 1.3.14.3.2 .28';
	1183	szOID_OI WSEC_sha1R SASign = ' 1.3.14.3.2 .29';
	1184	// NIST OSE Implem entors' Wo rkshop (OI W) Directo ry SIG alg orithm ide ntifiers
	1185	szOID_OI WDIR = '1. 3.14.7.2';
	1186	szOID_OI WDIR_CRPT = '1.3.14. 7.2.1';
	1187	szOID_OI WDIR_HASH = '1.3.14. 7.2.2';
	1188	szOID_OI WDIR_SIGN = '1.3.14. 7.2.3';
	1189	szOID_OI WDIR_md2 = '1.3.14.7 .2.2.1';
	1190	szOID_OI WDIR_md2RS A = '1.3.1 4.7.2.3.1' ;
	1191
	1192	// INFOS EC Algorit hms
	1193	// joint -iso-ccitt (2) countr y(16) us(8 40) organi zation(1) us-governm ent(101) d od(2) id-i nfosec(1)
	1194	szOID_IN FOSEC = '2 .16.840.1. 101.2.1';
	1195	szOID_IN FOSEC_sdns Signature = '2.16.84 0.1.101.2. 1.1.1';
	1196	szOID_IN FOSEC_mosa icSignatur e = '2.16. 840.1.101. 2.1.1.2';
	1197	szOID_IN FOSEC_sdns Confidenti ality = '2 .16.840.1. 101.2.1.1. 3';
	1198	szOID_IN FOSEC_mosa icConfiden tiality = '2.16.840. 1.101.2.1. 1.4';
	1199	szOID_IN FOSEC_sdns Integrity = '2.16.84 0.1.101.2. 1.1.5';
	1200	szOID_IN FOSEC_mosa icIntegrit y = '2.16. 840.1.101. 2.1.1.6';
	1201	szOID_IN FOSEC_sdns TokenProte ction = '2 .16.840.1. 101.2.1.1. 7';
	1202	szOID_IN FOSEC_mosa icTokenPro tection = '2.16.840. 1.101.2.1. 1.8';
	1203	szOID_IN FOSEC_sdns KeyManagem ent = '2.1 6.840.1.10 1.2.1.1.9' ;
	1204	szOID_IN FOSEC_mosa icKeyManag ement = '2 .16.840.1. 101.2.1.1. 10';
	1205	szOID_IN FOSEC_sdns KMandSig = '2.16.840 .1.101.2.1 .1.11';
	1206	szOID_IN FOSEC_mosa icKMandSig = '2.16.8 40.1.101.2 .1.1.12';
	1207	szOID_IN FOSEC_Suit eASignatur e = '2.16. 840.1.101. 2.1.1.13';
	1208	szOID_IN FOSEC_Suit eAConfiden tiality = '2.16.840. 1.101.2.1. 1.14';
	1209	szOID_IN FOSEC_Suit eAIntegrit y = '2.16. 840.1.101. 2.1.1.15';
	1210	szOID_IN FOSEC_Suit eATokenPro tection = '2.16.840. 1.101.2.1. 1.16';
	1211	szOID_IN FOSEC_Suit eAKeyManag ement = '2 .16.840.1. 101.2.1.1. 17';
	1212	szOID_IN FOSEC_Suit eAKMandSig = '2.16.8 40.1.101.2 .1.1.18';
	1213	szOID_IN FOSEC_mosa icUpdatedS ig = '2.16 .840.1.101 .2.1.1.19' ;
	1214	szOID_IN FOSEC_mosa icKMandUpd Sig = '2.1 6.840.1.10 1.2.1.1.20 ';
	1215	szOID_IN FOSEC_mosa icUpdatedI nteg = '2. 16.840.1.1 01.2.1.1.2 1';
	1216
	1217	type
	1218	PCRYPT_O BJID_TABLE = ^CRYPT_ OBJID_TABL E;
	1219
	1220	CRYPT_OB JID_TABLE = record
	1221	dwAlgI d: DWORD;
	1222	pszObj Id: LPCSTR ;
	1223	end;
	1224
	1225	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1226	// PKCS #1 HashInf o (DigestI nfo)
	1227	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1228
	1229	type
	1230	PCRYPT_H ASH_INFO = ^CRYPT_HA SH_INFO;
	1231
	1232	CRYPT_HA SH_INFO = record
	1233	HashAl gorithm: C RYPT_ALGOR ITHM_IDENT IFIER;
	1234	Hash: CRYPT_HASH _BLOB;
	1235	end;
	1236
	1237	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1238	// Type used for a n extensio n to an en coded cont ent
	1239	//
	1240	// Where the Value 's CRYPT_O BJID_BLOB is in its encoded re presentati on.
	1241	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1242
	1243	type
	1244	PCERT_EX TENSION = ^CERT_EXTE NSION;
	1245
	1246	CERT_EXT ENSION = r ecord
	1247	pszObj Id: LPSTR;
	1248	fCriti cal: BOOL;
	1249	Value: CRYPT_OBJ ID_BLOB;
	1250	end;
	1251
	1252	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1253	// Attri buteTypeVa lue
	1254	//
	1255	// Where the Value 's CRYPT_O BJID_BLOB is in its encoded re presentati on.
	1256	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1257
	1258	type
	1259	PCRYPT_A TTRIBUTE_T YPE_VALUE = ^CRYPT_A TTRIBUTE_T YPE_VALUE;
	1260
	1261	CRYPT_AT TRIBUTE_TY PE_VALUE = record
	1262	pszObj Id: LPSTR;
	1263	Value: CRYPT_OBJ ID_BLOB;
	1264	end;
	1265
	1266	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1267	// Attri butes
	1268	//
	1269	// Where the Value 's PATTR_B LOBs are i n their en coded repr esentation .
	1270	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1271
	1272	type
	1273	PCRYPT_A TTRIBUTE = ^CRYPT_AT TRIBUTE;
	1274
	1275	CRYPT_AT TRIBUTE = record
	1276	pszObj Id: LPSTR;
	1277	cValue : DWORD;
	1278	rgValu e: PCRYPT_ ATTR_BLOB;
	1279	end;
	1280
	1281	type
	1282	PCRYPT_A TTRIBUTES = ^CRYPT_A TTRIBUTES;
	1283
	1284	CRYPT_AT TRIBUTES = record
	1285	cAttr: DWORD; { IN }
	1286	rgAttr : PCRYPT_A TTRIBUTE; { IN }
	1287	end;
	1288
	1289	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1290	// Attri butes maki ng up a Re lative Dis tinguished Name (CER T_RDN)
	1291	//
	1292	// The i nterpretat ion of the Value dep ends on th e dwValueT ype.
	1293	// See b elow for a list of t he types.
	1294	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1295
	1296	type
	1297	PCERT_RD N_ATTR = ^ CERT_RDN_A TTR;
	1298
	1299	CERT_RDN _ATTR = re cord
	1300	pszObj Id: LPSTR;
	1301	dwValu eType: DWO RD;
	1302	Value: CERT_RDN_ VALUE_BLOB ;
	1303	end;
	1304
	1305	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1306	// CERT_ RDN attrib ute Object Identifie rs
	1307	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1308	// Label ing attrib ute types:
	1309	const
	1310	szOID_CO MMON_NAME = '2.5.4.3 '; // case -ignore st ring
	1311	szOID_SU R_NAME = ' 2.5.4.4'; // case-ig nore strin g
	1312	szOID_DE VICE_SERIA L_NUMBER = '2.5.4.5' ; // print able strin g
	1313
	1314	// Geogr aphic attr ibute type s:
	1315	szOID_CO UNTRY_NAME = '2.5.4. 6'; // pri ntable 2ch ar string
	1316	szOID_LO CALITY_NAM E = '2.5.4 .7'; // ca se-ignore string
	1317	szOID_ST ATE_OR_PRO VINCE_NAME = '2.5.4. 8'; // cas e-ignore s tring
	1318	szOID_ST REET_ADDRE SS = '2.5. 4.9'; // c ase-ignore string
	1319
	1320	// Organ izational attribute types:
	1321	szOID_OR GANIZATION _NAME = '2 .5.4.10'; // case-ig nore strin g
	1322	szOID_OR GANIZATION AL_UNIT_NA ME = '2.5. 4.11'; // case-ignor e string
	1323	szOID_TI TLE = '2.5 .4.12'; // case-igno re string
	1324
	1325	// Expla natory att ribute typ es:
	1326	szOID_DE SCRIPTION = '2.5.4.1 3'; // cas e-ignore s tring
	1327	szOID_SE ARCH_GUIDE = '2.5.4. 14';
	1328	szOID_BU SINESS_CAT EGORY = '2 .5.4.15'; // case-ig nore strin g
	1329
	1330	// Posta l addressi ng attribu te types:
	1331	szOID_PO STAL_ADDRE SS = '2.5. 4.16';
	1332	szOID_PO STAL_CODE = '2.5.4.1 7'; // cas e-ignore s tring
	1333	szOID_PO ST_OFFICE_ BOX = '2.5 .4.18'; // case-igno re string
	1334	szOID_PH YSICAL_DEL IVERY_OFFI CE_NAME = '2.5.4.19' ; // case- ignore str ing
	1335
	1336	// Telec ommunicati ons addres sing attri bute types :
	1337	szOID_TE LEPHONE_NU MBER = '2. 5.4.20'; / / telephon e number
	1338	szOID_TE LEX_NUMBER = '2.5.4. 21';
	1339	szOID_TE LETEXT_TER MINAL_IDEN TIFIER = ' 2.5.4.22';
	1340	szOID_FA CSIMILE_TE LEPHONE_NU MBER = '2. 5.4.23';
	1341	szOID_X2 1_ADDRESS = '2.5.4.2 4'; // num eric strin g
	1342	szOID_IN TERNATIONA L_ISDN_NUM BER = '2.5 .4.25'; // numeric s tring
	1343	szOID_RE GISTERED_A DDRESS = ' 2.5.4.26';
	1344	szOID_DE STINATION_ INDICATOR = '2.5.4.2 7'; // pri ntable str ing
	1345
	1346	// Prefe rence attr ibute type s:
	1347	szOID_PR EFERRED_DE LIVERY_MET HOD = '2.5 .4.28';
	1348
	1349	// OSI a pplication attribute types:
	1350	szOID_PR ESENTATION _ADDRESS = '2.5.4.29 ';
	1351	szOID_SU PPORTED_AP PLICATION_ CONTEXT = '2.5.4.30' ;
	1352
	1353	// Relat ional appl ication at tribute ty pes:
	1354	szOID_ME MBER = '2. 5.4.31';
	1355	szOID_OW NER = '2.5 .4.32';
	1356	szOID_RO LE_OCCUPAN T = '2.5.4 .33';
	1357	szOID_SE E_ALSO = ' 2.5.4.34';
	1358
	1359	// Secur ity attrib ute types:
	1360	szOID_USER _PASSWORD = ' PW ';
	1361	szOID_US ER_CERTIFI CATE = '2. 5.4.36';
	1362	szOID_CA _CERTIFICA TE = '2.5. 4.37';
	1363	szOID_AU THORITY_RE VOCATION_L IST = '2.5 .4.38';
	1364	szOID_CE RTIFICATE_ REVOCATION _LIST = '2 .5.4.39';
	1365	szOID_CR OSS_CERTIF ICATE_PAIR = '2.5.4. 40';
	1366
	1367	// Undoc umented at tribute ty pes???
	1368	// #defi ne szOID_? ?? '2. 5.4.41'
	1369	szOID_GI VEN_NAME = '2.5.4.42 '; // case -ignore st ring
	1370	szOID_IN ITIALS = ' 2.5.4.43'; // case-i gnore stri ng
	1371
	1372	// Pilot user attr ibute type s:
	1373	szOID_DO MAIN_COMPO NENT = '0. 9.2342.192 00300.100. 1.25'; // IA5 string
	1374
	1375	szOID_ID 1 = '0.9.2 342.192003 00.100.1.1 ';
	1376
	1377
	1378	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1379	// CERT_ RDN Attrib ute Value Types
	1380	//
	1381	// For R DN_ENCODED _BLOB, the Value's C ERT_RDN_VA LUE_BLOB i s in its e ncoded
	1382	// repre sentation. Otherwise , its an a rray of by tes.
	1383	//
	1384	// For a ll CERT_RD N types, V alue.cbDat a is alway s the numb er of byte s, not
	1385	// neces sarily the number of elements in the str ing. For i nstance,
	1386	// RDN_U NIVERSAL_S TRING is a n array of ints (cbD ata == int Cnt * 4) a nd
	1387	// RDN_B MP_STRING is an arra y of unsig ned shorts (cbData = = ushortCn t * 2).
	1388	//
	1389	// For C ertDecodeN ame, two 0 bytes are always ap pended to the end of the
	1390	// strin g (ensures a CHAR or WCHAR str ing is nul l terminat ed).
	1391	// These added 0 b ytes are't included in the BLO B.cbData.
	1392	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1393
	1394	const
	1395	CERT_RDN _ANY_TYPE = 0;
	1396	CERT_RDN _ENCODED_B LOB = 1;
	1397	CERT_RDN _OCTET_STR ING = 2;
	1398	CERT_RDN _NUMERIC_S TRING = 3;
	1399	CERT_RDN _PRINTABLE _STRING = 4;
	1400	CERT_RDN _TELETEX_S TRING = 5;
	1401	CERT_RDN _T61_STRIN G = 5;
	1402	CERT_RDN _VIDEOTEX_ STRING = 6 ;
	1403	CERT_RDN _IA5_STRIN G = 7;
	1404	CERT_RDN _GRAPHIC_S TRING = 8;
	1405	CERT_RDN _VISIBLE_S TRING = 9;
	1406	CERT_RDN _ISO646_ST RING = 9;
	1407	CERT_RDN _GENERAL_S TRING = 10 ;
	1408	CERT_RDN _UNIVERSAL _STRING = 11;
	1409	CERT_RDN _INT4_STRI NG = 11;
	1410	CERT_RDN _BMP_STRIN G = 12;
	1411	CERT_RDN _UNICODE_S TRING = 12 ;
	1412
	1413	// Macro to check that the d wValueType is a char acter stri ng and not an
	1414	// encod ed blob or octet str ing
	1415	function I S_CERT_RDN _CHAR_STRI NG(x: DWOR D): BOOL;
	1416
	1417	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	1418	// A CERT_ RDN consis ts of an a rray of th e above at tributes
	1419	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	1420
	1421	type
	1422	PCERT_RD N = ^CERT_ RDN;
	1423
	1424	CERT_RDN = record
	1425	cRDNAt tr: DWORD;
	1426	rgRDNA ttr: PCERT _RDN_ATTR;
	1427	end;
	1428
	1429	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1430	// Infor mation sto red in a s ubject's o r issuer's name. The informati on
	1431	// is re presented as an arra y of the a bove RDNs.
	1432	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1433
	1434	type
	1435	PCERT_NA ME_INFO = ^CERT_NAME _INFO;
	1436
	1437	CERT_NAM E_INFO = r ecord
	1438	cRDN: DWORD;
	1439	rgRDN: PCERT_RDN ;
	1440	end;
	1441
	1442	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1443	// Name attribute value with out the Ob ject Ident ifier
	1444	//
	1445	// The i nterpretat ion of the Value dep ends on th e dwValueT ype.
	1446	// See a bove for a list of t he types.
	1447	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1448
	1449	type
	1450	PCERT_NA ME_VALUE = ^CERT_NAM E_VALUE;
	1451
	1452	CERT_NAM E_VALUE = record
	1453	dwValu eType: DWO RD;
	1454	Value: CERT_RDN_ VALUE_BLOB ;
	1455	end;
	1456
	1457	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1458	// Publi c Key Info
	1459	//
	1460	// The P ublicKey i s the enco ded repres entation o f the info rmation as it is
	1461	// store d in the b it string
	1462	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1463
	1464	type
	1465	PCERT_PU BLIC_KEY_I NFO = ^CER T_PUBLIC_K EY_INFO;
	1466
	1467	CERT_PUB LIC_KEY_IN FO = recor d
	1468	Algori thm: CRYPT _ALGORITHM _IDENTIFIE R;
	1469	Public Key: CRYPT _BIT_BLOB;
	1470	end;
	1471
	1472	const
	1473	CERT_RSA _PUBLIC_KE Y_OBJID = szOID_RSA_ RSA;
	1474	CERT_DEF AULT_OID_P UBLIC_KEY_ SIGN = szO ID_RSA_RSA ;
	1475	CERT_DEF AULT_OID_P UBLIC_KEY_ XCHG = szO ID_RSA_RSA ;
	1476
	1477	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1478	// Infor mation sto red in a c ertificate
	1479	//
	1480	// The I ssuer, Sub ject, Algo rithm, Pub licKey and Extension BLOBs are the
	1481	// encod ed represe ntation of the infor mation.
	1482	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1483
	1484	type
	1485	PCERT_IN FO = ^CERT _INFO;
	1486
	1487	CERT_INF O = record
	1488	dwVers ion: DWORD ;
	1489	Serial Number: CR YPT_INTEGE R_BLOB;
	1490	Signat ureAlgorit hm: CRYPT_ ALGORITHM_ IDENTIFIER ;
	1491	Issuer : CERT_NAM E_BLOB;
	1492	NotBef ore: TFILE TIME;
	1493	NotAft er: TFILET IME;
	1494	Subjec t: CERT_NA ME_BLOB;
	1495	Subjec tPublicKey Info: CERT _PUBLIC_KE Y_INFO;
	1496	Issuer UniqueId: CRYPT_BIT_ BLOB;
	1497	Subjec tUniqueId: CRYPT_BIT _BLOB;
	1498	cExten sion: DWOR D;
	1499	rgExte nsion: PCE RT_EXTENSI ON;
	1500	end;
	1501
	1502	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1503	// Certi ficate ver sions
	1504	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1505	const
	1506	CERT_V1 = 0;
	1507	CERT_V2 = 1;
	1508	CERT_V3 = 2;
	1509
	1510	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1511	// Certi ficate Inf ormation F lags
	1512	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1513
	1514	CERT_INF O_VERSION_ FLAG = 1;
	1515	CERT_INF O_SERIAL_N UMBER_FLAG = 2;
	1516	CERT_INF O_SIGNATUR E_ALGORITH M_FLAG = 3 ;
	1517	CERT_INF O_ISSUER_F LAG = 4;
	1518	CERT_INF O_NOT_BEFO RE_FLAG = 5;
	1519	CERT_INF O_NOT_AFTE R_FLAG = 6 ;
	1520	CERT_INF O_SUBJECT_ FLAG = 7;
	1521	CERT_INF O_SUBJECT_ PUBLIC_KEY _INFO_FLAG = 8;
	1522	CERT_INF O_ISSUER_U NIQUE_ID_F LAG = 9;
	1523	CERT_INF O_SUBJECT_ UNIQUE_ID_ FLAG = 10;
	1524	CERT_INF O_EXTENSIO N_FLAG = 1 1;
	1525
	1526	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1527	// An en try in a C RL
	1528	//
	1529	// The E xtension B LOBs are t he encoded represent ation of t he informa tion.
	1530	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1531
	1532	type
	1533	PCRL_ENT RY = ^CRL_ ENTRY;
	1534
	1535	CRL_ENTR Y = record
	1536	Serial Number: CR YPT_INTEGE R_BLOB;
	1537	Revoca tionDate: TFILETIME;
	1538	cExten sion: DWOR D;
	1539	rgExte nsion: PCE RT_EXTENSI ON;
	1540	end;
	1541
	1542	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1543	// Infor mation sto red in a C RL
	1544	//
	1545	// The I ssuer, Alg orithm and Extension BLOBs are the encod ed
	1546	// repre sentation of the inf ormation.
	1547	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1548
	1549	type
	1550	PCRL_INF O = ^CRL_I NFO;
	1551
	1552	CRL_INFO = record
	1553	dwVers ion: DWORD ;
	1554	Signat ureAlgorit hm: CRYPT_ ALGORITHM_ IDENTIFIER ;
	1555	Issuer : CERT_NAM E_BLOB;
	1556	ThisUp date: TFIL ETIME;
	1557	NextUp date: TFIL ETIME;
	1558	cCRLEn try: DWORD ;
	1559	rgCRLE ntry: PCRL _ENTRY;
	1560	cExten sion: DWOR D;
	1561	rgExte nsion: PCE RT_EXTENSI ON;
	1562	end;
	1563
	1564	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1565	// CRL v ersions
	1566	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1567	const
	1568	CRL_V1 = 0;
	1569	CRL_V2 = 1;
	1570
	1571	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1572	// Infor mation sto red in a c ertificate request
	1573	//
	1574	// The S ubject, Al gorithm, P ublicKey a nd Attribu te BLOBs a re the enc oded
	1575	// repre sentation of the inf ormation.
	1576	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1577
	1578	type
	1579	PCERT_RE QUEST_INFO = ^CERT_R EQUEST_INF O;
	1580
	1581	CERT_REQ UEST_INFO = record
	1582	dwVers ion: DWORD ;
	1583	Subjec t: CERT_NA ME_BLOB;
	1584	Subjec tPublicKey Info: CERT _PUBLIC_KE Y_INFO;
	1585	cAttri bute: DWOR D;
	1586	rgAttr ibute: PCR YPT_ATTRIB UTE;
	1587	end;
	1588
	1589	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1590	// Certi ficate Req uest versi ons
	1591	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1592	const
	1593	CERT_REQ UEST_V1 = 0;
	1594
	1595	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1596	// Infor mation sto red in Net scape's Ke ygen reque st
	1597	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1598	type
	1599	PCERT_KE YGEN_REQUE ST_INFO = ^CERT_KEYG EN_REQUEST _INFO;
	1600
	1601	CERT_KEY GEN_REQUES T_INFO = r ecord
	1602	dwVers ion: DWORD ;
	1603	Subjec tPublicKey Info: CERT _PUBLIC_KE Y_INFO;
	1604	pwszCh allengeStr ing: LPWST R; // enco ded as IA5
	1605	end;
	1606
	1607	const
	1608	CERT_KEY GEN_REQUES T_V1 = 0;
	1609
	1610	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1611	// Certi ficate, CR L, Certifi cate Reque st or Keyg en Request Signed Co ntent
	1612	//
	1613	// The " to be sign ed" encode d content plus its s ignature. The ToBeSi gned
	1614	// is th e encoded CERT_INFO, CRL_INFO, CERT_REQU EST_INFO o r
	1615	// CERT_ KEYGEN_REQ UEST_INFO.
	1616	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1617	type
	1618	PCERT_SI GNED_CONTE NT_INFO = ^CERT_SIGN ED_CONTENT _INFO;
	1619
	1620	CERT_SIG NED_CONTEN T_INFO = r ecord
	1621	ToBeSi gned: CRYP T_DER_BLOB ;
	1622	Signat ureAlgorit hm: CRYPT_ ALGORITHM_ IDENTIFIER ;
	1623	Signat ure: CRYPT _BIT_BLOB;
	1624	end;
	1625
	1626	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1627	// Certi ficate Tru st List (C TL)
	1628	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1629
	1630	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1631	// CTL U sage. Also used for EnhancedKe yUsage ext ension.
	1632	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1633
	1634	type
	1635	PCTL_USA GE = ^CTL_ USAGE;
	1636
	1637	CTL_USAG E = record
	1638	cUsage Identifier : DWORD;
	1639	rgpszU sageIdenti fier: PLPS TR; // arr ay of pszO bjId
	1640	end;
	1641
	1642	type
	1643	CERT_ENH KEY_USAGE = CTL_USAG E;
	1644	PCERT_EN HKEY_USAGE = ^CERT_E NHKEY_USAG E;
	1645
	1646	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1647	// An en try in a C TL
	1648	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1649	type
	1650	PCTL_ENT RY = ^CTL_ ENTRY;
	1651
	1652	CTL_ENTR Y = record
	1653	Subjec tIdentifie r: CRYPT_D ATA_BLOB; // For exa mple, its hash
	1654	cAttri bute: DWOR D;
	1655	rgAttr ibute: PCR YPT_ATTRIB UTE; // OP TIONAL
	1656	end;
	1657
	1658	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1659	// Infor mation sto red in a C TL
	1660	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1661	type
	1662	PCTL_INF O = ^CTL_I NFO;
	1663
	1664	CTL_INFO = record
	1665	dwVers ion: DWORD ;
	1666	Subjec tUsage: CT L_USAGE;
	1667	ListId entifier: CRYPT_DATA _BLOB; // OPTIONAL
	1668	Sequen ceNumber: CRYPT_INTE GER_BLOB; // OPTIONA L
	1669	ThisUp date: TFIL ETIME;
	1670	NextUp date: TFIL ETIME; // OPTIONAL
	1671	Subjec tAlgorithm : CRYPT_AL GORITHM_ID ENTIFIER;
	1672	cCTLEn try: DWORD ;
	1673	rgCTLE ntry: PCTL _ENTRY; // OPTIONAL
	1674	cExten sion: DWOR D;
	1675	rgExte nsion: PCE RT_EXTENSI ON; // OPT IONAL
	1676	end;
	1677
	1678	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1679	// CTL v ersions
	1680	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1681	const
	1682	CTL_V1 = 0;
	1683
	1684	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1685	// TimeS tamp Reque st
	1686	//
	1687	// The p szTimeStam p is the O ID for the Time type requested
	1688	// The p szContentT ype is the Content T ype OID fo r the cont ent, usual ly DATA
	1689	// The C ontent is a un-decod ed blob
	1690	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1691
	1692	type
	1693	PCRYPT_T IME_STAMP_ REQUEST_IN FO = ^CRYP T_TIME_STA MP_REQUEST _INFO;
	1694
	1695	CRYPT_TI ME_STAMP_R EQUEST_INF O = record
	1696	pszTim eStampAlgo rithm: LPS TR; // psz ObjId
	1697	pszCon tentType: LPSTR; // pszObjId
	1698	Conten t: CRYPT_O BJID_BLOB;
	1699	cAttri bute: DWOR D;
	1700	rgAttr ibute: PCR YPT_ATTRIB UTE;
	1701	end;
	1702
	1703	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1704	// Certi ficate and Message e ncoding ty pes
	1705	//
	1706	// The e ncoding ty pe is a DW ORD contai ning both the certif icate and message
	1707	// encod ing types. The certi ficate enc oding type is stored in the LO WORD.
	1708	// The m essage enc oding type is stored in the HI WORD. Some functions or
	1709	// struc ture field s require only one o f the enco ding types . The foll owing
	1710	// namin g conventi on is used to indica te which e ncoding ty pe(s) are
	1711	// requi red:
	1712	// dwEnc odingType (both e ncoding ty pes are re quired)
	1713	// dwMsg AndCertEnc odingType (both e ncoding ty pes are re quired)
	1714	// dwMsg EncodingTy pe (only m sg encodin g type is required)
	1715	// dwCer tEncodingT ype (only c ert encodi ng type is required)
	1716	//
	1717	// Its a lways acce ptable to specify bo th.
	1718	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1719
	1720	const
	1721	CERT_ENC ODING_TYPE _MASK = $0 000FFFF;
	1722	CMSG_ENC ODING_TYPE _MASK = $F FFF0000;
	1723
	1724	// #defi ne GET_CER T_ENCODING _TYPE(X) (X & CERT _ENCODING_ TYPE_MASK)
	1725	// #defi ne GET_CMS G_ENCODING _TYPE(X) (X & CMSG _ENCODING_ TYPE_MASK)
	1726	function G ET_CERT_EN CODING_TYP E(x: DWORD ): DWORD;
	1727	function G ET_CMSG_EN CODING_TYP E(x: DWORD ): DWORD;
	1728
	1729	const
	1730	CRYPT_AS N_ENCODING = $000000 01;
	1731	CRYPT_ND R_ENCODING = $000000 02;
	1732	X509_ASN _ENCODING = $0000000 1;
	1733	X509_NDR _ENCODING = $0000000 2;
	1734	PKCS_7_A SN_ENCODIN G = $00010 000;
	1735	PKCS_7_N DR_ENCODIN G = $00020 000;
	1736
	1737	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1738	// forma t the spec ified data structure according to the ce rtificate
	1739	// encod ing type.
	1740	//
	1741	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1742
	1743	function C ryptFormat Object(dwC ertEncodin gType: DWO RD;
	1744	dwFormat Type: DWOR D;
	1745	dwFormat StrType: D WORD;
	1746	pFormatS truct: PVO ID;
	1747	lpszStru ctType: LP CSTR;
	1748	const pb Encoded: P BYTE;
	1749	cbEncode d: DWORD;
	1750	pbFormat : PVOID;
	1751	pcbForma t: PDWORD) : BOOL; st dcall;
	1752
	1753	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	1754	// Encode / decode t he specifi ed data st ructure ac cording to the certi ficate
	1755	// encodin g type.
	1756	//
	1757	// See bel ow for a l ist of the predefine d data str uctures.
	1758	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	1759
	1760	function C ryptEncode Object(dwC ertEncodin gType: DWO RD;
	1761	lpszStru ctType: LP CSTR;
	1762	const pv StructInfo : PVOID;
	1763	pbEncode d: PBYTE;
	1764	pcbEncod ed: PDWORD ): BOOL; s tdcall;
	1765
	1766	function C ryptDecode Object(dwC ertEncodin gType: DWO RD;
	1767	lpszStru ctType: LP CSTR;
	1768	const pb Encoded: P BYTE;
	1769	cbEncode d: DWORD;
	1770	dwFlags: DWORD;
	1771	pvStruct Info: PVOI D;
	1772	pcbStruc tInfo: PDW ORD): BOOL ; stdcall;
	1773
	1774	// When th e followin g flag is set the no copy optim ization is enabled.
	1775	// This op timization where app ropriate, updates th e pvStruct Info field s
	1776	// to poin t to conte nt residin g within p bEncoded i nstead of making a c opy
	1777	// of and appending to pvStruc tInfo.
	1778	//
	1779	// Note, w hen set, p bEncoded c an't be fr eed until pvStructIn fo is free d.
	1780	const
	1781	CRYPT_DE CODE_NOCOP Y_FLAG = $ 1;
	1782
	1783	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1784	// Prede fined X509 certifica te data st ructures t hat can be encoded / decoded.
	1785	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1786	CRYPT_EN CODE_DECOD E_NONE = 0 ;
	1787	X509_CER T = (LPCST R(1));
	1788	X509_CER T_TO_BE_SI GNED = (LP CSTR(2));
	1789	X509_CER T_CRL_TO_B E_SIGNED = (LPCSTR(3 ));
	1790	X509_CER T_REQUEST_ TO_BE_SIGN ED = (LPCS TR(4));
	1791	X509_EXT ENSIONS = (LPCSTR(5) );
	1792	X509_NAM E_VALUE = (LPCSTR(6) );
	1793	X509_NAM E = (LPCST R(7));
	1794	X509_PUB LIC_KEY_IN FO = (LPCS TR(8));
	1795
	1796	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1797	// Prede fined X509 certifica te extensi on data st ructures t hat can be
	1798	// encod ed / decod ed.
	1799	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1800	X509_AUT HORITY_KEY _ID = (LPC STR(9));
	1801	X509_KEY _ATTRIBUTE S = (LPCST R(10));
	1802	X509_KEY _USAGE_RES TRICTION = (LPCSTR(1 1));
	1803	X509_ALT ERNATE_NAM E = (LPCST R(12));
	1804	X509_BAS IC_CONSTRA INTS = (LP CSTR(13));
	1805	X509_KEY _USAGE = ( LPCSTR(14) );
	1806	X509_BAS IC_CONSTRA INTS2 = (L PCSTR(15)) ;
	1807	X509_CER T_POLICIES = (LPCSTR (16));
	1808
	1809	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1810	// Addit ional pred efined dat a structur es that ca n be encod ed / decod ed.
	1811	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1812	PKCS_UTC _TIME = (L PCSTR(17)) ;
	1813	PKCS_TIM E_REQUEST = (LPCSTR( 18));
	1814	RSA_CSP_ PUBLICKEYB LOB = (LPC STR(19));
	1815	X509_UNI CODE_NAME = (LPCSTR( 20));
	1816
	1817	X509_KEY GEN_REQUES T_TO_BE_SI GNED = (LP CSTR(21));
	1818	PKCS_ATT RIBUTE = ( LPCSTR(22) );
	1819	PKCS_CON TENT_INFO_ SEQUENCE_O F_ANY = (L PCSTR(23)) ;
	1820
	1821	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1822	// Prede fined prim itive data structure s that can be encode d / decode d.
	1823	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1824	X509_UNI CODE_NAME_ VALUE = (L PCSTR(24)) ;
	1825	X509_ANY _STRING = X509_NAME_ VALUE;
	1826	X509_UNI CODE_ANY_S TRING = X5 09_UNICODE _NAME_VALU E;
	1827	X509_OCT ET_STRING = (LPCSTR( 25));
	1828	X509_BIT S = (LPCST R(26));
	1829	X509_INT EGER = (LP CSTR(27));
	1830	X509_MUL TI_BYTE_IN TEGER = (L PCSTR(28)) ;
	1831	X509_ENU MERATED = (LPCSTR(29 ));
	1832	X509_CHO ICE_OF_TIM E = (LPCST R(30));
	1833
	1834	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1835	// More predefined X509 cert ificate ex tension da ta structu res that c an be
	1836	// encod ed / decod ed.
	1837	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1838
	1839	X509_AUT HORITY_KEY _ID2 = (LP CSTR(31));
	1840	// X509_ AUTHORITY_ INFO_ACCES S (LPCSTR(3 2));
	1841	X509_CRL _REASON_CO DE = X509_ ENUMERATED ;
	1842	PKCS_CON TENT_INFO = (LPCSTR( 33));
	1843	X509_SEQ UENCE_OF_A NY = (LPCS TR(34));
	1844	X509_CRL _DIST_POIN TS = (LPCS TR(35));
	1845	X509_ENH ANCED_KEY_ USAGE = (L PCSTR(36)) ;
	1846	PKCS_CTL = (LPCSTR (37));
	1847
	1848	X509_MUL TI_BYTE_UI NT = (LPCS TR(38));
	1849	X509_DSS _PUBLICKEY = X509_MU LTI_BYTE_U INT;
	1850	X509_DSS _PARAMETER S = (LPCST R(39));
	1851	X509_DSS _SIGNATURE = (LPCSTR (40));
	1852	PKCS_RC2 _CBC_PARAM ETERS = (L PCSTR(41)) ;
	1853	PKCS_SMI ME_CAPABIL ITIES = (L PCSTR(42)) ;
	1854
	1855	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1856	// Prede fined PKCS #7 data s tructures that can b e encoded / decoded.
	1857	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1858	PKCS7_SI GNER_INFO = (LPCSTR( 500));
	1859
	1860	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1861	// Prede fined Soft ware Publi shing Cred ential (SP C) data s tructures that
	1862	// can b e encoded / decoded.
	1863	//
	1864	// Prede fined valu es: 2000 . . 2999
	1865	//
	1866	// See s pc.h for v alue and d ata struct ure defini tions.
	1867	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1868	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1869	// Exten sion Objec t Identifi ers
	1870	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1871	const
	1872	szOID_AU THORITY_KE Y_IDENTIFI ER = '2.5. 29.1';
	1873	szOID_KE Y_ATTRIBUT ES = '2.5. 29.2';
	1874	szOID_KE Y_USAGE_RE STRICTION = '2.5.29. 4';
	1875	szOID_SU BJECT_ALT_ NAME = '2. 5.29.7';
	1876	szOID_IS SUER_ALT_N AME = '2.5 .29.8';
	1877	szOID_BA SIC_CONSTR AINTS = '2 .5.29.10';
	1878	szOID_KE Y_USAGE = '2.5.29.15 ';
	1879	szOID_BA SIC_CONSTR AINTS2 = ' 2.5.29.19' ;
	1880	szOID_CE RT_POLICIE S = '2.5.2 9.32';
	1881
	1882	szOID_AU THORITY_KE Y_IDENTIFI ER2 = '2.5 .29.35';
	1883	szOID_SU BJECT_KEY_ IDENTIFIER = '2.5.29 .14';
	1884	szOID_SU BJECT_ALT_ NAME2 = '2 .5.29.17';
	1885	szOID_IS SUER_ALT_N AME2 = '2. 5.29.18';
	1886	szOID_CR L_REASON_C ODE = '2.5 .29.21';
	1887	szOID_CR L_DIST_POI NTS = '2.5 .29.31';
	1888	szOID_EN HANCED_KEY _USAGE = ' 2.5.29.37' ;
	1889
	1890	// Inter net Public Key Infra structure
	1891	szOID_PK IX = '1.3. 6.1.5.5.7' ;
	1892	szOID_AU THORITY_IN FO_ACCESS = '1.3.6.1 .5.5.7.2';
	1893
	1894	// Micro soft exten sions or a ttributes
	1895	szOID_CE RT_EXTENSI ONS = '1.3 .6.1.4.1.3 11.2.1.14' ;
	1896	szOID_NE XT_UPDATE_ LOCATION = '1.3.6.1. 4.1.311.10 .2';
	1897
	1898	// Micro soft PKCS #7 Content Type Objec t Identifi ers
	1899	szOID_CT L = '1.3.6 .1.4.1.311 .10.1';
	1900
	1901	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1902	// Exten sion Objec t Identifi ers (curre ntly not i mplemented )
	1903	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1904	szOID_PO LICY_MAPPI NGS = '2.5 .29.5';
	1905	szOID_SU BJECT_DIR_ ATTRS = '2 .5.29.9';
	1906
	1907	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1908	// Enhan ced Key Us age (Purpo se) Object Identifie rs
	1909	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1910	const
	1911	szOID_PK IX_KP = '1 .3.6.1.5.5 .7.3';
	1912
	1913	// Consi stent key usage bits : DIGITAL_ SIGNATURE, KEY_ENCIP HERMENT
	1914	// or KE Y_AGREEMEN T
	1915	szOID_PK IX_KP_SERV ER_AUTH = '1.3.6.1.5 .5.7.3.1';
	1916
	1917	// Consi stent key usage bits : DIGITAL_ SIGNATURE
	1918	szOID_PK IX_KP_CLIE NT_AUTH = '1.3.6.1.5 .5.7.3.2';
	1919
	1920	// Consi stent key usage bits : DIGITAL_ SIGNATURE
	1921	szOID_PK IX_KP_CODE _SIGNING = '1.3.6.1. 5.5.7.3.3' ;
	1922
	1923	// Consi stent key usage bits : DIGITAL_ SIGNATURE, NON_REPUD IATION and /or
	1924	// (KEY_ ENCIPHERME NT or KEY_ AGREEMENT)
	1925	szOID_PK IX_KP_EMAI L_PROTECTI ON = '1.3. 6.1.5.5.7. 3.4';
	1926
	1927	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1928	// Micro soft Enhan ced Key Us age (Purpo se) Object Identifie rs
	1929	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1930
	1931	// Signe r of CTLs
	1932	szOID_KP _CTL_USAGE _SIGNING = '1.3.6.1. 4.1.311.10 .3.1';
	1933
	1934	// Signe r of TimeS tamps
	1935	szOID_KP _TIME_STAM P_SIGNING = '1.3.6.1 .4.1.311.1 0.3.2';
	1936
	1937	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1938	// Micro soft Attri bute Objec t Identifi ers
	1939	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1940	szOID_YE SNO_TRUST_ ATTR = '1. 3.6.1.4.1. 311.10.4.1 ';
	1941
	1942	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1943	// X509_ CERT
	1944	//
	1945	// The " to be sign ed" encode d content plus its s ignature. The ToBeSi gned
	1946	// conte nt is the CryptEncod eObject() output for one of th e followin g:
	1947	// X509_ CERT_TO_BE _SIGNED, X 509_CERT_C RL_TO_BE_S IGNED or
	1948	// X509_ CERT_REQUE ST_TO_BE_S IGNED.
	1949	//
	1950	// pvStr uctInfo po ints to CE RT_SIGNED_ CONTENT_IN FO.
	1951	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1952
	1953	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1954	// X509_ CERT_TO_BE _SIGNED
	1955	//
	1956	// pvStr uctInfo po ints to CE RT_INFO.
	1957	//
	1958	// For C ryptDecode Object(), the pbEnco ded is the "to be si gned" plus its
	1959	// signa ture (outp ut of a X5 09_CERT Cr yptEncodeO bject()).
	1960	//
	1961	// For C ryptEncode Object(), the pbEnco ded is jus t the "to be signed" .
	1962	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1963
	1964	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1965	// X509_ CERT_CRL_T O_BE_SIGNE D
	1966	//
	1967	// pvStr uctInfo po ints to CR L_INFO.
	1968	//
	1969	// For C ryptDecode Object(), the pbEnco ded is the "to be si gned" plus its
	1970	// signa ture (outp ut of a X5 09_CERT Cr yptEncodeO bject()).
	1971	//
	1972	// For C ryptEncode Object(), the pbEnco ded is jus t the "to be signed" .
	1973	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1974
	1975	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1976	// X509_ CERT_REQUE ST_TO_BE_S IGNED
	1977	//
	1978	// pvStr uctInfo po ints to CE RT_REQUEST _INFO.
	1979	//
	1980	// For C ryptDecode Object(), the pbEnco ded is the "to be si gned" plus its
	1981	// signa ture (outp ut of a X5 09_CERT Cr yptEncodeO bject()).
	1982	//
	1983	// For C ryptEncode Object(), the pbEnco ded is jus t the "to be signed" .
	1984	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1985
	1986	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1987	// X509_ EXTENSIONS
	1988	// szOID _CERT_EXTE NSIONS
	1989	//
	1990	// pvStr uctInfo po ints to fo llowing CE RT_EXTENSI ONS.
	1991	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	1992	type
	1993	PCERT_EX TENSIONS = ^CERT_EXT ENSIONS;
	1994
	1995	CERT_EXT ENSIONS = record
	1996	cExten sion: DWOR D;
	1997	rgExte nsion: PCE RT_EXTENSI ON;
	1998	end;
	1999
	2000	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2001	// X509_ NAME_VALUE
	2002	// X509_ ANY_STRING
	2003	//
	2004	// pvStr uctInfo po ints to CE RT_NAME_VA LUE.
	2005	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2006
	2007	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2008	// X509_ UNICODE_NA ME_VALUE
	2009	// X509_ UNICODE_AN Y_STRING
	2010	//
	2011	// pvStr uctInfo po ints to CE RT_NAME_VA LUE.
	2012	//
	2013	// The n ame values are unico de strings .
	2014	//
	2015	// For C ryptEncode Object:
	2016	// Value .pbData po ints to th e unicode string.
	2017	// If Va lue.cbData = 0, then , the unic ode string is NULL t erminated.
	2018	// Other wise, Valu e.cbData i s the unic ode string byte coun t. The byt e count
	2019	// is tw ice the ch aracter co unt.
	2020	//
	2021	// If th e unicode string con tains an i nvalid cha racter for the speci fied
	2022	// dwVal ueType, th en, *pcbEn coded is u pdated wit h the unic ode charac ter
	2023	// index of the fi rst invali d characte r. LastErr or is set to:
	2024	// CRYPT _E_INVALID _NUMERIC_S TRING, CRY PT_E_INVAL ID_PRINTAB LE_STRING or
	2025	// CRYPT _E_INVALID _IA5_STRIN G.
	2026	//
	2027	// The u nicode str ing is con verted bef ore being encoded ac cording to
	2028	// the s pecified d wValueType . If dwVal ueType is set to 0, LastError
	2029	// is se t to E_INV ALIDARG.
	2030	//
	2031	// If th e dwValueT ype isn't one of the character strings ( its a
	2032	// CERT_ RDN_ENCODE D_BLOB or CERT_RDN_O CTET_STRIN G), then, CryptEncod eObject
	2033	// will return FAL SE with La stError se t to CRYPT _E_NOT_CHA R_STRING.
	2034	//
	2035	// For C ryptDecode Object:
	2036	// Value .pbData po ints to a NULL termi nated unic ode string . Value.cb Data
	2037	// conta ins the by te count o f the unic ode string excluding the NULL
	2038	// termi nator. dwV alueType c ontains th e type use d in the e ncoded obj ect.
	2039	// Its n ot forced to CERT_RD N_UNICODE_ STRING. Th e encoded value is
	2040	// conve rted to th e unicode string acc ording to the dwValu eType.
	2041	//
	2042	// If th e encoded object isn 't one of the charac ter string types, th en,
	2043	// Crypt DecodeObje ct will re turn FALSE with Last Error set to
	2044	// CRYPT _E_NOT_CHA R_STRING. For a non character string, de code using
	2045	// X509_ NAME_VALUE or X509_A NY_STRING.
	2046	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2047
	2048	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2049	// X509_ NAME
	2050	//
	2051	// pvStr uctInfo po ints to CE RT_NAME_IN FO.
	2052	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2053
	2054	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2055	// X509_ UNICODE_NA ME
	2056	//
	2057	// pvStr uctInfo po ints to CE RT_NAME_IN FO.
	2058	//
	2059	// The R DN attribu te values are unicod e strings except for the dwVal ueTypes of
	2060	// CERT_ RDN_ENCODE D_BLOB or CERT_RDN_O CTET_STRIN G. These d wValueType s are
	2061	// the s ame as for a X509_NA ME. Their values are n't conver ted to/fro m unicode.
	2062	//
	2063	// For C ryptEncode Object:
	2064	// Value .pbData po ints to th e unicode string.
	2065	// If Va lue.cbData = 0, then , the unic ode string is NULL t erminated.
	2066	// Other wise, Valu e.cbData i s the unic ode string byte coun t. The byt e count
	2067	// is tw ice the ch aracter co unt.
	2068	//
	2069	// If dw ValueType = 0 (CERT_ RDN_ANY_TY PE), the p szObjId is used to f ind
	2070	// an ac ceptable d wValueType . If the u nicode str ing contai ns an
	2071	// inval id charact er for the found or specified dwValueTyp e, then,
	2072	// *pcbE ncoded is updated wi th the err or locatio n of the i nvalid cha racter.
	2073	// See b elow for d etails. La stError is set to:
	2074	// CRYPT _E_INVALID _NUMERIC_S TRING, CRY PT_E_INVAL ID_PRINTAB LE_STRING or
	2075	// CRYPT _E_INVALID _IA5_STRIN G.
	2076	//
	2077	// The u nicode str ing is con verted bef ore being encoded ac cording to
	2078	// the s pecified o r ObjId ma tching dwV alueType.
	2079	//
	2080	// For C ryptDecode Object:
	2081	// Value .pbData po ints to a NULL termi nated unic ode string . Value.cb Data
	2082	// conta ins the by te count o f the unic ode string excluding the NULL
	2083	// termi nator. dwV alueType c ontains th e type use d in the e ncoded obj ect.
	2084	// Its n ot forced to CERT_RD N_UNICODE_ STRING. Th e encoded value is
	2085	// conve rted to th e unicode string acc ording to the dwValu eType.
	2086	//
	2087	// If th e dwValueT ype of the encoded v alue isn't a charact er string
	2088	// type, then, it isn't conv erted to U NICODE. Us e the
	2089	// IS_CE RT_RDN_CHA R_STRING() macro on the dwValu eType to c heck
	2090	// that Value.pbDa ta points to a conve rted unico de string.
	2091	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2092
	2093	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2094	// Unico de Name Va lue Error Location D efinitions
	2095	//
	2096	// Error location is returne d in *pcbE ncoded by
	2097	// Crypt EncodeObje ct(X509_UN ICODE_NAME )
	2098	//
	2099	// Error location consists o f:
	2100	// RDN_I NDEX - 10 bits < < 22
	2101	// ATTR_ INDEX - 6 bits << 16
	2102	// VALUE _INDEX - 16 bits ( unicode ch aracter in dex)
	2103	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2104	const
	2105	CERT_UNI CODE_RDN_E RR_INDEX_M ASK = $3FF ;
	2106	CERT_UNI CODE_RDN_E RR_INDEX_S HIFT = 22;
	2107	CERT_UNI CODE_ATTR_ ERR_INDEX_ MASK = $00 3F;
	2108	CERT_UNI CODE_ATTR_ ERR_INDEX_ SHIFT = 16 ;
	2109	CERT_UNI CODE_VALUE _ERR_INDEX _MASK = $0 000FFFF;
	2110	CERT_UNI CODE_VALUE _ERR_INDEX _SHIFT = 0 ;
	2111
	2112	{ #defin e GET_CERT _UNICODE_R DN_ERR_IND EX(X) \
	2113	((X >> CERT_UNIC ODE_RDN_ER R_INDEX_SH IFT) & CER T_UNICODE_ RDN_ERR_IN DEX_MASK) }
	2114	function G ET_CERT_UN ICODE_RDN_ ERR_INDEX( x: integer ): integer ;
	2115	{ #define GET_CERT_U NICODE_ATT R_ERR_INDE X(X) \
	2116	((X >> C ERT_UNICOD E_ATTR_ERR _INDEX_SHI FT) & CERT _UNICODE_A TTR_ERR_IN DEX_MASK) }
	2117	function G ET_CERT_UN ICODE_ATTR _ERR_INDEX (x: intege r): intege r;
	2118	{ #define GET_CERT_U NICODE_VAL UE_ERR_IND EX(X) \
	2119	(X & CER T_UNICODE_ VALUE_ERR_ INDEX_MASK ) }
	2120	function G ET_CERT_UN ICODE_VALU E_ERR_INDE X(x: integ er): integ er;
	2121
	2122	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	2123	// X509_PU BLIC_KEY_I NFO
	2124	//
	2125	// pvStruc tInfo poin ts to CERT _PUBLIC_KE Y_INFO.
	2126	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	2127
	2128	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	2129	// X509_AU THORITY_KE Y_ID
	2130	// szOID_A UTHORITY_K EY_IDENTIF IER
	2131	//
	2132	// pvStruc tInfo poin ts to foll owing CERT _AUTHORITY _KEY_ID_IN FO.
	2133	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	2134	type
	2135	PCERT_AU THORITY_KE Y_ID_INFO = ^CERT_AU THORITY_KE Y_ID_INFO;
	2136
	2137	CERT_AUT HORITY_KEY _ID_INFO = record
	2138	KeyId: CRYPT_DAT A_BLOB;
	2139	CertIs suer: CERT _NAME_BLOB ;
	2140	CertSe rialNumber : CRYPT_IN TEGER_BLOB ;
	2141	end;
	2142
	2143	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2144	// X509_ KEY_ATTRIB UTES
	2145	// szOID _KEY_ATTRI BUTES
	2146	//
	2147	// pvStr uctInfo po ints to fo llowing CE RT_KEY_ATT RIBUTES_IN FO.
	2148	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2149	type
	2150	PCERT_PR IVATE_KEY_ VALIDITY = ^CERT_PRI VATE_KEY_V ALIDITY;
	2151
	2152	CERT_PRI VATE_KEY_V ALIDITY = record
	2153	NotBef ore: TFILE TIME;
	2154	NotAft er: TFILET IME;
	2155	end;
	2156
	2157	type
	2158	PCERT_KE Y_ATTRIBUT ES_INFO = ^CERT_KEY_ ATTRIBUTES _INFO;
	2159
	2160	CERT_KEY _ATTRIBUTE S_INFO = r ecord
	2161	KeyId: CRYPT_DAT A_BLOB;
	2162	Intend edKeyUsage : CRYPT_BI T_BLOB;
	2163	pPriva teKeyUsage Period: PC ERT_PRIVAT E_KEY_VALI DITY; // O PTIONAL
	2164	end;
	2165
	2166	const
	2167	CERT_DIG ITAL_SIGNA TURE_KEY_U SAGE = $80 ;
	2168	CERT_NON _REPUDIATI ON_KEY_USA GE = $40;
	2169	CERT_KEY _ENCIPHERM ENT_KEY_US AGE = $20;
	2170	CERT_DAT A_ENCIPHER MENT_KEY_U SAGE = $10 ;
	2171	CERT_KEY _AGREEMENT _KEY_USAGE = $08;
	2172	CERT_KEY _CERT_SIGN _KEY_USAGE = $04;
	2173	CERT_OFF LINE_CRL_S IGN_KEY_US AGE = $02;
	2174
	2175	CERT_CRL _SIGN_KEY_ USAGE = $0 2;
	2176
	2177	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2178	// X509_ KEY_USAGE_ RESTRICTIO N
	2179	// szOID _KEY_USAGE _RESTRICTI ON
	2180	//
	2181	// pvStr uctInfo po ints to fo llowing CE RT_KEY_USA GE_RESTRIC TION_INFO.
	2182	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2183	type
	2184	PCERT_PO LICY_ID = ^CERT_POLI CY_ID;
	2185
	2186	CERT_POL ICY_ID = r ecord
	2187	cCertP olicyEleme ntId: DWOR D;
	2188	rgpszC ertPolicyE lementId: PLPSTR; // pszObjId
	2189	end;
	2190
	2191	type
	2192	PCERT_KE Y_USAGE_RE STRICTION_ INFO = ^CE RT_KEY_USA GE_RESTRIC TION_INFO;
	2193
	2194	CERT_KEY _USAGE_RES TRICTION_I NFO = reco rd
	2195	cCertP olicyId: D WORD;
	2196	rgCert PolicyId: PCERT_POLI CY_ID;
	2197	Restri ctedKeyUsa ge: CRYPT_ BIT_BLOB;
	2198	end;
	2199
	2200	// See C ERT_KEY_AT TRIBUTES_I NFO for de finition o f the Rest rictedKeyU sage bits
	2201
	2202	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2203	// X509_ ALTERNATE_ NAME
	2204	// szOID _SUBJECT_A LT_NAME
	2205	// szOID _ISSUER_AL T_NAME
	2206	// szOID _SUBJECT_A LT_NAME2
	2207	// szOID _ISSUER_AL T_NAME2
	2208	//
	2209	// pvStr uctInfo po ints to fo llowing CE RT_ALT_NAM E_INFO.
	2210	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2211
	2212	type
	2213	PCERT_AL T_NAME_ENT RY = ^CERT _ALT_NAME_ ENTRY;
	2214
	2215	CERT_ALT _NAME_ENTR Y = record
	2216	dwAltN ameChoice: DWORD;
	2217	case i nteger of
	2218	{ 1 } 0:
	2219	( { OtherNam e :Not imp lemented } );
	2220	{ 2 } 1:
	2221	(p wszRfc822N ame: LPWST R); // (en coded IA5)
	2222	{ 3 } 2:
	2223	(p wszDNSName : LPWSTR); // (encod ed IA5)
	2224	{ 4 } 3:
	2225	( { x400Addr ess :No t implemen ted } );
	2226	{ 5 } 4:
	2227	(D irectoryNa me: CERT_N AME_BLOB);
	2228	{ 6 } 5:
	2229	( { pEdiPart yName :No t implemen ted } );
	2230	{ 7 } 6:
	2231	(p wszURL: LP WSTR); // (encoded I A5)
	2232	{ 8 } 7:
	2233	(I PAddress: CRYPT_DATA _BLOB); // (Octet St ring)
	2234	{ 9 } 8:
	2235	(p szRegister edID: LPST R); // (Oc tet String )
	2236	end;
	2237
	2238	const
	2239	CERT_ALT _NAME_OTHE R_NAME = 1 ;
	2240	CERT_ALT _NAME_RFC8 22_NAME = 2;
	2241	CERT_ALT _NAME_DNS_ NAME = 3;
	2242	CERT_ALT _NAME_X400 _ADDRESS = 4;
	2243	CERT_ALT _NAME_DIRE CTORY_NAME = 5;
	2244	CERT_ALT _NAME_EDI_ PARTY_NAME = 6;
	2245	CERT_ALT _NAME_URL = 7;
	2246	CERT_ALT _NAME_IP_A DDRESS = 8 ;
	2247	CERT_ALT _NAME_REGI STERED_ID = 9;
	2248
	2249	type
	2250	PCERT_AL T_NAME_INF O = ^CERT_ ALT_NAME_I NFO;
	2251
	2252	CERT_ALT _NAME_INFO = record
	2253	cAltEn try: DWORD ;
	2254	rgAltE ntry: PCER T_ALT_NAME _ENTRY;
	2255	end;
	2256
	2257	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2258	// Alter nate name IA5 Error Location D efinitions for
	2259	// CRYPT _E_INVALID _IA5_STRIN G.
	2260	//
	2261	// Error location is returne d in *pcbE ncoded by
	2262	// Crypt EncodeObje ct(X509_AL TERNATE_NA ME)
	2263	//
	2264	// Error location consists o f:
	2265	// ENTRY _INDEX - 8 bits << 16
	2266	// VALUE _INDEX - 16 bits ( unicode ch aracter in dex)
	2267	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2268
	2269	const
	2270	CERT_ALT _NAME_ENTR Y_ERR_INDE X_MASK = $ FF;
	2271	CERT_ALT _NAME_ENTR Y_ERR_INDE X_SHIFT = 16;
	2272	CERT_ALT _NAME_VALU E_ERR_INDE X_MASK = $ 0000FFFF;
	2273	CERT_ALT _NAME_VALU E_ERR_INDE X_SHIFT = 0;
	2274
	2275	{ #defin e GET_CERT _ALT_NAME_ ENTRY_ERR_ INDEX(X) \
	2276	((X >> CERT_ALT_ NAME_ENTRY _ERR_INDEX _SHIFT) & \
	2277	CERT_A LT_NAME_EN TRY_ERR_IN DEX_MASK) }
	2278	function G ET_CERT_AL T_NAME_ENT RY_ERR_IND EX(x: DWOR D): DWORD;
	2279
	2280	{ #define GET_CERT_A LT_NAME_VA LUE_ERR_IN DEX(X) \
	2281	(X & CER T_ALT_NAME _VALUE_ERR _INDEX_MAS K) }
	2282	function G ET_CERT_AL T_NAME_VAL UE_ERR_IND EX(x: DWOR D): DWORD;
	2283
	2284	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	2285	// X509_BA SIC_CONSTR AINTS
	2286	// szOID_B ASIC_CONST RAINTS
	2287	//
	2288	// pvStruc tInfo poin ts to foll owing CERT _BASIC_CON STRAINTS_I NFO.
	2289	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	2290
	2291	type
	2292	PCERT_BA SIC_CONSTR AINTS_INFO = ^CERT_B ASIC_CONST RAINTS_INF O;
	2293
	2294	CERT_BAS IC_CONSTRA INTS_INFO = record
	2295	Subjec tType: CRY PT_BIT_BLO B;
	2296	fPathL enConstrai nt: BOOL;
	2297	dwPath LenConstra int: DWORD ;
	2298	cSubtr eesConstra int: DWORD ;
	2299	rgSubt reesConstr aint: PCER T_NAME_BLO B;
	2300	end;
	2301
	2302	const
	2303	CERT_CA_ SUBJECT_FL AG = $80;
	2304	CERT_END _ENTITY_SU BJECT_FLAG = $40;
	2305
	2306	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2307	// X509_ BASIC_CONS TRAINTS2
	2308	// szOID _BASIC_CON STRAINTS2
	2309	//
	2310	// pvStr uctInfo po ints to fo llowing CE RT_BASIC_C ONSTRAINTS 2_INFO.
	2311	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2312
	2313	type
	2314	PCERT_BA SIC_CONSTR AINTS2_INF O = ^CERT_ BASIC_CONS TRAINTS2_I NFO;
	2315
	2316	CERT_BAS IC_CONSTRA INTS2_INFO = record
	2317	fCA: B OOL;
	2318	fPathL enConstrai nt: BOOL;
	2319	dwPath LenConstra int: DWORD ;
	2320	end;
	2321
	2322	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2323	// X509_ KEY_USAGE
	2324	// szOID _KEY_USAGE
	2325	//
	2326	// pvStr uctInfo po ints to a CRYPT_BIT_ BLOB. Has same bit d efinitions as
	2327	// CERT_ KEY_ATTRIB UTES_INFO' s Intended KeyUsage.
	2328	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2329
	2330	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2331	// X509_ CERT_POLIC IES
	2332	// szOID _CERT_POLI CIES
	2333	//
	2334	// pvStr uctInfo po ints to fo llowing CE RT_POLICIE S_INFO.
	2335	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2336
	2337	type
	2338	PCERT_PO LICY_QUALI FIER_INFO = ^CERT_PO LICY_QUALI FIER_INFO;
	2339
	2340	CERT_POL ICY_QUALIF IER_INFO = record
	2341	pszPol icyQualifi erId: LPST R; // pszO bjId
	2342	Qualif ier: CRYPT _OBJID_BLO B; // opti onal
	2343	end;
	2344
	2345	type
	2346	PCERT_PO LICY_INFO = ^CERT_PO LICY_INFO;
	2347
	2348	CERT_POL ICY_INFO = record
	2349	pszPol icyIdentif ier: LPSTR ; // pszOb jId
	2350	cPolic yQualifier : DWORD; / / optional
	2351	rgPoli cyQualifie r: PCERT_P OLICY_QUAL IFIER_INFO ;
	2352	end;
	2353
	2354	type
	2355	PCERT_PO LICIES_INF O = ^CERT_ POLICIES_I NFO;
	2356
	2357	CERT_POL ICIES_INFO = record
	2358	cPolic yInfo: DWO RD;
	2359	rgPoli cyInfo: PC ERT_POLICY _INFO;
	2360	end;
	2361
	2362	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2363	// RSA_C SP_PUBLICK EYBLOB
	2364	//
	2365	// pvStr uctInfo po ints to a PUBLICKEYS TRUC immed iately fol lowed by a
	2366	// RSAPU BKEY and t he modulus bytes.
	2367	//
	2368	// Crypt ExportKey outputs th e above St ructInfo f or a dwBlo bType of
	2369	// PUBLI CKEYBLOB. CryptImpor tKey expec ts the abo ve StructI nfo when
	2370	// impor ting a pub lic key.
	2371	//
	2372	// For d wCertEncod ingType = X509_ASN_E NCODING, t he RSA_CSP _PUBLICKEY BLOB is
	2373	// encod ed as a PK CS #1 RSAP ublicKey c onsisting of a SEQUE NCE of a
	2374	// modul us INTEGER and a pub licExponen t INTEGER. The modul us is enco ded
	2375	// as be ing a unsi gned integ er. When d ecoded, if the modul us was enc oded
	2376	// as un signed int eger with a leading 0 byte, th e 0 byte i s removed before
	2377	// conve rting to t he CSP mod ulus bytes .
	2378	//
	2379	// For d ecode, the aiKeyAlg field of P UBLICKEYST RUC is alw ays set to
	2380	// CALG_ RSA_KEYX.
	2381	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2382
	2383	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2384	// X509_ KEYGEN_REQ UEST_TO_BE _SIGNED
	2385	//
	2386	// pvStr uctInfo po ints to CE RT_KEYGEN_ REQUEST_IN FO.
	2387	//
	2388	// For C ryptDecode Object(), the pbEnco ded is the "to be si gned" plus its
	2389	// signa ture (outp ut of a X5 09_CERT Cr yptEncodeO bject()).
	2390	//
	2391	// For C ryptEncode Object(), the pbEnco ded is jus t the "to be signed" .
	2392	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2393
	2394	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2395	// PKCS_ ATTRIBUTE data struc ture
	2396	//
	2397	// pvStr uctInfo po ints to a CRYPT_ATTR IBUTE.
	2398	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2399
	2400	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2401	// PKCS_ CONTENT_IN FO_SEQUENC E_OF_ANY d ata struct ure
	2402	//
	2403	// pvStr uctInfo po ints to fo llowing CR YPT_CONTEN T_INFO_SEQ UENCE_OF_A NY.
	2404	//
	2405	// For X 509_ASN_EN CODING: en coded as a PKCS#7 Co ntentInfo structure wrapping
	2406	// a seq uence of A NY. The va lue of the contentTy pe field i s pszObjId ,
	2407	// while the conte nt field i s the foll owing stru cture:
	2408	// Seque nceOfAny : := SEQUENC E OF ANY
	2409	//
	2410	// The C RYPT_DER_B LOBs point to the al ready enco ded ANY co ntent.
	2411	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2412
	2413	type
	2414	PCRYPT_C ONTENT_INF O_SEQUENCE _OF_ANY = ^CRYPT_CON TENT_INFO_ SEQUENCE_O F_ANY;
	2415
	2416	CRYPT_CO NTENT_INFO _SEQUENCE_ OF_ANY = r ecord
	2417	pszObj Id: LPSTR;
	2418	cValue : DWORD;
	2419	rgValu e: PCRYPT_ DER_BLOB;
	2420	end;
	2421
	2422	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2423	// PKCS_ CONTENT_IN FO data st ructure
	2424	//
	2425	// pvStr uctInfo po ints to fo llowing CR YPT_CONTEN T_INFO.
	2426	//
	2427	// For X 509_ASN_EN CODING: en coded as a PKCS#7 Co ntentInfo structure.
	2428	// The C RYPT_DER_B LOB points to the al ready enco ded ANY co ntent.
	2429	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2430
	2431	type
	2432	PCRYPT_C ONTENT_INF O = ^CRYPT _CONTENT_I NFO;
	2433
	2434	CRYPT_CO NTENT_INFO = record
	2435	pszObj Id: LPSTR;
	2436	Conten t: CRYPT_D ER_BLOB;
	2437	end;
	2438
	2439
	2440	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2441	// X509_ OCTET_STRI NG data st ructure
	2442	//
	2443	// pvStr uctInfo po ints to a CRYPT_DATA _BLOB.
	2444	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2445
	2446	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2447	// X509_ BITS data structure
	2448	//
	2449	// pvStr uctInfo po ints to a CRYPT_BIT_ BLOB.
	2450	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2451
	2452	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2453	// X509_ INTEGER da ta structu re
	2454	//
	2455	// pvStr uctInfo po ints to an int.
	2456	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2457
	2458	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2459	// X509_ MULTI_BYTE _INTEGER d ata struct ure
	2460	//
	2461	// pvStr uctInfo po ints to a CRYPT_INTE GER_BLOB.
	2462	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2463
	2464	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2465	// X509_ ENUMERATED data stru cture
	2466	//
	2467	// pvStr uctInfo po ints to an int conta ining the enumerated value
	2468	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2469
	2470	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2471	// X509_ CHOICE_OF_ TIME data structure
	2472	//
	2473	// pvStr uctInfo po ints to a FILETIME.
	2474	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2475
	2476	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2477	// X509_ SEQUENCE_O F_ANY data structure
	2478	//
	2479	// pvStr uctInfo po ints to fo llowing CR YPT_SEQUEN CE_OF_ANY.
	2480	//
	2481	// The C RYPT_DER_B LOBs point to the al ready enco ded ANY co ntent.
	2482	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2483
	2484	type
	2485	PCRYPT_S EQUENCE_OF _ANY = ^CR YPT_SEQUEN CE_OF_ANY;
	2486
	2487	CRYPT_SE QUENCE_OF_ ANY = reco rd
	2488	cValue : DWORD;
	2489	rgValu e: PCRYPT_ DER_BLOB;
	2490	end;
	2491
	2492	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2493	// X509_ AUTHORITY_ KEY_ID2
	2494	// szOID _AUTHORITY _KEY_IDENT IFIER2
	2495	//
	2496	// pvStr uctInfo po ints to fo llowing CE RT_AUTHORI TY_KEY_ID2 _INFO.
	2497	//
	2498	// For C RYPT_E_INV ALID_IA5_S TRING, the error loc ation is r eturned in
	2499	// *pcbE ncoded by CryptEncod eObject(X5 09_AUTHORI TY_KEY_ID2 )
	2500	//
	2501	// See X 509_ALTERN ATE_NAME f or error l ocation de fines.
	2502	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2503
	2504	type
	2505	PCERT_AU THORITY_KE Y_ID2_INFO = ^CERT_A UTHORITY_K EY_ID2_INF O;
	2506
	2507	CERT_AUT HORITY_KEY _ID2_INFO = record
	2508	KeyId: CRYPT_DAT A_BLOB;
	2509	Author ityCertIss uer: CERT_ ALT_NAME_I NFO; // Op tional, se t cAltEntr y to 0 to omit.
	2510	Author ityCertSer ialNumber: CRYPT_INT EGER_BLOB;
	2511	end;
	2512
	2513	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2514	// szOID _SUBJECT_K EY_IDENTIF IER
	2515	//
	2516	// pvStr uctInfo po ints to a CRYPT_DATA _BLOB.
	2517	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2518
	2519
	2520	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2521	// X509_ CRL_REASON _CODE
	2522	// szOID _CRL_REASO N_CODE
	2523	//
	2524	// pvStr uctInfo po ints to an int which can be se t to one o f the foll owing
	2525	// enume rated valu es:
	2526	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2527
	2528	const
	2529	CRL_REAS ON_UNSPECI FIED = 0;
	2530	CRL_REAS ON_KEY_COM PROMISE = 1;
	2531	CRL_REAS ON_CA_COMP ROMISE = 2 ;
	2532	CRL_REAS ON_AFFILIA TION_CHANG ED = 3;
	2533	CRL_REAS ON_SUPERSE DED = 4;
	2534	CRL_REAS ON_CESSATI ON_OF_OPER ATION = 5;
	2535	CRL_REAS ON_CERTIFI CATE_HOLD = 6;
	2536	CRL_REAS ON_REMOVE_ FROM_CRL = 8;
	2537
	2538	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2539	// X509_ CRL_DIST_P OINTS
	2540	// szOID _CRL_DIST_ POINTS
	2541	//
	2542	// pvStr uctInfo po ints to fo llowing CR L_DIST_POI NTS_INFO.
	2543	//
	2544	// For C RYPT_E_INV ALID_IA5_S TRING, the error loc ation is r eturned in
	2545	// *pcbE ncoded by CryptEncod eObject(X5 09_CRL_DIS T_POINTS)
	2546	//
	2547	// Error location consists o f:
	2548	// CRL_I SSUER_BIT - 1 bit << 31 (0 for FullN ame, 1 for CRLIssuer )
	2549	// POINT _INDEX - 7 bit s << 24
	2550	// ENTRY _INDEX - 8 bit s << 16
	2551	// VALUE _INDEX - 16 bi ts (unicod e characte r index)
	2552	//
	2553	// See X 509_ALTERN ATE_NAME f or ENTRY_I NDEX and V ALUE_INDEX error loc ation
	2554	// defin es.
	2555	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2556
	2557	type
	2558	PCRL_DIS T_POINT_NA ME = ^CRL_ DIST_POINT _NAME;
	2559
	2560	CRL_DIST _POINT_NAM E = record
	2561	dwDist PointNameC hoice: DWO RD;
	2562	case i nteger of
	2563	0:
	2564	(F ullName: C ERT_ALT_NA ME_INFO); { 1 }
	2565	1:
	2566	( { IssuerRD N :Not imp lemented } ); { 2 }
	2567	end;
	2568
	2569	const
	2570	CRL_DIST _POINT_NO_ NAME = 0;
	2571	CRL_DIST _POINT_FUL L_NAME = 1 ;
	2572	CRL_DIST _POINT_ISS UER_RDN_NA ME = 2;
	2573
	2574	type
	2575	PCRL_DIS T_POINT = ^CRL_DIST_ POINT;
	2576
	2577	CRL_DIST _POINT = r ecord
	2578	DistPo intName: C RL_DIST_PO INT_NAME; // OPTIONA L
	2579	Reason Flags: CRY PT_BIT_BLO B; // OPTI ONAL
	2580	CRLIss uer: CERT_ ALT_NAME_I NFO; // OP TIONAL
	2581	end;
	2582
	2583	const
	2584	CRL_REAS ON_UNUSED_ FLAG = $80 ;
	2585	CRL_REAS ON_KEY_COM PROMISE_FL AG = $40;
	2586	CRL_REAS ON_CA_COMP ROMISE_FLA G = $20;
	2587	CRL_REAS ON_AFFILIA TION_CHANG ED_FLAG = $10;
	2588	CRL_REAS ON_SUPERSE DED_FLAG = $08;
	2589	CRL_REAS ON_CESSATI ON_OF_OPER ATION_FLAG = $04;
	2590	CRL_REAS ON_CERTIFI CATE_HOLD_ FLAG = $02 ;
	2591
	2592	type
	2593	PCRL_DIS T_POINTS_I NFO = ^CRL _DIST_POIN TS_INFO;
	2594
	2595	CRL_DIST _POINTS_IN FO = recor d
	2596	cDistP oint: DWOR D;
	2597	rgDist Point: PCR L_DIST_POI NT;
	2598	end;
	2599
	2600	const
	2601	CRL_DIST _POINT_ERR _INDEX_MAS K = $7F;
	2602	CRL_DIST _POINT_ERR _INDEX_SHI FT = 24;
	2603
	2604	{ #defin e GET_CRL_ DIST_POINT _ERR_INDEX (X) \
	2605	((X >> CRL_DIST_ POINT_ERR_ INDEX_SHIF T) & CRL_D IST_POINT_ ERR_INDEX_ MASK) }
	2606	function G ET_CRL_DIS T_POINT_ER R_INDEX(x: DWORD): D WORD;
	2607
	2608	const
	2609	CRL_DIST _POINT_ERR _CRL_ISSUE R_BIT = (D WORD($8000 0000));
	2610
	2611	{ #defin e IS_CRL_D IST_POINT_ ERR_CRL_IS SUER(X) \
	2612	(0 != (X & CRL_D IST_POINT_ ERR_CRL_IS SUER_BIT)) }
	2613	function I S_CRL_DIST _POINT_ERR _CRL_ISSUE R(x: DWORD ): BOOL;
	2614
	2615	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	2616	// X509_EN HANCED_KEY _USAGE
	2617	// szOID_E NHANCED_KE Y_USAGE
	2618	//
	2619	// pvStruc tInfo poin ts to a CE RT_ENHKEY_ USAGE, CTL _USAGE.
	2620	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	2621
	2622	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	2623	// szOID_N EXT_UPDATE _LOCATION
	2624	//
	2625	// pvStruc tInfo poin ts to a CE RT_ALT_NAM E_INFO.
	2626	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	2627
	2628	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	2629	// PKCS_CT L
	2630	// szOID_C TL
	2631	//
	2632	// pvStruc tInfo poin ts to a CT L_INFO.
	2633	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	2634
	2635	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	2636	// X509_MU LTI_BYTE_U INT
	2637	//
	2638	// pvStruc tInfo poin ts to a CR YPT_UINT_B LOB. Befor e encoding , inserts a
	2639	// leading 0x00. Aft er decodin g, removes a leading 0x00.
	2640	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	2641
	2642	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	2643	// X509_DS S_PUBLICKE Y
	2644	//
	2645	// pvStruc tInfo poin ts to a CR YPT_UINT_B LOB.
	2646	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	2647
	2648	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	2649	// X509_DS S_PARAMETE RS
	2650	//
	2651	// pvStruc tInfo poin ts to foll owing CERT _DSS_PARAM ETERS data structure .
	2652	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	2653
	2654	type
	2655	PCERT_DS S_PARAMETE RS = ^CERT _DSS_PARAM ETERS;
	2656
	2657	CERT_DSS _PARAMETER S = record
	2658	p: CRY PT_UINT_BL OB;
	2659	q: CRY PT_UINT_BL OB;
	2660	g: CRY PT_UINT_BL OB;
	2661	end;
	2662
	2663	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2664	// X509_ DSS_SIGNAT URE
	2665	//
	2666	// pvStr uctInfo is a BYTE rg bSignature [CERT_DSS_ SIGNATURE_ LEN]. The
	2667	// bytes are order ed as outp ut by the DSS CSP's CryptSignH ash().
	2668	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2669
	2670	const
	2671	CERT_DSS _R_LEN = 2 0;
	2672	CERT_DSS _S_LEN = 2 0;
	2673	CERT_DSS _SIGNATURE _LEN = (CE RT_DSS_R_L EN + CERT_ DSS_S_LEN) ;
	2674
	2675	// Seque nce of 2 u nsigned in tegers (th e extra +1 is for a potential leading
	2676	// 0x00 to make th e integer unsigned)
	2677	CERT_MAX _ASN_ENCOD ED_DSS_SIG NATURE_LEN = (2 + 2 * (2 + 20 + 1));
	2678
	2679	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2680	// PKCS_ RC2_CBC_PA RAMETERS
	2681	// szOID _RSA_RC2CB C
	2682	//
	2683	// pvStr uctInfo po ints to fo llowing CR YPT_RC2_CB C_PARAMETE RS data st ructure.
	2684	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2685
	2686	type
	2687	PCRYPT_R C2_CBC_PAR AMETERS = ^CRYPT_RC2 _CBC_PARAM ETERS;
	2688
	2689	CRYPT_RC 2_CBC_PARA METERS = r ecord
	2690	dwVers ion: DWORD ;
	2691	fIV: B OOL; // se t if has f ollowing I V
	2692	rgbIV: array [0 .. 8 - 1] of BYTE;
	2693	end;
	2694
	2695	const
	2696	CRYPT_RC 2_40BIT_VE RSION = 16 0;
	2697	CRYPT_RC 2_64BIT_VE RSION = 12 0;
	2698	CRYPT_RC 2_128BIT_V ERSION = 5 8;
	2699
	2700
	2701	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2702	// PKCS_ SMIME_CAPA BILITIES
	2703	// szOID _RSA_SMIME Capabiliti es
	2704	//
	2705	// pvStr uctInfo po ints to fo llowing CR YPT_SMIME_ CAPABILITI ES data st ructure.
	2706	//
	2707	// Note, for Crypt EncodeObje ct(X509_AS N_ENCODING ), Paramet ers.cbData == 0
	2708	// cause s the enco ded parame ters to be omitted a nd not enc oded as a NULL
	2709	// (05 0 0) as is d one when e ncoding a CRYPT_ALGO RITHM_IDEN TIFIER. Th is
	2710	// is pe r the SMIM E specific ation for encoding c apabilitie s.
	2711	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2712
	2713	type
	2714	PCRYPT_S MIME_CAPAB ILITY = ^C RYPT_SMIME _CAPABILIT Y;
	2715
	2716	CRYPT_SM IME_CAPABI LITY = rec ord
	2717	pszObj Id: LPSTR;
	2718	Parame ters: CRYP T_OBJID_BL OB;
	2719	end;
	2720
	2721	type
	2722	PCRYPT_S MIME_CAPAB ILITIES = ^CRYPT_SMI ME_CAPABIL ITIES;
	2723
	2724	CRYPT_SM IME_CAPABI LITIES = r ecord
	2725	cCapab ility: DWO RD;
	2726	rgCapa bility: PC RYPT_SMIME _CAPABILIT Y;
	2727	end;
	2728
	2729
	2730	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2731	// PKCS7 _SIGNER_IN FO
	2732	//
	2733	// pvStr uctInfo po ints to CM SG_SIGNER_ INFO.
	2734	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2735
	2736
	2737	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2738	// Netsc ape Certif icate Exte nsion Obje ct Identif iers
	2739	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2740
	2741	const
	2742	szOID_NE TSCAPE = ' 2.16.840.1 .113730';
	2743	szOID_NE TSCAPE_CER T_EXTENSIO N = '2.16. 840.1.1137 30.1';
	2744	szOID_NE TSCAPE_CER T_TYPE = ' 2.16.840.1 .113730.1. 1';
	2745	szOID_NE TSCAPE_BAS E_URL = '2 .16.840.1. 113730.1.2 ';
	2746	szOID_NE TSCAPE_REV OCATION_UR L = '2.16. 840.1.1137 30.1.3';
	2747	szOID_NE TSCAPE_CA_ REVOCATION _URL = '2. 16.840.1.1 13730.1.4' ;
	2748	szOID_NE TSCAPE_CER T_RENEWAL_ URL = '2.1 6.840.1.11 3730.1.7';
	2749	szOID_NE TSCAPE_CA_ POLICY_URL = '2.16.8 40.1.11373 0.1.8';
	2750	szOID_NE TSCAPE_SSL _SERVER_NA ME = '2.16 .840.1.113 730.1.12';
	2751	szOID_NE TSCAPE_COM MENT = '2. 16.840.1.1 13730.1.13 ';
	2752
	2753	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2754	// Netsc ape Certif icate Data Type Obje ct Identif iers
	2755	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2756
	2757	const
	2758	szOID_NE TSCAPE_DAT A_TYPE = ' 2.16.840.1 .113730.2' ;
	2759	szOID_NE TSCAPE_CER T_SEQUENCE = '2.16.8 40.1.11373 0.2.5';
	2760
	2761	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2762	// szOID _NETSCAPE_ CERT_TYPE extension
	2763	//
	2764	// Its v alue is a bit string . CryptDec odeObject/ CryptEncod eObject us ing
	2765	// X509_ BITS.
	2766	//
	2767	// The f ollowing b its are de fined:
	2768	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2769
	2770	const
	2771	NETSCAPE _SSL_CLIEN T_AUTH_CER T_TYPE = $ 80;
	2772	NETSCAPE _SSL_SERVE R_AUTH_CER T_TYPE = $ 40;
	2773	NETSCAPE _SSL_CA_CE RT_TYPE = $04;
	2774
	2775	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2776	// szOID _NETSCAPE_ BASE_URL e xtension
	2777	//
	2778	// Its v alue is an IA5_STRIN G. CryptDe codeObject /CryptEnco deObject u sing
	2779	// X509_ ANY_STRING or X509_U NICODE_ANY _STRING, w here,
	2780	// dwVal ueType = C ERT_RDN_IA 5_STRING.
	2781	//
	2782	// When present th is string is added t o the begi nning of a ll relativ e URLs
	2783	// in th e certific ate. This extension can be co nsidered a n optimiza tion
	2784	// to re duce the s ize of the URL exten sions.
	2785	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2786
	2787	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2788	// szOID _NETSCAPE_ REVOCATION _URL exten sion
	2789	//
	2790	// Its v alue is an IA5_STRIN G. CryptDe codeObject /CryptEnco deObject u sing
	2791	// X509_ ANY_STRING or X509_U NICODE_ANY _STRING, w here,
	2792	// dwVal ueType = C ERT_RDN_IA 5_STRING.
	2793	//
	2794	// It is a relativ e or absol ute URL th at can be used to ch eck the
	2795	// revoc ation stat us of a ce rtificate. The revoc ation chec k will be
	2796	// perfo rmed as an HTTP GET method usi ng a url t hat is the concatena tion of
	2797	// revoc ation-url and certif icate-seri al-number.
	2798	// Where the certi ficate-ser ial-number is encode d as a str ing of
	2799	// ascii hexadecim al digits. For examp le, if the netscape- base-url i s
	2800	// https ://www.cer ts-r-us.co m/, the ne tscape-rev ocation-ur l is
	2801	// cgi-b in/check-r ev.cgi?, a nd the cer tificate s erial numb er is 1734 20,
	2802	// the r esulting U RL would b e:
	2803	// https ://www.cer ts-r-us.co m/cgi-bin/ check-rev. cgi?02a56c
	2804	//
	2805	// The s erver shou ld return a document with a Co ntent-Type of
	2806	// appli cation/x-n etscape-re vocation. The docum ent should contain
	2807	// a sin gle ascii digit, '1' if the ce rtificate is not cur ently vali d,
	2808	// and ' 0' if it i s curently valid.
	2809	//
	2810	// Note: for all o f the URLs that incl ude the ce rtificate serial num ber,
	2811	// the s erial numb er will be encoded a s a string which con sists of a n even
	2812	// numbe r of hexad ecimal dig its. If t he number of signifi cant digit s is odd,
	2813	// the s tring will have a si ngle leadi ng zero to ensure an even numb er of
	2814	// digit s is gener ated.
	2815	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2816
	2817	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2818	// szOID _NETSCAPE_ CA_REVOCAT ION_URL ex tension
	2819	//
	2820	// Its v alue is an IA5_STRIN G. CryptDe codeObject /CryptEnco deObject u sing
	2821	// X509_ ANY_STRING or X509_U NICODE_ANY _STRING, w here,
	2822	// dwVal ueType = C ERT_RDN_IA 5_STRING.
	2823	//
	2824	// It is a relativ e or absol ute URL th at can be used to ch eck the
	2825	// revoc ation stat us of any certificat es that ar e signed b y the CA t hat
	2826	// this certificat e belongs to. This e xtension i s only val id in CA
	2827	// certi ficates. The use of this exte nsion is t he same as the above
	2828	// szOID _NETSCAPE_ REVOCATION _URL exten sion.
	2829	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2830
	2831	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2832	// szOID _NETSCAPE_ CERT_RENEW AL_URL ext ension
	2833	//
	2834	// Its v alue is an IA5_STRIN G. CryptDe codeObject /CryptEnco deObject u sing
	2835	// X509_ ANY_STRING or X509_U NICODE_ANY _STRING, w here,
	2836	// dwVal ueType = C ERT_RDN_IA 5_STRING.
	2837	//
	2838	// It is a relativ e or absol ute URL th at points to a certi ficate ren ewal
	2839	// form. The renew al form wi ll be acce ssed with an HTTP GE T method u sing a
	2840	// url t hat is the concatena tion of re newal-url and
	2841	// certi ficate-ser ial-number . Where th e certific ate-serial -number is
	2842	// encod ed as a st ring of as cii hexade cimal digi ts. For ex ample, if the
	2843	// netsc ape-base-u rl is http s://www.ce rts-r-us.c om/, the
	2844	// netsc ape-cert-r enewal-url is cgi-bi n/check-re new.cgi?, and the
	2845	// certi ficate ser ial number is 173420 , the resu lting URL would be:
	2846	// https ://www.cer ts-r-us.co m/cgi-bin/ check-rene w.cgi?02a5 6c
	2847	// The d ocument re turned sho uld be an HTML form that will allow the user
	2848	// to re quest a re newal of t heir certi ficate.
	2849	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2850
	2851	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2852	// szOID _NETSCAPE_ CA_POLICY_ URL extens ion
	2853	//
	2854	// Its v alue is an IA5_STRIN G. CryptDe codeObject /CryptEnco deObject u sing
	2855	// X509_ ANY_STRING or X509_U NICODE_ANY _STRING, w here,
	2856	// dwVal ueType = C ERT_RDN_IA 5_STRING.
	2857	//
	2858	// It is a relativ e or absol ute URL th at points to a web p age that
	2859	// descr ibes the p olicies un der which the certif icate was issued.
	2860	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2861
	2862	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2863	// szOID _NETSCAPE_ SSL_SERVER _NAME exte nsion
	2864	//
	2865	// Its v alue is an IA5_STRIN G. CryptDe codeObject /CryptEnco deObject u sing
	2866	// X509_ ANY_STRING or X509_U NICODE_ANY _STRING, w here,
	2867	// dwVal ueType = C ERT_RDN_IA 5_STRING.
	2868	//
	2869	// It is a "shell expression " that can be used t o match th e hostname of the
	2870	// SSL s erver that is using this certi ficate. I t is recom mended tha t if
	2871	// the s erver's ho stname doe s not matc h this pat tern the u ser be not ified
	2872	// and g iven the o ption to t erminate t he SSL con nection. If this ex tension
	2873	// is no t present then the C ommonName in the cer tificate s ubject's
	2874	// disti nguished n ame is use d for the same purpo se.
	2875	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2876
	2877	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2878	// szOID _NETSCAPE_ COMMENT ex tension
	2879	//
	2880	// Its v alue is an IA5_STRIN G. CryptDe codeObject /CryptEnco deObject u sing
	2881	// X509_ ANY_STRING or X509_U NICODE_ANY _STRING, w here,
	2882	// dwVal ueType = C ERT_RDN_IA 5_STRING.
	2883	//
	2884	// It is a comment that may be display ed to the user when the certif icate
	2885	// is vi ewed.
	2886	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2887
	2888	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2889	// szOID _NETSCAPE_ CERT_SEQUE NCE
	2890	//
	2891	// Its v alue is a PKCS#7 Con tentInfo s tructure w rapping a sequence o f
	2892	// certi ficates. T he value o f the cont entType fi eld is
	2893	// szOID _NETSCAPE_ CERT_SEQUE NCE, while the conte nt field i s the foll owing
	2894	// struc ture:
	2895	// Certi ficateSequ ence ::= S EQUENCE OF Certifica te.
	2896	//
	2897	// Crypt DecodeObje ct/CryptEn codeObject using
	2898	// PKCS_ CONTENT_IN FO_SEQUENC E_OF_ANY, where,
	2899	// pszOb jId = szOI D_NETSCAPE _CERT_SEQU ENCE and t he CRYPT_D ER_BLOBs p oint
	2900	// to en coded X509 certifica tes.
	2901	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2902
	2903
	2904	// +==== ========== ========== ========== ========== ========== ========== =========
	2905	// Objec t IDentifi er (OID) I nstallable Functions : Data St ructures a nd APIs
	2906	// ===== ========== ========== ========== ========== ========== ========== =========
	2907
	2908	type
	2909	HCRYPTOI DFUNCSET = procedure ;
	2910	HCRYPTOI DFUNCADDR = procedur e;
	2911
	2912	// Prede fined OID Function N ames
	2913	const
	2914	CRYPT_OI D_ENCODE_O BJECT_FUNC = 'CryptD llEncodeOb ject';
	2915	CRYPT_OI D_DECODE_O BJECT_FUNC = 'CryptD llDecodeOb ject';
	2916	CRYPT_OI D_CREATE_C OM_OBJECT_ FUNC = 'Cr yptDllCrea teCOMObjec t';
	2917	CRYPT_OI D_VERIFY_R EVOCATION_ FUNC = 'Ce rtDllVerif yRevocatio n';
	2918	CRYPT_OI D_VERIFY_C TL_USAGE_F UNC = 'Cer tDllVerify CTLUsage';
	2919	CRYPT_OI D_FORMAT_O BJECT_FUNC = 'CryptD llFormatOb ject';
	2920	CRYPT_OI D_FIND_OID _INFO_FUNC = 'CryptD llFindOIDI nfo';
	2921
	2922	// Crypt DllEncodeO bject has same funct ion signat ure as Cry ptEncodeOb ject.
	2923
	2924	// Crypt DllDecodeO bject has same funct ion signat ure as Cry ptDecodeOb ject.
	2925
	2926	// Crypt DllCreateC OMObject h as the fol lowing sig nature:
	2927	// BOOL WINAPI Cry ptDllCreat eCOMObject (
	2928	// IN DW ORD dwEnco dingType,
	2929	// IN LP CSTR pszOI D,
	2930	// IN PC RYPT_DATA_ BLOB pEnco dedContent ,
	2931	// IN DW ORD dwFlag s,
	2932	// IN RE FIID riid,
	2933	// OUT v oid **ppvO bj);
	2934
	2935	// CertD llVerifyRe vocation h as the sam e signatur e as CertV erifyRevoc ation
	2936	// (See CertVerify Revocation for detai ls on when called)
	2937
	2938	// CertD llVerifyCT LUsage has the same signature as CertVer ifyCTLUsag e
	2939
	2940	// Crypt DllFindOID Info curre ntly is on ly used to store val ues used b y
	2941	// Crypt FindOIDInf o. See Cry ptFindOIDI nfo() for more detai ls.
	2942
	2943	// Examp le of a co mplete OID Function Registry N ame:
	2944	// HKEY_ LOCAL_MACH INE\Softwa re\Microso ft\Cryptog raphy\OID
	2945	// Encod ing Type 1 \CryptDllE ncodeObjec t\1.2.3
	2946	//
	2947	// The k ey's L"Dll " value co ntains the name of t he Dll.
	2948	// The k ey's L"Fun cName" val ue overrid es the def ault funct ion name
	2949
	2950	const
	2951	CRYPT_OI D_REGPATH = 'Softwar e\\Microso ft\\Crypto graphy\\OI D';
	2952	CRYPT_OI D_REG_ENCO DING_TYPE_ PREFIX = ' EncodingTy pe ';
	2953	{$IFNDEF V ER90}
	2954	CRYPT_OI D_REG_DLL_ VALUE_NAME = WideStr ing('Dll') ;
	2955	CRYPT_OI D_REG_FUNC _NAME_VALU E_NAME = W ideString( 'FuncName' );
	2956	{$ELSE}
	2957	CRYPT_OI D_REG_DLL_ VALUE_NAME = ('Dll') ;
	2958	CRYPT_OI D_REG_FUNC _NAME_VALU E_NAME = ( 'FuncName' );
	2959	{$ENDIF}
	2960	CRYPT_OI D_REG_FUNC _NAME_VALU E_NAME_A = 'FuncName ';
	2961
	2962	// OID u sed for De fault OID functions
	2963	CRYPT_DE FAULT_OID = 'DEFAULT ';
	2964
	2965	type
	2966	PCRYPT_O ID_FUNC_EN TRY = ^CRY PT_OID_FUN C_ENTRY;
	2967
	2968	CRYPT_OI D_FUNC_ENT RY = recor d
	2969	pszOID : LPCSTR;
	2970	pvFunc Addr: PVOI D;
	2971	end;
	2972
	2973	const
	2974	CRYPT_IN STALL_OID_ FUNC_BEFOR E_FLAG = 1 ;
	2975
	2976	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2977	// Insta ll a set o f callable OID funct ion addres ses.
	2978	//
	2979	// By de fault the functions are instal led at end of the li st.
	2980	// Set C RYPT_INSTA LL_OID_FUN C_BEFORE_F LAG to ins tall at be ginning of list.
	2981	//
	2982	// hModu le should be updated with the hModule pa ssed to Dl lMain to p revent
	2983	// the D ll contain ing the fu nction add resses fro m being un loaded by
	2984	// Crypt GetOIDFunc Address/Cr yptFreeOID FunctionAd dress. Thi s would be the
	2985	// case when the D ll has als o regsvr32 'ed OID fu nctions vi a
	2986	// Crypt RegisterOI DFunction.
	2987	//
	2988	// DEFAU LT functio ns are ins talled by setting rg FuncEntry[ ].pszOID =
	2989	// CRYPT _DEFAULT_O ID.
	2990	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	2991
	2992	function C ryptInstal lOIDFuncti onAddress( hModule: h Module; // hModule p assed to D llMain
	2993	dwEncodi ngType: DW ORD;
	2994	pszFuncN ame: LPCST R;
	2995	cFuncEnt ry: DWORD;
	2996	const rg FuncEntry: array of CRYPT_OID_ FUNC_ENTRY ;
	2997	dwFlags: DWORD): B OOL; stdca ll;
	2998
	2999	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	3000	// Initial ize and re turn handl e to the O ID functio n set iden tified by its
	3001	// functio n name.
	3002	//
	3003	// If the set alread y exists, a handle t o the exis ting set i s returned .
	3004	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	3005
	3006	function C ryptInitOI DFunctionS et(pszFunc Name: LPCS TR;
	3007	dwFlags: DWORD): H CRYPTOIDFU NCSET; std call;
	3008	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	3009	// Search the list o f installe d function s for an e ncoding ty pe and OID match.
	3010	// If not found, sea rch the re gistry.
	3011	//
	3012	// For suc cess, retu rns TRUE w ith *ppvFu ncAddr upd ated with the functi on's
	3013	// address and *phFu ncAddr upd ated with the functi on address 's handle.
	3014	// The fun ction's ha ndle is Ad dRef'ed. C ryptFreeOI DFunctionA ddress nee ds to
	3015	// be call ed to rele ase it.
	3016	//
	3017	// For a r egistry ma tch, the D ll contain ing the fu nction is loaded.
	3018	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	3019
	3020	function C ryptGetOID FunctionAd dress(hFun cSet: HCRY PTOIDFUNCS ET;
	3021	dwEncodi ngType: DW ORD;
	3022	pszOID: LPCSTR;
	3023	dwFlags: DWORD;
	3024	var ppvF uncAddr: a rray of PV OID;
	3025	var phFu ncAddr: HC RYPTOIDFUN CADDR): BO OL; stdcal l;
	3026
	3027	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	3028	// Get the list of r egistered default Dl l entries for the sp ecified
	3029	// functio n set and encoding t ype.
	3030	//
	3031	// The ret urned list consists of none, o ne or more null term inated Dll file
	3032	// names. The list i s terminat ed with an empty (L" \0") Dll f ile name.
	3033	// For exa mple: L"fi rst.dll" L "\0" L"sec ond.dll" L "\0" L"\0"
	3034	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	3035
	3036	function C ryptGetDef aultOIDDll List(hFunc Set: HCRYP TOIDFUNCSE T;
	3037	dwEncodi ngType: DW ORD;
	3038	pwszDllL ist: LPWST R;
	3039	pcchDllL ist: PDWOR D): BOOL; stdcall;
	3040
	3041	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	3042	// Either: get the f irst or ne xt install ed DEFAULT function OR
	3043	// load th e Dll cont aining the DEFAULT f unction.
	3044	//
	3045	// If pwsz Dll is NUL L, search the list o f installe d DEFAULT functions.
	3046	// *phFunc Addr must be set to NULL to ge t the firs t installe d function .
	3047	// Success ive instal led functi ons are re turned by setting *p hFuncAddr
	3048	// to the hFuncAddr returned b y the prev ious call.
	3049	//
	3050	// If pwsz Dll is NUL L, the inp ut *phFunc Addr
	3051	// is alwa ys CryptFr eeOIDFunct ionAddress 'ed by thi s function , even for
	3052	// an erro r.
	3053	//
	3054	// If pwsz Dll isn't NULL, then , attempts to load t he Dll and the DEFAU LT
	3055	// functio n. *phFunc Addr is ig nored upon entry and isn't
	3056	// CryptFr eeOIDFunct ionAddress 'ed.
	3057	//
	3058	// For suc cess, retu rns TRUE w ith *ppvFu ncAddr upd ated with the functi on's
	3059	// address and *phFu ncAddr upd ated with the functi on address 's handle.
	3060	// The fun ction's ha ndle is Ad dRef'ed. C ryptFreeOI DFunctionA ddress nee ds to
	3061	// be call ed to rele ase it or CryptGetDe faultOIDFu nctionAddr ess can al so
	3062	// be call ed for a N ULL pwszDl l.
	3063	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	3064
	3065	function C ryptGetDef aultOIDFun ctionAddre ss(hFuncSe t: HCRYPTO IDFUNCSET;
	3066	dwEncodi ngType: DW ORD;
	3067	pwszDll: DWORD;
	3068	dwFlags: LPCWSTR;
	3069	var ppvF uncAddr: a rray of PV OID;
	3070	var phFu ncAddr: HC RYPTOIDFUN CADDR): BO OL; stdcal l;
	3071
	3072	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	3073	// Release s the hand le AddRef' ed and ret urned by C ryptGetOID FunctionAd dress
	3074	// or Cryp tGetDefaul tOIDFuncti onAddress.
	3075	//
	3076	// If a Dl l was load ed for the function its unload ed. Howeve r, before doing
	3077	// the unl oad, the D llCanUnloa dNow funct ion export ed by the loaded Dll is
	3078	// called. It should return S_ FALSE to i nhibit the unload or S_TRUE to enable
	3079	// the unl oad. If th e Dll does n't export DllCanUnl oadNow, th e Dll is u nloaded.
	3080	//
	3081	// DllCanU nloadNow h as the fol lowing sig nature:
	3082	// STDAPI DllCanUnl oadNow(voi d);
	3083	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	3084
	3085	function C ryptFreeOI DFunctionA ddress(hFu ncAddr: HC RYPTOIDFUN CADDR;
	3086	dwFlags: DWORD): B OOL; stdca ll;
	3087
	3088	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	3089	// Registe r the Dll containing the funct ion to be called for the speci fied
	3090	// encodin g type, fu nction nam e and OID.
	3091	//
	3092	// pwszDll may conta in environ ment-varia ble string s
	3093	// which a re ExpandE nvironment Strings()' ed before loading th e Dll.
	3094	//
	3095	// In addi tion to re gistering the DLL, y ou may ove rride the
	3096	// name of the funct ion to be called. Fo r example,
	3097	// pszFunc Name = "Cr yptDllEnco deObject",
	3098	// pszOver rideFuncNa me = "MyEn codeXyz".
	3099	// This al lows a Dll to export multiple OID functi ons for th e same
	3100	// functio n name wit hout needi ng to inte rpose its own OID di spatcher f unction.
	3101	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	3102
	3103	function C ryptRegist erOIDFunct ion(dwEnco dingType: DWORD;
	3104	pszFuncN ame: LPCST R;
	3105	pszOID: LPCSTR; // OPTIONAL
	3106	pwszDll: LPCWSTR; // OPTIONA L
	3107	pszOverr ideFuncNam e: LPCSTR) : BOOL; st dcall;
	3108
	3109	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	3110	// Unregis ter the Dl l containi ng the fun ction to b e called f or the spe cified
	3111	// encodin g type, fu nction nam e and OID.
	3112	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	3113
	3114	function C ryptUnregi sterOIDFun ction(dwEn codingType : DWORD;
	3115	pszFuncN ame: LPCST R;
	3116	pszOID: LPCSTR): B OOL; stdca ll;
	3117
	3118	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	3119	// Registe r the Dll containing the defau lt functio n to be ca lled for t he
	3120	// specifi ed encodin g type and function name.
	3121	//
	3122	// Unlike CryptRegis terOIDFunc tion, you can't over ride the f unction na me
	3123	// needing to be exp orted by t he Dll.
	3124	//
	3125	// The Dll is insert ed before the entry specified by dwIndex .
	3126	// dwIndex == 0, ins erts at th e beginnin g.
	3127	// dwIndex == CRYPT_ REGISTER_L AST_INDEX, appends a t the end.
	3128	//
	3129	// pwszDll may conta in environ ment-varia ble string s
	3130	// which a re ExpandE nvironment Strings()' ed before loading th e Dll.
	3131	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	3132
	3133	function C ryptRegist erDefaultO IDFunction (dwEncodin gType: DWO RD;
	3134	pszFuncN ame: LPCST R;
	3135	dwIndex: DWORD;
	3136	pwszDll: LPCWSTR): BOOL; std call;
	3137
	3138	const
	3139	CRYPT_RE GISTER_FIR ST_INDEX = 0;
	3140	CRYPT_RE GISTER_LAS T_INDEX = $FFFFFFFF;
	3141
	3142	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	3143	// Unreg ister the Dll contai ning the d efault fun ction to b e called f or
	3144	// the s pecified e ncoding ty pe and fun ction name .
	3145	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	3146
	3147	function C ryptUnregi sterDefaul tOIDFuncti on(dwEncod ingType: D WORD;
	3148	pszFuncN ame: LPCST R;
	3149	pwszDll: LPCWSTR): BOOL; std call;
	3150
	3151	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	3152	// Set the value for the speci fied encod ing type, function n ame, OID a nd
	3153	// value n ame.
	3154	//
	3155	// See Reg SetValueEx for the p ossible va lue types.
	3156	//
	3157	// String types are UNICODE.
	3158	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	3159
	3160	function C ryptSetOID FunctionVa lue(dwEnco dingType: DWORD;
	3161	pszFuncN ame: LPCST R;
	3162	pszOID: LPCSTR;
	3163	pwszValu eName: LPC WSTR;
	3164	dwValueT ype: DWORD ;
	3165	const pb ValueData: PBYTE;
	3166	cbValueD ata: DWORD ): BOOL; s tdcall;
	3167
	3168	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	3169	// Get the value for the speci fied encod ing type, function n ame, OID a nd
	3170	// value n ame.
	3171	//
	3172	// See Reg EnumValue for the po ssible val ue types.
	3173	//
	3174	// String types are UNICODE.
	3175	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	3176
	3177	function C ryptGetOID FunctionVa lue(dwEnco dingType: DWORD;
	3178	pszFuncN ame: LPCST R;
	3179	pwszValu eName: LPC STR;
	3180	pszOID: LPCWSTR;
	3181	pdwValue Type: PDWO RD;
	3182	pbValueD ata: PBYTE ;
	3183	pcbValue Data: PDWO RD): BOOL; stdcall;
	3184
	3185	type
	3186	PFN_CRYP T_ENUM_OID _FUNC = fu nction(dwE ncodingTyp e: DWORD;
	3187	pszFun cName: LPC STR;
	3188	pszOID : LPCSTR;
	3189	cValue : DWORD;
	3190	const rgdwValueT ype: array of DWORD;
	3191	const rgpwszValu eName: arr ay of LPCW STR;
	3192	const rgpbValueD ata: array of PBYTE;
	3193	const rgcbValueD ata: array of DWORD;
	3194	pvArg: PVOID): B OOL; stdca ll;
	3195
	3196	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	3197	// Enume rate the O ID functio ns identif ied by the ir encodin g type,
	3198	// funct ion name a nd OID.
	3199	//
	3200	// pfnEn umOIDFunc is called for each r egistry ke y matching the input
	3201	// param eters. Set ting dwEnc odingType to CRYPT_M ATCH_ANY_E NCODING_TY PE matches
	3202	// any. Setting ps zFuncName or pszOID to NULL ma tches any.
	3203	//
	3204	// Set p szOID == C RYPT_DEFAU LT_OID to restrict t he enumera tion to on ly the
	3205	// DEFAU LT functio ns
	3206	//
	3207	// Strin g types ar e UNICODE.
	3208	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	3209
	3210	function C ryptEnumOI DFunction( dwEncoding Type: DWOR D;
	3211	pszFuncN ame: LPCST R; // OPTI ONAL
	3212	pszOID: LPCSTR; // OPTIONAL
	3213	dwFlags: DWORD;
	3214	pvArg: P VOID;
	3215	pfnEnumO IDFunc: PF N_CRYPT_EN UM_OID_FUN C): BOOL; stdcall;
	3216
	3217	const
	3218	CRYPT_MA TCH_ANY_EN CODING_TYP E = $FFFFF FFF;
	3219
	3220	// +==== ========== ========== ========== ========== ========== ========== =========
	3221	// Objec t IDentifi er (OID) I nformation : Data St ructures a nd APIs
	3222	// ===== ========== ========== ========== ========== ========== ========== =========
	3223
	3224	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	3225	// OID I nformation
	3226	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	3227
	3228	type
	3229	PCRYPT_O ID_INFO = ^CRYPT_OID _INFO;
	3230
	3231	CRYPT_OI D_INFO = r ecord
	3232	cbSize : DWORD;
	3233	pszOID : LPCSTR;
	3234	pwszNa me: LPCWST R;
	3235	dwGrou pId: DWORD ;
	3236	EnumVa lue: recor d { type E numValue f or the uni on part of the origi nal struct --max-- }
	3237	case integer o f
	3238	0: ( dwValue: D WORD);
	3239	1: (Al gid: ALG_I D);
	3240	2: (dw Length: DW ORD);
	3241	end;
	3242
	3243	ExtraInfo:
	3244	CRYPT_DATA _BLOB;
	3245	end;
	3246
	3247	type
	3248	CCRYPT_O ID_INFO = CRYPT_OID_ INFO;
	3249	PCCRYPT_ OID_INFO = ^CCRYPT_O ID_INFO;
	3250
	3251	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	3252	// OID G roup IDs
	3253	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	3254
	3255	const
	3256	CRYPT_HA SH_ALG_OID _GROUP_ID = 1;
	3257	CRYPT_EN CRYPT_ALG_ OID_GROUP_ ID = 2;
	3258	CRYPT_PU BKEY_ALG_O ID_GROUP_I D = 3;
	3259	CRYPT_SI GN_ALG_OID _GROUP_ID = 4;
	3260	CRYPT_RD N_ATTR_OID _GROUP_ID = 5;
	3261	CRYPT_EX T_OR_ATTR_ OID_GROUP_ ID = 6;
	3262	CRYPT_EN HKEY_USAGE _OID_GROUP _ID = 7;
	3263	CRYPT_PO LICY_OID_G ROUP_ID = 8;
	3264	CRYPT_LA ST_OID_GRO UP_ID = 8;
	3265
	3266	CRYPT_FI RST_ALG_OI D_GROUP_ID = CRYPT_H ASH_ALG_OI D_GROUP_ID ;
	3267	CRYPT_LA ST_ALG_OID _GROUP_ID = CRYPT_SI GN_ALG_OID _GROUP_ID;
	3268
	3269
	3270	// The C RYPT_*_ALG _OID_GROUP _ID's have an Algid. The CRYPT _RDN_ATTR_ OID_GROUP_ ID
	3271	// has a dwLength. The CRYPT _EXT_OR_AT TR_OID_GRO UP_ID,
	3272	// CRYPT _ENHKEY_US AGE_OID_GR OUP_ID or CRYPT_POLI CY_OID_GRO UP_ID don' t have a
	3273	// dwVal ue.
	3274
	3275	// CRYPT _PUBKEY_AL G_OID_GROU P_ID has t he followi ng optiona l ExtraInf o:
	3276	// DWORD [0] - Flag s. CRYPT_O ID_INHIBIT _SIGNATURE _FORMAT_FL AG can be set to
	3277	// inhib it the ref ormatting of the sig nature bef ore
	3278	// Crypt VerifySign ature is c alled or a fter Crypt SignHash
	3279	// is ca lled. CRYP T_OID_USE_ PUBKEY_PAR A_FOR_PKCS 7_FLAG can
	3280	// be se t to inclu de the pub lic key al gorithm's parameters
	3281	// in th e PKCS7's digestEncr yptionAlgo rithm's pa rameters.
	3282
	3283	CRYPT_OI D_INHIBIT_ SIGNATURE_ FORMAT_FLA G = $1;
	3284	CRYPT_OI D_USE_PUBK EY_PARA_FO R_PKCS7_FL AG = $2;
	3285
	3286	// CRYPT _SIGN_ALG_ OID_GROUP_ ID has the following optional ExtraInfo:
	3287	// DWORD [0] - Publ ic Key Alg id.
	3288	// DWORD [1] - Flag s. Same as above for CRYPT_PUB KEY_ALG_OI D_GROUP_ID .
	3289
	3290	// CRYPT _RDN_ATTR_ OID_GROUP_ ID has the following optional ExtraInfo:
	3291	// Array of DWORDs :
	3292	// [0 .. ] - Null t erminated list of ac ceptable R DN attribu te
	3293	// value types. An empty lis t implies CERT_RDN_P RINTABLE_S TRING,
	3294	// CERT_ RDN_T61_ST RING, 0.
	3295
	3296	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	3297	// Find OID inform ation. Ret urns NULL if unable to find an y informat ion
	3298	// for t he specifi ed key and group. No te, return s a pointe r to a con stant
	3299	// data structure. The retur ned pointe r MUST NOT be freed.
	3300	//
	3301	// dwKey Type's:
	3302	// CRYPT _OID_INFO_ OID_KEY, p vKey point s to a szO ID
	3303	// CRYPT _OID_INFO_ NAME_KEY, pvKey poin ts to a ws zName
	3304	// CRYPT _OID_INFO_ ALGID_KEY, pvKey poi nts to an ALG_ID
	3305	// CRYPT _OID_INFO_ SIGN_KEY, pvKey poin ts to an a rray of tw o ALG_ID's :
	3306	// ALG_I D[0] - Has h Algid
	3307	// ALG_I D[1] - Pub Key Algid
	3308	//
	3309	// Setti ng dwGroup Id to 0, s earches al l groups a ccording t o the dwKe yType.
	3310	// Other wise, only the dwGro upId is se arched.
	3311	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	3312
	3313	function C ryptFindOI DInfo(dwKe yType: DWO RD;
	3314	pvKey: P VOID;
	3315	dwGroupI d: DWORD): PCCRYPT_O ID_INFO; s tdcall;
	3316
	3317	const
	3318	CRYPT_OI D_INFO_OID _KEY = 1;
	3319	CRYPT_OI D_INFO_NAM E_KEY = 2;
	3320	CRYPT_OI D_INFO_ALG ID_KEY = 3 ;
	3321	CRYPT_OI D_INFO_SIG N_KEY = 4;
	3322
	3323	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	3324	// Regis ter OID in formation. The OID i nformation specified in the
	3325	// CCRYP T_OID_INFO structure is persis ted to the registry.
	3326	//
	3327	// crypt 32.dll con tains info rmation fo r the comm only known OIDs. Thi s function
	3328	// allow s applicat ions to au gment cryp t32.dll's OID inform ation. Dur ing
	3329	// Crypt FindOIDInf o's first call, the registered OID infor mation is installed.
	3330	//
	3331	// By de fault the registered OID infor mation is installed after cryp t32.dll's
	3332	// OID e ntries. Se t CRYPT_IN STALL_OID_ INFO_BEFOR E_FLAG to install be fore.
	3333	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	3334
	3335	function CryptRegi sterOIDInf o(pInfo: P CCRYPT_OID _INFO;
	3336	dwFlag s: DWORD): BOOL; std call;
	3337
	3338	const
	3339	CRYPT_ INSTALL_OI D_INFO_BEF ORE_FLAG = 1;
	3340
	3341	// +-- ---------- ---------- ---------- ---------- ---------- ---------- ---------- -
	3342	// Unr egister OI D informat ion. Only the pszOID and dwGro upId field s are
	3343	// use d to ident ify the OI D informat ion to be unregister ed.
	3344	// --- ---------- ---------- ---------- ---------- ---------- ---------- ---------- -
	3345
	3346	functi on CryptUn registerOI DInfo(pInf o: PCCRYPT _OID_INFO) : BOOL; st dcall;
	3347
	3348	// +== ========== ========== ========== ========== ========== ========== ========== =
	3349	// Low Level Cry ptographic Message D ata Struct ures and A PIs
	3350	// === ========== ========== ========== ========== ========== ========== ========== =
	3351
	3352	type
	3353	HCRY PTMSG = Po inter;
	3354
	3355	const
	3356	szOI D_PKCS_7_D ATA = '1.2 .840.11354 9.1.7.1';
	3357	szOI D_PKCS_7_S IGNED = '1 .2.840.113 549.1.7.2' ;
	3358	szOI D_PKCS_7_E NVELOPED = '1.2.840. 113549.1.7 .3';
	3359	szOI D_PKCS_7_S IGNEDANDEN VELOPED = '1.2.840.1 13549.1.7. 4';
	3360	szOI D_PKCS_7_D IGESTED = '1.2.840.1 13549.1.7. 5';
	3361	szOI D_PKCS_7_E NCRYPTED = '1.2.840. 113549.1.7 .6';
	3362
	3363	szOI D_PKCS_9_C ONTENT_TYP E = '1.2.8 40.113549. 1.9.3';
	3364	szOI D_PKCS_9_M ESSAGE_DIG EST = '1.2 .840.11354 9.1.9.4';
	3365
	3366	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	3367	// M essage typ es
	3368	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	3369
	3370	const
	3371	CMSG _DATA = 1;
	3372	CMSG _SIGNED = 2;
	3373	CMSG _ENVELOPED = 3;
	3374	CMSG _SIGNED_AN D_ENVELOPE D = 4;
	3375	CMSG _HASHED = 5;
	3376	CMSG _ENCRYPTED = 6;
	3377
	3378	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	3379	// M essage Typ e Bit Flag s
	3380	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	3381
	3382	CMSG _ALL_FLAGS = (not UL ONG(0));
	3383	CMSG _DATA_FLAG = (1 shl CMSG_DATA) ;
	3384	CMSG _SIGNED_FL AG = (1 sh l CMSG_SIG NED);
	3385	CMSG _ENVELOPED _FLAG = (1 shl CMSG_ ENVELOPED) ;
	3386	CMSG _SIGNED_AN D_ENVELOPE D_FLAG = ( 1 shl CMSG _SIGNED_AN D_ENVELOPE D);
	3387	CMSG _HASHED_FL AG = (1 sh l CMSG_HAS HED);
	3388	CMSG _ENCRYPTED _FLAG = (1 shl CMSG_ ENCRYPTED) ;
	3389
	3390	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	3391	// T he message encode in formation (pvMsgEnco deInfo) is message t ype depend ent
	3392	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	3393
	3394	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	3395	// C MSG_DATA: pvMsgEncod eInfo = NU LL
	3396	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	3397
	3398	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	3399	// C MSG_SIGNED
	3400	//
	3401	// T he pCertIn fo in the CMSG_SIGNE R_ENCODE_I NFO provid es the Iss uer, Seria lNumber
	3402	// a nd PublicK eyInfo.Alg orithm. Th e PublicKe yInfo.Algo rithm impl icitly
	3403	// s pecifies t he HashEnc ryptionAlg orithm to be used.
	3404	//
	3405	// T he hCryptP rov and dw KeySpec sp ecify the private ke y to use. If dwKeySp ec
	3406	// = = 0, then, defaults to AT_SIGN ATURE.
	3407	//
	3408	// p vHashAuxIn fo current ly isn't u sed and mu st be set to NULL.
	3409	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	3410
	3411	type
	3412	PCMS G_SIGNER_E NCODE_INFO = ^CMSG_S IGNER_ENCO DE_INFO;
	3413
	3414	CMSG _SIGNER_EN CODE_INFO = record
	3415	cb Size: DWOR D;
	3416	pC ertInfo: P CERT_INFO;
	3417	HC RYPTPROV: HCRYPTPROV ;
	3418	dw KeySpec: D WORD;
	3419	Ha shAlgorith m: CRYPT_A LGORITHM_I DENTIFIER;
	3420	pv HashAuxInf o: PVOID;
	3421	cA uthAttr: D WORD;
	3422	rg AuthAttr: PCRYPT_ATT RIBUTE;
	3423	cU nauthAttr: DWORD;
	3424	rg UnauthAttr : PCRYPT_A TTRIBUTE;
	3425	end;
	3426
	3427	type
	3428	PCMS G_SIGNED_E NCODE_INFO = ^CMSG_S IGNED_ENCO DE_INFO;
	3429
	3430	CMSG _SIGNED_EN CODE_INFO = record
	3431	cb Size: DWOR D;
	3432	cS igners: DW ORD;
	3433	rg Signers: P CMSG_SIGNE R_ENCODE_I NFO;
	3434	cC ertEncoded : DWORD;
	3435	rg CertEncode d: PCERT_B LOB;
	3436	cC rlEncoded: DWORD;
	3437	rg CrlEncoded : PCRL_BLO B;
	3438	end;
	3439
	3440	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	3441	// C MSG_ENVELO PED
	3442	//
	3443	// T he PCERT_I NFO for th e rgRecipi ents provi des the Is suer, Seri alNumber
	3444	// a nd PublicK eyInfo. Th e PublicKe yInfo.Algo rithm impl icitly
	3445	// s pecifies t he KeyEncr yptionAlgo rithm to b e used.
	3446	//
	3447	// T he PublicK eyInfo.Pub licKey in PCERT_INFO is used t o encrypt the conten t
	3448	// e ncryption key for th e recipien t.
	3449	//
	3450	// h CryptProv is used to do the co ntent encr yption, re cipient ke y encrypti on
	3451	// a nd export. The hCryp tProv's pr ivate keys aren't us ed.
	3452	//
	3453	// N ote: CAPI currently doesn't su pport more than one KeyEncrypt ionAlgorit hm
	3454	// p er provide r. This wi ll need to be fixed.
	3455	//
	3456	// p vEncryptio nAuxInfo c urrently i sn't used and must b e set to N ULL.
	3457	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	3458
	3459	type
	3460	PCMS G_ENVELOPE D_ENCODE_I NFO = ^CMS G_ENVELOPE D_ENCODE_I NFO;
	3461
	3462	CMSG _ENVELOPED _ENCODE_IN FO = recor d
	3463	cb Size: DWOR D;
	3464	HC RYPTPROV: HCRYPTPROV ;
	3465	Co ntentEncry ptionAlgor ithm: CRYP T_ALGORITH M_IDENTIFI ER;
	3466	pv Encryption AuxInfo: P VOID;
	3467	cR ecipients: DWORD;
	3468	rg pRecipient s: PPCERT_ INFO; // p ointer to array of P CERT_INFO
	3469	end;
	3470
	3471	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	3472	// C MSG_SIGNED _AND_ENVEL OPED
	3473	//
	3474	// F or PKCS #7 , a signed and envel oped messa ge doesn't have the
	3475	// s igner's au thenticate d or unaut henticated attribute s. Otherwi se, a
	3476	// c ombination of the CM SG_SIGNED_ ENCODE_INF O and CMSG _ENVELOPED _ENCODE_IN FO.
	3477	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	3478
	3479	type
	3480	PCMS G_SIGNED_A ND_ENVELOP ED_ENCODE_ INFO = ^CM SG_SIGNED_ AND_ENVELO PED_ENCODE _INFO;
	3481
	3482	CMSG _SIGNED_AN D_ENVELOPE D_ENCODE_I NFO = reco rd
	3483	cb Size: DWOR D;
	3484	Si gnedInfo: CMSG_SIGNE D_ENCODE_I NFO;
	3485	En velopedInf o: CMSG_EN VELOPED_EN CODE_INFO;
	3486	end;
	3487
	3488	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	3489	// C MSG_HASHED
	3490	//
	3491	// h CryptProv is used to do the ha sh. Doesn' t need to use a priv ate key.
	3492	//
	3493	// I f fDetache dHash is s et, then, the encode d message doesn't co ntain
	3494	// a ny content (its trea ted as NUL L Data)
	3495	//
	3496	// p vHashAuxIn fo current ly isn't u sed and mu st be set to NULL.
	3497	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	3498
	3499	type
	3500	PCMS G_HASHED_E NCODE_INFO = ^CMSG_H ASHED_ENCO DE_INFO;
	3501
	3502	CMSG _HASHED_EN CODE_INFO = record
	3503	cb Size: DWOR D;
	3504	HC RYPTPROV: HCRYPTPROV ;
	3505	Ha shAlgorith m: CRYPT_A LGORITHM_I DENTIFIER;
	3506	pv HashAuxInf o: PVOID;
	3507	end;
	3508
	3509	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	3510	// C MSG_ENCRYP TED
	3511	//
	3512	// T he key use d to encry pt the mes sage is id entified o utside of the messag e
	3513	// c ontent (fo r example, password) .
	3514	//
	3515	// T he content input to CryptMsgUp date has a lready bee n encrypte d.
	3516	//
	3517	// p vEncryptio nAuxInfo c urrently i sn't used and must b e set to N ULL.
	3518	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	3519
	3520	type
	3521	PCMS G_ENCRYPTE D_ENCODE_I NFO = ^CMS G_ENCRYPTE D_ENCODE_I NFO;
	3522
	3523	CMSG _ENCRYPTED _ENCODE_IN FO = recor d
	3524	cb Size: DWOR D;
	3525	Co ntentEncry ptionAlgor ithm: CRYP T_ALGORITH M_IDENTIFI ER;
	3526	pv Encryption AuxInfo: P VOID;
	3527	end;
	3528
	3529	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	3530	// T his parame ter allows messages to be of v ariable le ngth with streamed
	3531	// o utput.
	3532	//
	3533	// B y default, messages are of a d efinite le ngth and
	3534	// C ryptMsgGet Param(CMSG _CONTENT_P ARAM) is
	3535	// c alled to g et the cry ptographic ally proce ssed conte nt. Until closed,
	3536	// t he handle keeps a co py of the processed content.
	3537	//
	3538	// W ith stream ed output, the proce ssed conte nt can be freed as i ts streame d.
	3539	//
	3540	// I f the leng th of the content to be update d is known at the ti me of the
	3541	// o pen, then, ContentLe ngth shoul d be set t o that len gth. Other wise, it
	3542	// s hould be s et to CMSG _INDEFINIT E_LENGTH.
	3543	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	3544
	3545	type
	3546	PFN_ CMSG_STREA M_OUTPUT = function(
	3547	co nst pvArg: PVOID;
	3548	pb Data: PBYT E;
	3549	cb Data: DWOR D;
	3550	fF inal: BOOL ): BOOL; s tdcall;
	3551
	3552	const
	3553	CMSG _INDEFINIT E_LENGTH = ($FFFFFFF F);
	3554
	3555	type
	3556	PCMS G_STREAM_I NFO = ^CMS G_STREAM_I NFO;
	3557
	3558	CMSG _STREAM_IN FO = recor d
	3559	cb Content: D WORD;
	3560	pf nStreamOut put: PFN_C MSG_STREAM _OUTPUT;
	3561	pv Arg: PVOID ;
	3562	end;
	3563
	3564	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	3565	// O pen dwFlag s
	3566	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	3567
	3568	const
	3569	CMSG _BARE_CONT ENT_FLAG = $00000001 ;
	3570	CMSG _LENGTH_ON LY_FLAG = $00000002;
	3571	CMSG _DETACHED_ FLAG = $00 000004;
	3572	CMSG _AUTHENTIC ATED_ATTRI BUTES_FLAG = $000000 08;
	3573	CMSG _CONTENTS_ OCTETS_FLA G = $00000 010;
	3574	CMSG _MAX_LENGT H_FLAG = $ 00000020;
	3575
	3576	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	3577	// O pen a cryp tographic message fo r encoding
	3578	//
	3579	// F or PKCS #7 :
	3580	// I f the cont ent to be passed to CryptMsgUp date has a lready
	3581	// b een messag e encoded (the input to CryptM sgUpdate i s the stre amed outpu t
	3582	// f rom anothe r message encode), t hen, the C MSG_ENCODE D_CONTENT_ INFO_FLAG should
	3583	// b e set in d wFlags. If not set, then, the inner Cont entType is Data and
	3584	// t he input t o CryptMsg Update is treated as the inner Data type 's Content ,
	3585	// a string of bytes.
	3586	// I f CMSG_BAR E_CONTENT_ FLAG is sp ecified fo r a stream ed message ,
	3587	// t he streame d output w ill not ha ve an oute r ContentI nfo wrappe r. This
	3588	// m akes it su itable to be streame d into an enclosing message.
	3589	//
	3590	// T he pStream Info param eter needs to be set to stream the encod ed message
	3591	// o utput.
	3592	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	3593
	3594	func tion Crypt MsgOpenToE ncode(dwMs gEncodingT ype: DWORD ;
	3595	dw Flags: DWO RD;
	3596	dw MsgType: D WORD;
	3597	pv MsgEncodeI nfo: PVOID ;
	3598	ps zInnerCont entObjID: LPSTR; // OPTIONAL
	3599	pS treamInfo: PCMSG_STR EAM_INFO / / OPTIONAL
	3600	): HCRYPTMSG ; stdcall;
	3601
	3602	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	3603	// C alculate t he length of an enco ded crypto graphic me ssage.
	3604	//
	3605	// C alculates the length of the en coded mess age given the
	3606	// m essage typ e, encodin g paramete rs and tot al length of
	3607	// t he data to be update d. Note, t his might not be the exact len gth. Howev er,
	3608	// i t will alw ays be gre ater than or equal t o the actu al length.
	3609	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	3610
	3611	fu nction Cry ptMsgCalcu lateEncode dLength(dw MsgEncodin gType: DWO RD;
	3612	dwFlags: D WORD;
	3613	dwMsgType: DWORD;
	3614	pvMsgEncod eInfo: PVO ID;
	3615	pszInnerCo ntentObjID : LPSTR; / / OPTIONAL
	3616	cbData: DW ORD): DWOR D; stdcall ;
	3617
	3618	// +-------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	3619	// Open a cr yptographi c message for decodi ng
	3620	//
	3621	// For PKCS #7: if the inner Con tentType i sn't Data, then, the inner
	3622	// ContentIn fo consist ing of bot h ContentT ype and Co ntent is o utput.
	3623	// To also e nable Cont entInfo ou tput for t he Data Co ntentType, then,
	3624	// the CMSG_ ENCODED_CO NTENT_INFO _FLAG shou ld be set
	3625	// in dwFlag s. If not set, then, only the content po rtion of t he inner
	3626	// ContentIn fo is outp ut for the Data Cont entType.
	3627	//
	3628	// To only c alculate t he length of the dec oded messa ge, set th e
	3629	// CMSG_LENG TH_ONLY_FL AG in dwFl ags. After the final CryptMsgU pdate get the
	3630	// MSG_CONTE NT_PARAM. Note, this might not be the ex act length . However,
	3631	// it will a lways be g reater tha n or equal to the ac tual lengt h.
	3632	//
	3633	// hCryptPro v specifie s the cryp to provide r to use f or hashing and/or
	3634	// decryptin g the mess age. For e nveloped m essages, h CryptProv also speci fies
	3635	// the priva te exchang e key to u se. For si gned messa ges, hCryp tProv is u sed
	3636	// when Cryp tMsgVerify Signer is called.
	3637	//
	3638	// For envel oped messa ges, the p RecipientI nfo contai ns the Iss uer and
	3639	// SerialNum ber identi fying the RecipientI nfo in the message.
	3640	//
	3641	// Note, the pRecipien tInfo shou ld corresp ond to the provider' s private
	3642	// exchange key.
	3643	//
	3644	// If pRecip ientInfo i s NULL, th en, the me ssage isn' t decrypte d. To decr ypt
	3645	// the messa ge, CryptM sgControl( CMSG_CTRL_ DECRYPT) i s called a fter the f inal
	3646	// CryptMsgU pdate.
	3647	//
	3648	// The pStre amInfo par ameter nee ds to be s et to stre am the dec oded conte nt
	3649	// output. N ote, if pR ecipientIn fo is NULL , then, th e streamed output is n't
	3650	// decrypted .
	3651	// --------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	3652
	3653	function C ryptMsgOpe nToDecode( dwMsgEncod ingType: D WORD;
	3654	dwFlags: DWORD;
	3655	dwMsgTyp e: DWORD;
	3656	HCRYPTPR OV: HCRYPT PROV;
	3657	pRecipie ntInfo: PC ERT_INFO; // OPTIONA L
	3658	pStreamI nfo: PCMSG _STREAM_IN FO // OPTI ONAL
	3659	): HCRYP TMSG; stdc all;
	3660
	3661	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	3662	// Close a cryptogra phic messa ge handle
	3663	//
	3664	// LastErr or is pres erved unle ss FALSE i s returned .
	3665	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	3666
	3667	function CryptMsgC lose(HCRYP TMSG: HCRY PTMSG): BO OL; stdcal l;
	3668
	3669	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	3670	// Updat e the cont ent of a c ryptograph ic message . Dependin g on how t he
	3671	// messa ge was ope ned, the c ontent is either enc oded or de coded.
	3672	//
	3673	// This function i s repetiti vely calle d to appen d to the m essage con tent.
	3674	// fFina l is set t o identify the last update. On fFinal, t he encode/ decode
	3675	// is co mpleted. T he encoded /decoded c ontent and the decod ed paramet ers
	3676	// are v alid until the open and all du plicated h andles are closed.
	3677	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	3678
	3679	functi on CryptMs gUpdate(HC RYPTMSG: H CRYPTMSG;
	3680	cons t pbData: PBYTE;
	3681	cbDa ta: DWORD;
	3682	fFin al: BOOL): BOOL; std call;
	3683
	3684	// +-- ---------- ---------- ---------- ---------- ---------- ---------- ---------- -
	3685	// Per form a spe cial "cont rol" funct ion after the final CryptMsgUp date of a
	3686	// enc oded/decod ed cryptog raphic mes sage.
	3687	//
	3688	// The dwCtrlTyp e paramete r specifie s the type of operat ion to be performed.
	3689	//
	3690	// The pvCtrlPar a definiti on depends on the dw CtrlType v alue.
	3691	//
	3692	// See below for a list of the contr ol operati ons and th eir pvCtrl Para
	3693	// typ e definiti on.
	3694	// --- ---------- ---------- ---------- ---------- ---------- ---------- ---------- -
	3695
	3696	func tion Crypt MsgControl (HCRYPTMSG : HCRYPTMS G;
	3697	dw Flags: DWO RD;
	3698	dw CtrlType: DWORD;
	3699	pv CtrlPara: PVOID): BO OL; stdcal l;
	3700
	3701	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	3702	// M essage con trol types
	3703	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	3704
	3705	cons t
	3706	CM SG_CTRL_VE RIFY_SIGNA TURE = 1;
	3707	CM SG_CTRL_DE CRYPT = 2;
	3708	CM SG_CTRL_VE RIFY_HASH = 5;
	3709	CM SG_CTRL_AD D_SIGNER = 6;
	3710	CM SG_CTRL_DE L_SIGNER = 7;
	3711	CM SG_CTRL_AD D_SIGNER_U NAUTH_ATTR = 8;
	3712	CM SG_CTRL_DE L_SIGNER_U NAUTH_ATTR = 9;
	3713	CM SG_CTRL_AD D_CERT = 1 0;
	3714	CM SG_CTRL_DE L_CERT = 1 1;
	3715	CM SG_CTRL_AD D_CRL = 12 ;
	3716	CM SG_CTRL_DE L_CRL = 13 ;
	3717
	3718	// +-------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	3719	// CMSG_CTRL _VERIFY_SI GNATURE
	3720	//
	3721	// Verify th e signatur e of a SIG NED or SIG NED_AND_EN VELOPED
	3722	// message a fter it ha s been dec oded.
	3723	//
	3724	// For a SIG NED_AND_EN VELOPED me ssage, cal led after
	3725	// CryptMsgC ontrol(CMS G_CTRL_DEC RYPT), if CryptMsgOp enToDecode was calle d
	3726	// with a NU LL pRecipi entInfo.
	3727	//
	3728	// pvCtrlPar a points t o a CERT_I NFO struct .
	3729	//
	3730	// The CERT_ INFO conta ins the Is suer and S erialNumbe r identify ing
	3731	// the Signe r of the m essage. Th e CERT_INF O also con tains the
	3732	// PublicKey Info
	3733	// used to v erify the signature. The crypt ographic p rovider sp ecified
	3734	// in CryptM sgOpenToDe code is us ed.
	3735	// --------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	3736
	3737	// +-------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	3738	// CMSG_CTRL _DECRYPT
	3739	//
	3740	// Decrypt a n ENVELOPE D or SIGNE D_AND_ENVE LOPED mess age after it has bee n
	3741	// decoded.
	3742	//
	3743	// hCryptPro v and dwKe ySpec spec ify the pr ivate key to use. Fo r dwKeySpe c ==
	3744	// 0, defaul ts to AT_K EYEXCHANGE .
	3745	//
	3746	// dwRecipie ntIndex is the index of the re cipient in the messa ge associa ted
	3747	// with the hCryptProv 's private key.
	3748	//
	3749	// This cont rol functi on needs t o be calle d, if you don't know the appro priate
	3750	// recipient before ca lling Cryp tMsgOpenTo Decode. Af ter the fi nal
	3751	// CryptMsgU pdate, the list of r ecipients is obtaine d by itera ting throu gh
	3752	// CMSG_RECI PIENT_INFO _PARAM. Th e recipien t correspo nding to a private
	3753	// key owned by the ca ller is se lected and passed to this func tion to de crypt
	3754	// the messa ge.
	3755	//
	3756	// Note, the message c an only be decrypted once.
	3757	// --------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	3758
	3759	type
	3760	PC MSG_CTRL_D ECRYPT_PAR A = ^CMSG_ CTRL_DECRY PT_PARA;
	3761
	3762	CM SG_CTRL_DE CRYPT_PARA = record
	3763	cbSize: DW ORD;
	3764	HCRYPTPROV : HCRYPTPR OV;
	3765	dwKeySpec: DWORD;
	3766	dwRecipien tIndex: DW ORD;
	3767	en d;
	3768
	3769	// +-------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	3770	// CMSG_CTRL _VERIFY_HA SH
	3771	//
	3772	// Verify th e hash of a HASHED m essage aft er it has been decod ed.
	3773	//
	3774	// Only the hCryptMsg parameter is used, t o specify the messag e whose
	3775	// hash is b eing verif ied.
	3776	// --------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	3777
	3778	// +-------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	3779	// CMSG_CTRL _ADD_SIGNE R
	3780	//
	3781	// Add a sig ner to a s igned-data or signed -and-envel oped-data message.
	3782	//
	3783	// pvCtrlPar a points t o a CMSG_S IGNER_ENCO DE_INFO.
	3784	// --------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	3785
	3786	// +-------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	3787	// CMSG_CTRL _DEL_SIGNE R
	3788	//
	3789	// Remove a signer fro m a signed -data or s igned-and- enveloped- data messa ge.
	3790	//
	3791	// pvCtrlPar a points t o a DWORD containing the 0-bas ed index o f the
	3792	// signer to be remove d.
	3793	// --------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	3794
	3795	// +-------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	3796	// CMSG_CTRL _ADD_SIGNE R_UNAUTH_A TTR
	3797	//
	3798	// Add an un authentica ted attrib ute to the SignerInf o of a sig ned-data o r
	3799	// signed-an d-envelope d-data mes sage.
	3800	//
	3801	// The unaut henticated attribute is input in the for m of an en coded blob .
	3802	// --------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	3803
	3804	type
	3805	PC MSG_CTRL_A DD_SIGNER_ UNAUTH_ATT R_PARA = ^ CMSG_CTRL_ ADD_SIGNER _UNAUTH_AT TR_PARA;
	3806
	3807	CM SG_CTRL_AD D_SIGNER_U NAUTH_ATTR _PARA = re cord
	3808	cbSize: DW ORD;
	3809	dwSignerIn dex: DWORD ;
	3810	blob: CRYP T_DATA_BLO B;
	3811	en d;
	3812
	3813	// +-------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	3814	// CMSG_CTRL _DEL_SIGNE R_UNAUTH_A TTR
	3815	//
	3816	// Delete an unauthent icated att ribute fro m the Sign erInfo of a signed-d ata
	3817	// or signed -and-envel oped-data message.
	3818	//
	3819	// The unaut henticated attribute to be rem oved is sp ecified by
	3820	// a 0-based index.
	3821	// --------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	3822
	3823	type
	3824	PC MSG_CTRL_D EL_SIGNER_ UNAUTH_ATT R_PARA = ^ CMSG_CTRL_ DEL_SIGNER _UNAUTH_AT TR_PARA;
	3825
	3826	CM SG_CTRL_DE L_SIGNER_U NAUTH_ATTR _PARA = re cord
	3827	cbSize: DW ORD;
	3828	dwSignerIn dex: DWORD ;
	3829	dwUnauthAt trIndex: D WORD;
	3830	en d;
	3831
	3832	// +-------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	3833	// CMSG_CTRL _ADD_CERT
	3834	//
	3835	// Add a cer tificate t o a signed -data or s igned-and- enveloped- data messa ge.
	3836	//
	3837	// pvCtrlPar a points t o a CRYPT_ DATA_BLOB containing the certi ficate's
	3838	// encoded b ytes.
	3839	// --------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	3840
	3841	// +-------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	3842	// CMSG_CTRL _DEL_CERT
	3843	//
	3844	// Delete a certificat e from a s igned-data or signed -and-envel oped-data
	3845	// message.
	3846	//
	3847	// pvCtrlPar a points t o a DWORD containing the 0-bas ed index o f the
	3848	// certifica te to be r emoved.
	3849	// --------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	3850
	3851	// +-------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	3852	// CMSG_CTRL _ADD_CRL
	3853	//
	3854	// Add a CRL to a sign ed-data or signed-an d-envelope d-data mes sage.
	3855	//
	3856	// pvCtrlPar a points t o a CRYPT_ DATA_BLOB containing the CRL's
	3857	// encoded b ytes.
	3858	// --------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	3859
	3860	// +-------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	3861	// CMSG_CTRL _DEL_CRL
	3862	//
	3863	// Delete a CRL from a signed-da ta or sign ed-and-env eloped-dat a message.
	3864	//
	3865	// pvCtrlPar a points t o a DWORD containing the 0-bas ed index o f the CRL
	3866	// to be rem oved.
	3867	// --------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	3868
	3869
	3870	// +-------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	3871	// Verify a countersig nature, at the Signe rInfo leve l.
	3872	// ie. verif y that pbS ignerInfoC ountersign ature cont ains the e ncrypted
	3873	// hash of t he encrypt edDigest f ield of pb SignerInfo .
	3874	//
	3875	// hCryptPro v is used to hash th e encrypte dDigest fi eld of pbS ignerInfo.
	3876	// The only fields ref erenced fr om pciCoun tersigner are Serial Number, Is suer,
	3877	// and Subje ctPublicKe yInfo.
	3878	// --------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	3879
	3880	fu nction Cry ptMsgVerif yCountersi gnatureEnc oded(HCRYP TPROV: HCR YPTPROV;
	3881	dwEncoding Type: DWOR D;
	3882	pbSignerIn fo: PBYTE;
	3883	cbSignerIn fo: DWORD;
	3884	pbSignerIn foCounters ignature: PBYTE;
	3885	cbSignerIn foCounters ignature: DWORD;
	3886	pciCounter signer: PC ERT_INFO): BOOL; std call;
	3887
	3888	// +-------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	3889	// Countersi gn an alre ady-existi ng signatu re in a me ssage
	3890	//
	3891	// dwIndex i s a zero-b ased index of the Si gnerInfo t o be count ersigned.
	3892	// --------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	3893
	3894	function C ryptMsgCou ntersign(H CRYPTMSG: HCRYPTMSG;
	3895	dwIndex: DWORD;
	3896	cCounter signers: D WORD;
	3897	rgCounte rsigners: PCMSG_SIGN ER_ENCODE_ INFO): BOO L; stdcall ;
	3898
	3899	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	3900	// Counter sign an al ready-exis ting signa ture (enco ded Signer Info).
	3901	// Output an encoded SignerInf o blob, su itable for use as a countersig nature
	3902	// attribu te in the unauthenti cated attr ibutes of a signed-d ata or
	3903	// signed- and-envelo ped-data m essage.
	3904	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	3905
	3906	function CryptMsgC ountersign Encoded(dw EncodingTy pe: DWORD;
	3907	pbSign erInfo: PB YTE;
	3908	cbSign erInfo: DW ORD;
	3909	cCount ersigners: DWORD;
	3910	rgCoun tersigners : PCMSG_SI GNER_ENCOD E_INFO;
	3911	pbCoun tersignatu re: PBYTE;
	3912	pcbCou ntersignat ure: PDWOR D): BOOL; stdcall;
	3913
	3914	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	3915	// Get a parameter after enc oding/deco ding a cry ptographic message. Called
	3916	// after the final CryptMsgU pdate. Onl y the CMSG _CONTENT_P ARAM and
	3917	// CMSG_ COMPUTED_H ASH_PARAM are valid for an enc oded messa ge.
	3918	//
	3919	// For a n encoded HASHED mes sage, the CMSG_COMPU TED_HASH_P ARAM can b e got
	3920	// befor e any Cryp tMsgUpdate s to get i ts length.
	3921	//
	3922	// The p vData type definitio n depends on the dwP aramType v alue.
	3923	//
	3924	// Eleme nts pointe d to by fi elds in th e pvData s tructure f ollow the
	3925	// struc ture. Ther efore, *pc bData may exceed the size of t he structu re.
	3926	//
	3927	// Upon input, if pcbData = = 0, then, pcbData is updated with the length
	3928	// of th e data and the pvDat a paramete r is ignor ed.
	3929	//
	3930	// Upon return, *p cbData is updated wi th the len gth of the data.
	3931	//
	3932	// The O BJID BLOBs returned in the pvD ata struct ures point to
	3933	// their still enc oded repre sentation. The appro priate fun ctions
	3934	// must be called to decode the inform ation.
	3935	//
	3936	// See b elow for a list of t he paramet ers to get .
	3937	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	3938
	3939	functi on CryptMs gGetParam( HCRYPTMSG: HCRYPTMSG ;
	3940	dwPa ramType: D WORD;
	3941	dwIn dex: DWORD ;
	3942	pvDa ta: PVOID;
	3943	pcbD ata: PDWOR D): BOOL; stdcall;
	3944
	3945	// +-- ---------- ---------- ---------- ---------- ---------- ---------- ---------- -
	3946	// Get parameter types and their cor responding data stru cture defi nitions.
	3947	// --- ---------- ---------- ---------- ---------- ---------- ---------- ---------- -
	3948
	3949	const
	3950	CMSG _TYPE_PARA M = 1;
	3951	CMSG _CONTENT_P ARAM = 2;
	3952	CMSG _BARE_CONT ENT_PARAM = 3;
	3953	CMSG _INNER_CON TENT_TYPE_ PARAM = 4;
	3954	CMSG _SIGNER_CO UNT_PARAM = 5;
	3955	CMSG _SIGNER_IN FO_PARAM = 6;
	3956	CMSG _SIGNER_CE RT_INFO_PA RAM = 7;
	3957	CMSG _SIGNER_HA SH_ALGORIT HM_PARAM = 8;
	3958	CMSG _SIGNER_AU TH_ATTR_PA RAM = 9;
	3959	CMSG _SIGNER_UN AUTH_ATTR_ PARAM = 10 ;
	3960	CMSG _CERT_COUN T_PARAM = 11;
	3961	CMSG _CERT_PARA M = 12;
	3962	CMSG _CRL_COUNT _PARAM = 1 3;
	3963	CMSG _CRL_PARAM = 14;
	3964	CMSG _ENVELOPE_ ALGORITHM_ PARAM = 15 ;
	3965	CMSG _RECIPIENT _COUNT_PAR AM = 17;
	3966	CMSG _RECIPIENT _INDEX_PAR AM = 18;
	3967	CMSG _RECIPIENT _INFO_PARA M = 19;
	3968	CMSG _HASH_ALGO RITHM_PARA M = 20;
	3969	CMSG _HASH_DATA _PARAM = 2 1;
	3970	CMSG _COMPUTED_ HASH_PARAM = 22;
	3971	CMSG _ENCRYPT_P ARAM = 26;
	3972	CMSG _ENCRYPTED _DIGEST = 27;
	3973	CMSG _ENCODED_S IGNER = 28 ;
	3974	CMSG _ENCODED_M ESSAGE = 2 9;
	3975
	3976	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	3977	// C MSG_TYPE_P ARAM
	3978	//
	3979	// T he type of the decod ed message .
	3980	//
	3981	// p vData poin ts to a DW ORD
	3982	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	3983
	3984	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	3985	// C MSG_CONTEN T_PARAM
	3986	//
	3987	// T he encoded content o f a crypto graphic me ssage. Dep ending on how the
	3988	// m essage was opened, t he content is either the whole PKCS#7
	3989	// m essage (op ened to en code) or t he inner c ontent (op ened to de code).
	3990	// I n the deco de case, t he decrypt ed content is return ed, if env eloped.
	3991	// I f not enve loped, and if the in ner conten t is of ty pe DATA, t he returne d
	3992	// d ata is the contents octets of the inner content.
	3993	//
	3994	// p vData poin ts to the buffer rec eiving the content b ytes
	3995	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	3996
	3997	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	3998	// C MSG_BARE_C ONTENT_PAR AM
	3999	//
	4000	// T he encoded content o f an encod ed cryptog raphic mes sage, with out the
	4001	// o uter layer of Conten tInfo. Tha t is, only the encod ing of the
	4002	// C ontentInfo .content f ield is re turned.
	4003	//
	4004	// p vData poin ts to the buffer rec eiving the content b ytes
	4005	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4006
	4007	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4008	// C MSG_INNER_ CONTENT_TY PE_PARAM
	4009	//
	4010	// T he type of the inner content o f a decode d cryptogr aphic mess age,
	4011	// i n the form of a NULL -terminate d object i dentifier string
	4012	// ( eg. "1.2.8 40.113549. 1.7.1").
	4013	//
	4014	// p vData poin ts to the buffer rec eiving the object id entifier s tring
	4015	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4016
	4017	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4018	// C MSG_SIGNER _COUNT_PAR AM
	4019	//
	4020	// C ount of si gners in a SIGNED or SIGNED_AN D_ENVELOPE D message
	4021	//
	4022	// p vData poin ts to a DW ORD
	4023	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4024
	4025	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4026	// C MSG_SIGNER _CERT_INFO _PARAM
	4027	//
	4028	// T o get all the signer s, repetit ively call CryptMsgG etParam, w ith
	4029	// d wIndex set to 0 .. S ignerCount - 1.
	4030	//
	4031	// p vData poin ts to a CE RT_INFO st ruct.
	4032	//
	4033	// O nly the fo llowing fi elds have been updat ed in the CERT_INFO struct:
	4034	// I ssuer and SerialNumb er.
	4035	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4036
	4037	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4038	// C MSG_SIGNER _INFO_PARA M
	4039	//
	4040	// T o get all the signer s, repetit ively call CryptMsgG etParam, w ith
	4041	// d wIndex set to 0 .. S ignerCount - 1.
	4042	//
	4043	// p vData poin ts to a CM SG_SIGNER_ INFO struc t.
	4044	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4045
	4046	type
	4047	PCMS G_SIGNER_I NFO = ^CMS G_SIGNER_I NFO;
	4048
	4049	CMSG _SIGNER_IN FO = recor d
	4050	dw Version: D WORD;
	4051	Is suer: CERT _NAME_BLOB ;
	4052	Se rialNumber : CRYPT_IN TEGER_BLOB ;
	4053	Ha shAlgorith m: CRYPT_A LGORITHM_I DENTIFIER;
	4054	Ha shEncrypti onAlgorith m: CRYPT_A LGORITHM_I DENTIFIER;
	4055	En cryptedHas h: CRYPT_D ATA_BLOB;
	4056	Au thAttrs: C RYPT_ATTRI BUTES;
	4057	Un authAttrs: CRYPT_ATT RIBUTES;
	4058	end;
	4059
	4060	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4061	// C MSG_SIGNER _HASH_ALGO RITHM_PARA M
	4062	//
	4063	// T his parame ter specif ies the Ha shAlgorith m that was used for the signer .
	4064	//
	4065	// S et dwIndex to iterat e through all the si gners.
	4066	//
	4067	// p vData poin ts to an C RYPT_ALGOR ITHM_IDENT IFIER stru ct.
	4068	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4069
	4070	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4071	// C MSG_SIGNER _AUTH_ATTR _PARAM
	4072	//
	4073	// T he authent icated att ributes fo r the sign er.
	4074	//
	4075	// S et dwIndex to iterat e through all the si gners.
	4076	//
	4077	// p vData poin ts to a CM SG_ATTR st ruct.
	4078	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4079
	4080	type
	4081	CMSG _ATTR = CR YPT_ATTRIB UTES;
	4082	PCMS G_ATTR = ^ CRYPT_ATTR IBUTES;
	4083
	4084	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4085	// C MSG_SIGNER _UNAUTH_AT TR_PARAM
	4086	//
	4087	// T he unauthe nticated a ttributes for the si gner.
	4088	//
	4089	// S et dwIndex to iterat e through all the si gners.
	4090	//
	4091	// p vData poin ts to a CM SG_ATTR st ruct.
	4092	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4093
	4094	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4095	// C MSG_CERT_C OUNT_PARAM
	4096	//
	4097	// C ount of ce rtificates in a SIGN ED or SIGN ED_AND_ENV ELOPED mes sage.
	4098	//
	4099	// p vData poin ts to a DW ORD
	4100	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4101
	4102	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4103	// C MSG_CERT_P ARAM
	4104	//
	4105	// T o get all the certif icates, re petitively call Cryp tMsgGetPar am, with
	4106	// d wIndex set to 0 .. C ertCount - 1.
	4107	//
	4108	// p vData poin ts to an a rray of th e certific ate's enco ded bytes.
	4109	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4110
	4111	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4112	// C MSG_CRL_CO UNT_PARAM
	4113	//
	4114	// C ount of CR Ls in a SI GNED or SI GNED_AND_E NVELOPED m essage.
	4115	//
	4116	// p vData poin ts to a DW ORD
	4117	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4118
	4119	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4120	// C MSG_CRL_PA RAM
	4121	//
	4122	// T o get all the CRLs, repetitive ly call Cr yptMsgGetP aram, with
	4123	// d wIndex set to 0 .. C rlCount - 1.
	4124	//
	4125	// p vData poin ts to an a rray of th e CRL's en coded byte s.
	4126	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4127
	4128
	4129	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4130	// C MSG_ENVELO PE_ALGORIT HM_PARAM
	4131	//
	4132	// T he Content Encryption Algorithm that was u sed in
	4133	// a n ENVELOPE D or SIGNE D_AND_ENVE LOPED mess age.
	4134	//
	4135	// p vData poin ts to an C RYPT_ALGOR ITHM_IDENT IFIER stru ct.
	4136	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4137
	4138	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4139	// C MSG_RECIPI ENT_COUNT_ PARAM
	4140	//
	4141	// C ount of re cipients i n an ENVEL OPED or SI GNED_AND_E NVELOPED m essage.
	4142	//
	4143	// p vData poin ts to a DW ORD
	4144	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4145
	4146	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4147	// C MSG_RECIPI ENT_INDEX_ PARAM
	4148	//
	4149	// I ndex of th e recipien t used to decrypt an ENVELOPED or SIGNED _AND_ENVEL OPED
	4150	// m essage.
	4151	//
	4152	// p vData poin ts to a DW ORD
	4153	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4154
	4155	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4156	// C MSG_RECIPI ENT_INFO_P ARAM
	4157	//
	4158	// T o get all the recipi ents, repe titively c all CryptM sgGetParam , with
	4159	// d wIndex set to 0 .. R ecipientCo unt - 1.
	4160	//
	4161	// p vData poin ts to a CE RT_INFO st ruct.
	4162	//
	4163	// O nly the fo llowing fi elds have been updat ed in the CERT_INFO struct:
	4164	// I ssuer, Ser ialNumber and Public KeyAlgorit hm. The Pu blicKeyAlg orithm
	4165	// s pecifies t he KeyEncr yptionAlgo rithm that was used.
	4166	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4167
	4168	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4169	// C MSG_HASH_A LGORITHM_P ARAM
	4170	//
	4171	// T he HashAlg orithm in a HASHED m essage.
	4172	//
	4173	// p vData poin ts to an C RYPT_ALGOR ITHM_IDENT IFIER stru ct.
	4174	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4175
	4176	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4177	// C MSG_HASH_D ATA_PARAM
	4178	//
	4179	// T he hash in a HASHED message.
	4180	//
	4181	// p vData poin ts to an a rray of by tes.
	4182	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4183
	4184	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4185	// C MSG_COMPUT ED_HASH_PA RAM
	4186	//
	4187	// T he compute d hash for a HASHED message.
	4188	//
	4189	// T his may be called fo r either a n encoded or decoded message.
	4190	// I t also may be called before an y encoded CryptMsgUp dates to g et its len gth.
	4191	//
	4192	// p vData poin ts to an a rray of by tes.
	4193	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4194
	4195	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4196	// C MSG_ENCRYP T_PARAM
	4197	//
	4198	// T he Content Encryption Algorithm that was u sed in an ENCRYPTED message.
	4199	//
	4200	// p vData poin ts to an C RYPT_ALGOR ITHM_IDENT IFIER stru ct.
	4201	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4202
	4203	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4204	// C MSG_ENCODE D_MESSAGE
	4205	//
	4206	// T he full en coded mess age. This is useful in the cas e of a dec oded
	4207	// m essage whi ch has bee n modified (eg. a si gned-data or
	4208	// s igned-and- enveloped- data messa ge which h as been co untersigne d).
	4209	//
	4210	// p vData poin ts to an a rray of th e message' s encoded bytes.
	4211	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4212
	4213	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4214	// C ryptMsg OI D installa ble functi ons
	4215	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4216
	4217	// I f *phCrypt Prov is NU LL upon en try, then, if suppor ted, the i nstallable
	4218	// f unction sh ould acqui re a defau lt provide r and retu rn. Note, its up
	4219	// t o the inst allable fu nction to release at process d etach.
	4220
	4221	const
	4222	CMSG _OID_GEN_E NCRYPT_KEY _FUNC = 'C ryptMsgDll GenEncrypt Key';
	4223
	4224	type
	4225	PFN_ CMSG_GEN_E NCRYPT_KEY = functio n(PHCRYPTP ROV: PHCRY PTPROV;
	4226	pa iEncrypt: PCRYPT_ALG ORITHM_IDE NTIFIER;
	4227	pv EncryptAux Info: PVOI D;
	4228	pP ublicKeyIn fo: PCERT_ PUBLIC_KEY _INFO;
	4229	ph EncryptKey : PHCRYPTK EY
	4230	): BOOL; std call;
	4231
	4232	const
	4233	CMSG _OID_EXPOR T_ENCRYPT_ KEY_FUNC = 'CryptMsg DllExportE ncryptKey' ;
	4234
	4235	type
	4236	PFN_ CMSG_EXPOR T_ENCRYPT_ KEY = func tion(HCRYP TPROV: HCR YPTPROV;
	4237	hE ncryptKey: HCRYPTKEY ;
	4238	pP ublicKeyIn fo: PCERT_ PUBLIC_KEY _INFO;
	4239	pb Data: PBYT E;
	4240	pc bData: PDW ORD): BOOL ; stdcall;
	4241
	4242	const
	4243	CMSG _OID_IMPOR T_ENCRYPT_ KEY_FUNC = 'CryptMsg DllImportE ncryptKey' ;
	4244
	4245	type
	4246	PFN_ CMSG_IMPOR T_ENCRYPT_ KEY = func tion(HCRYP TPROV: HCR YPTPROV;
	4247	dw KeySpec: D WORD;
	4248	pa iEncrypt: PCRYPT_ALG ORITHM_IDE NTIFIER;
	4249	pa iPubKey: P CRYPT_ALGO RITHM_IDEN TIFIER;
	4250	pb EncodedKey : PBYTE;
	4251	cb EncodedKey : DWORD;
	4252	ph EncryptKey : PHCRYPTK EY
	4253	): BOOL; std call;
	4254
	4255	// + ========== ========== ========== ========== ========== ========== ========== ===
	4256	// C ertificate Store Dat a Structur es and API s
	4257	// = ========== ========== ========== ========== ========== ========== ========== ===
	4258
	4259	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4260	// I n its most basic imp lementatio n, a cert store is s imply a
	4261	// c ollection of certifi cates and/ or CRLs. T his is the case when
	4262	// a cert stor e is opene d with all of its ce rtificates and CRLs
	4263	// c oming from a PKCS #7 encoded c ryptograph ic message .
	4264	//
	4265	// N onetheless , all cert stores ha ve the fol lowing pro perties:
	4266	// - A public key may ha ve more th an one cer tificate i n the stor e.
	4267	// F or example , a privat e/public k ey used fo r signing may have a
	4268	// c ertificate issued fo r VISA and another i ssued for
	4269	// M astercard. Also, whe n a certif icate is r enewed the re might
	4270	// b e more tha n one cert ificate wi th the sam e subject and
	4271	// i ssuer.
	4272	// - However, each certi ficate in the store is uniquel y
	4273	// i dentified by its Iss uer and Se rialNumber .
	4274	// - There's a n issuer o f subject certificat e relation ship. A
	4275	// c ertificate 's issuer is found b y doing a match of
	4276	// p SubjectCer t->Issuer with pIssu erCert->Su bject.
	4277	// T he relatio nship is v erified by using
	4278	// t he issuer' s public k ey to veri fy the sub ject certi ficate's
	4279	// s ignature. Note, ther e might be X.509 v3 extensions
	4280	// t o assist i n finding the issuer certifica te.
	4281	// - Since iss uer certif icates mig ht be rene wed, a sub ject
	4282	// c ertificate might hav e more tha n one issu er certifi cate.
	4283	// - There's a n issuer o f CRL rela tionship. An
	4284	// i ssuer's CR L is found by doing a match of
	4285	// p IssuerCert ->Subject with pCrl- >Issuer.
	4286	// T he relatio nship is v erified by using
	4287	// t he issuer' s public k ey to veri fy the CRL 's
	4288	// s ignature. Note, ther e might be X.509 v3 extensions
	4289	// t o assist i n finding the CRL.
	4290	// - Since som e issuers might supp ort the X. 509 v3 del ta CRL
	4291	// e xtensions, an issuer might hav e more tha n one CRL.
	4292	// - The store shouldn't have any redundant certificat es or
	4293	// C RLs. There shouldn't be two ce rtificates with the same
	4294	// I ssuer and SerialNumb er. There shouldn't be two CRL s with
	4295	// t he same Is suer, This Update and NextUpdat e.
	4296	// - The store has NO po licy or tr ust inform ation. No
	4297	// c ertificate s are tagg ed as bein g "root". Its up to
	4298	// t he applica tion to ma intain a l ist of Cer tIds (Issu er +
	4299	// S erialNumbe r) for cer tificates it trusts.
	4300	// - The store might con tain bad c ertificate s and/or C RLs.
	4301	// T he issuer' s signatur e of a sub ject certi ficate or CRL may
	4302	// n ot verify. Certifica tes or CRL s may not satisfy th eir
	4303	// t ime validi ty require ments. Cer tificates may be
	4304	// r evoked.
	4305	//
	4306	// I n addition to the ce rtificates and CRLs, propertie s can be
	4307	// s tored. The re are two predefine d property IDs for a user
	4308	// c ertificate : CERT_KEY _PROV_HAND LE_PROP_ID and
	4309	// C ERT_KEY_PR OV_INFO_PR OP_ID. The CERT_KEY_ PROV_HANDL E_PROP_ID
	4310	// i s a HCRYPT PROV handl e to the p rivate key assoicate d
	4311	// w ith the ce rtificate. The CERT_ KEY_PROV_I NFO_PROP_I D contains
	4312	// i nformation to be use d to call
	4313	// C ryptAcquir eContext a nd CryptPr ovSetParam to get a handle
	4314	// t o the priv ate key as sociated w ith the ce rtificate.
	4315	//
	4316	// T here exist s two more predefine d property IDs for c ertificate s
	4317	// a nd CRLs, C ERT_SHA1_H ASH_PROP_I D and CERT _MD5_HASH_ PROP_ID.
	4318	// I f these pr operties d on't alrea dy exist, then, a ha sh of the
	4319	// c ontent is computed. (CERT_HASH _PROP_ID m aps to the default
	4320	// h ash algori thm, curre ntly, CERT _SHA1_HASH _PROP_ID).
	4321	//
	4322	// T here are a dditional APIs for c reating ce rtificate and CRL
	4323	// c ontexts no t in a sto re (CertCr eateCertif icateConte xt and
	4324	// C ertCreateC RLContext) .
	4325	//
	4326	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4327
	4328	type
	4329	HCER TSTORE = D WORD; // J LI PVOID;
	4330
	4331	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4332	// C ertificate context.
	4333	//
	4334	// A certifica te context contains both the e ncoded and decoded r epresentat ion
	4335	// o f a certif icate. A c ertificate context r eturned by a cert st ore functi on
	4336	// m ust be fre ed by call ing the Ce rtFreeCert ificateCon text funct ion. The
	4337	// C ertDuplica teCertific ateContext function can be cal led to mak e a duplic ate
	4338	// c opy (which also must be freed by calling CertFreeC ertificate Context).
	4339	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4340
	4341	type
	4342	PCER T_CONTEXT = ^CERT_CO NTEXT;
	4343
	4344	CERT _CONTEXT = record
	4345	dw CertEncodi ngType: DW ORD;
	4346	pb CertEncode d: PBYTE;
	4347	cb CertEncode d: DWORD;
	4348	pC ertInfo: P CERT_INFO;
	4349	HC ERTSTORE: HCERTSTORE ;
	4350	end;
	4351
	4352	type
	4353	PCCE RT_CONTEXT = ^CERT_C ONTEXT;
	4354
	4355	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4356	// C RL context .
	4357	//
	4358	// A CRL conte xt contain s both the encoded a nd decoded represent ation
	4359	// o f a CRL. A CRL conte xt returne d by a cer t store fu nction
	4360	// m ust be fre ed by call ing the Ce rtFreeCRLC ontext fun ction. The
	4361	// C ertDuplica teCRLConte xt functio n can be c alled to m ake a dupl icate
	4362	// c opy (which also must be freed by calling CertFreeC RLContext) .
	4363	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4364
	4365	type
	4366	PCRL _CONTEXT = ^CRL_CONT EXT;
	4367
	4368	CRL_ CONTEXT = record
	4369	dw CertEncodi ngType: DW ORD;
	4370	pb CrlEncoded : PBYTE;
	4371	cb CrlEncoded : DWORD;
	4372	pC rlInfo: PC RL_INFO;
	4373	HC ERTSTORE: HCERTSTORE ;
	4374	end;
	4375
	4376	type
	4377	PCCR L_CONTEXT = ^CRL_CON TEXT;
	4378
	4379	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4380	// C ertificate Trust Lis t (CTL) co ntext.
	4381	//
	4382	// A CTL conte xt contain s both the encoded a nd decoded represent ation
	4383	// o f a CTL. A lso contai ns an open ed HCRYPTM SG handle to the dec oded
	4384	// c ryptograph ic signed message co ntaining t he CTL_INF O as its i nner conte nt.
	4385	// p bCtlConten t is the e ncoded inn er content of the si gned messa ge.
	4386	//
	4387	// T he CryptMs g APIs can be used t o extract additional signer in formation.
	4388	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4389
	4390	type
	4391	PCTL _CONTEXT = ^CTL_CONT EXT;
	4392
	4393	CTL_ CONTEXT = record
	4394	dw MsgAndCert EncodingTy pe: DWORD;
	4395	pb CtlEncoded : PBYTE;
	4396	cb CtlEncoded : DWORD;
	4397	pC tlInfo: PC TL_INFO;
	4398	HC ERTSTORE: HCERTSTORE ;
	4399	HC RYPTMSG: H CRYPTMSG;
	4400	pb CtlContent : PBYTE;
	4401	cb CtlContent : DWORD;
	4402	end;
	4403
	4404	type
	4405	PCCT L_CONTEXT = ^CTL_CON TEXT;
	4406
	4407	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4408	// C ertificate , CRL and CTL proper ty IDs
	4409	//
	4410	// S ee CertSet Certificat eContextPr operty or CertGetCer tificateCo ntextPrope rty
	4411	// f or usage i nformation .
	4412	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4413
	4414	const
	4415	CERT _KEY_PROV_ HANDLE_PRO P_ID = 1;
	4416	CERT _KEY_PROV_ INFO_PROP_ ID = 2;
	4417	CERT _SHA1_HASH _PROP_ID = 3;
	4418	CERT _MD5_HASH_ PROP_ID = 4;
	4419	CERT _HASH_PROP _ID = CERT _SHA1_HASH _PROP_ID;
	4420	CERT _KEY_CONTE XT_PROP_ID = 5;
	4421	CERT _KEY_SPEC_ PROP_ID = 6;
	4422	CERT _IE30_RESE RVED_PROP_ ID = 7;
	4423	CERT _PUBKEY_HA SH_RESERVE D_PROP_ID = 8;
	4424	CERT _ENHKEY_US AGE_PROP_I D = 9;
	4425	CERT _CTL_USAGE _PROP_ID = CERT_ENHK EY_USAGE_P ROP_ID;
	4426	CERT _NEXT_UPDA TE_LOCATIO N_PROP_ID = 10;
	4427	CERT _FRIENDLY_ NAME_PROP_ ID = 11;
	4428	CERT _PVK_FILE_ PROP_ID = 12;
	4429	// N ote, 32 - 34 are res erved for the CERT, CRL and CT L file ele ment IDs.
	4430	CERT _DESCRIPTI ON_PROP_ID = 13; // JLI
	4431	CERT _ACCESS_ST ATE_PROP_I D = 14; // JLI
	4432	CERT _SIGNATURE _HASH_PROP _ID = 15;
	4433	CERT _SMART_CAR D_DATA_PRO P_ID = 16;
	4434	CERT _EFS_PROP_ ID = 17;
	4435	CERT _FORTEZZA_ DATA_PROP_ ID = 18;
	4436	CERT _ARCHIVED_ PROP_ID = 19;
	4437	CERT _KEY_IDENT IFIER_PROP _ID = 20;
	4438	CERT _AUTO_ENRO LL_PROP_ID = 21;
	4439	CERT _PUBKEY_AL G_PARA_PRO P_ID = 22;
	4440
	4441	CERT _FIRST_RES ERVED_PROP _ID = 23;
	4442	// N ote, 32 - 35 are res erved for the CERT, CRL, CTL a nd KeyId f ile elemen t IDs.
	4443
	4444	CERT _LAST_RESE RVED_PROP_ ID = $0000 7FFF;
	4445	CERT _FIRST_USE R_PROP_ID = $0000800 0;
	4446	CERT _LAST_USER _PROP_ID = $0000FFFF ;
	4447
	4448	func tion IS_CE RT_HASH_PR OP_ID(x: D WORD): BOO L;
	4449
	4450	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4451	// C ryptograph ic Key Pro vider Info rmation
	4452	//
	4453	// C RYPT_KEY_P ROV_INFO d efines the CERT_KEY_ PROV_INFO_ PROP_ID's pvData.
	4454	//
	4455	// T he CRYPT_K EY_PROV_IN FO fields are passed to CryptA cquireCont ext
	4456	// t o get a HC RYPTPROV h andle. The optional CRYPT_KEY_ PROV_PARAM fields ar e
	4457	// p assed to C ryptProvSe tParam to further in itialize t he provide r.
	4458	//
	4459	// T he dwKeySp ec field i dentifies the privat e key to u se from th e containe r
	4460	// F or example , AT_KEYEX CHANGE or AT_SIGNATU RE.
	4461	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	4462
	4463	type
	4464	PC RYPT_KEY_P ROV_PARAM = ^CRYPT_K EY_PROV_PA RAM;
	4465
	4466	CR YPT_KEY_PR OV_PARAM = record
	4467	dwParam: D WORD;
	4468	pbData: PB YTE;
	4469	cbData: DW ORD;
	4470	dwFlags: D WORD;
	4471	en d;
	4472
	4473	type
	4474	PC RYPT_KEY_P ROV_INFO = ^CRYPT_KE Y_PROV_INF O;
	4475
	4476	CR YPT_KEY_PR OV_INFO = record
	4477	pwszContai nerName: L PWSTR;
	4478	pwszProvNa me: LPWSTR ;
	4479	dwProvType : DWORD;
	4480	dwFlags: D WORD;
	4481	cProvParam : DWORD;
	4482	rgProvPara m: PCRYPT_ KEY_PROV_P ARAM;
	4483	dwKeySpec: DWORD;
	4484	en d;
	4485
	4486	// +-------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	4487	// The follo wing flag should be set in the above dwF lags to en able
	4488	// a CertSet Certificat eContextPr operty(CER T_KEY_CONT EXT_PROP_I D) after a
	4489	// CryptAcqu ireContext is done i n the Sign or Decryp t Message functions.
	4490	//
	4491	// The follo wing defin e must not collide w ith any of the
	4492	// CryptAcqu ireContext dwFlag de fines.
	4493	// --------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	4494
	4495	cons t
	4496	CE RT_SET_KEY _PROV_HAND LE_PROP_ID = $000000 01;
	4497	CE RT_SET_KEY _CONTEXT_P ROP_ID = $ 00000001;
	4498
	4499	// +-------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	4500	// Certifica te Key Con text
	4501	//
	4502	// CERT_KEY_ CONTEXT de fines the CERT_KEY_C ONTEXT_PRO P_ID's pvD ata.
	4503	// --------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	4504
	4505	type
	4506	PC ERT_KEY_CO NTEXT = ^C ERT_KEY_CO NTEXT;
	4507
	4508	CE RT_KEY_CON TEXT = rec ord
	4509	cbSize: DW ORD; // si zeof(CERT_ KEY_CONTEX T)
	4510	HCRYPTPROV : HCRYPTPR OV;
	4511	dwKeySpec: DWORD;
	4512	en d;
	4513
	4514	// +-------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	4515	// Certifica te Store P rovider Ty pes
	4516	// --------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	4517
	4518	cons t
	4519	CE RT_STORE_P ROV_MSG = (LPCSTR(1) );
	4520	CE RT_STORE_P ROV_MEMORY = (LPCSTR (2));
	4521	CE RT_STORE_P ROV_FILE = (LPCSTR(3 ));
	4522	CE RT_STORE_P ROV_REG = (LPCSTR(4) );
	4523
	4524	CE RT_STORE_P ROV_PKCS7 = (LPCSTR( 5));
	4525	CE RT_STORE_P ROV_SERIAL IZED = (LP CSTR(6));
	4526	CE RT_STORE_P ROV_FILENA ME_A = (LP CSTR(7));
	4527	CE RT_STORE_P ROV_FILENA ME_W = (LP CSTR(8));
	4528	CE RT_STORE_P ROV_FILENA ME = CERT_ STORE_PROV _FILENAME_ W;
	4529	CE RT_STORE_P ROV_SYSTEM _A = (LPCS TR(9));
	4530	CE RT_STORE_P ROV_SYSTEM _W = (LPCS TR(10));
	4531	CE RT_STORE_P ROV_SYSTEM = CERT_ST ORE_PROV_S YSTEM_W;
	4532
	4533	sz _CERT_STOR E_PROV_MEM ORY = 'Mem ory';
	4534	sz _CERT_STOR E_PROV_FIL ENAME_W = 'File';
	4535	sz _CERT_STOR E_PROV_FIL ENAME = sz _CERT_STOR E_PROV_FIL ENAME_W;
	4536	sz _CERT_STOR E_PROV_SYS TEM_W = 'S ystem';
	4537	sz _CERT_STOR E_PROV_SYS TEM = sz_C ERT_STORE_ PROV_SYSTE M_W;
	4538	sz _CERT_STOR E_PROV_PKC S7 = 'PKCS 7';
	4539	sz _CERT_STOR E_PROV_SER IALIZED = 'Serialize d';
	4540
	4541	// +-------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	4542	// Certifica te Store v erify/resu lts flags
	4543	// --------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	4544
	4545	CE RT_STORE_S IGNATURE_F LAG = $000 00001;
	4546	CE RT_STORE_T IME_VALIDI TY_FLAG = $00000002;
	4547	CE RT_STORE_R EVOCATION_ FLAG = $00 000004;
	4548	CE RT_STORE_N O_CRL_FLAG = $000100 00;
	4549	CE RT_STORE_N O_ISSUER_F LAG = $000 20000;
	4550
	4551	// +-------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	4552	// Certifica te Store o pen/proper ty flags
	4553	// --------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	4554
	4555	CE RT_STORE_N O_CRYPT_RE LEASE_FLAG = $000000 01;
	4556	CE RT_STORE_R EADONLY_FL AG = $0000 8000;
	4557
	4558	// +-------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	4559	// Certifica te Store P rovider fl ags are in the HiWor d (0xFFFF0 000)
	4560	// --------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	4561
	4562	// +-------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	4563	// Certifica te System Store Flag Values
	4564	// --------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	4565	// Location of the sys tem store in the reg istry:
	4566	// HKEY_CURR ENT_USER o r HKEY_LOC AL_MACHINE
	4567	CE RT_SYSTEM_ STORE_LOCA TION_MASK = $0003000 0;
	4568	CE RT_SYSTEM_ STORE_CURR ENT_USER = $00010000 ;
	4569	CE RT_SYSTEM_ STORE_LOCA L_MACHINE = $0002000 0;
	4570
	4571	// +-------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	4572	// Open the cert store using the specified store pro vider.
	4573	//
	4574	// hCryptPro v specifie s the cryp to provide r to use t o create t he hash
	4575	// propertie s or verif y the sign ature of a subject c ertificate or CRL.
	4576	// The store doesn't n eed to use a private
	4577	// key. If t he CERT_ST ORE_NO_CRY PT_RELEASE _FLAG isn' t set, hCr yptProv is
	4578	// CryptRele aseContext 'ed on the final Cer tCloseStor e.
	4579	//
	4580	// Note, if the open f ails, hCry ptProv is released i f it would have been
	4581	// released when the s tore was c losed.
	4582	//
	4583	// If hCrypt Prov is ze ro, then, the defaul t provider and conta iner for t he
	4584	// PROV_RSA_ FULL provi der type i s CryptAcq uireContex t'ed with
	4585	// CRYPT_VER IFYCONTEXT access. T he CryptAc quireConte xt is defe rred until
	4586	// the first create ha sh or veri fy signatu re. In add ition, onc e acquired ,
	4587	// the defau lt provide r isn't re leased unt il process exit when crypt32.d ll
	4588	// is unload ed. The ac quired def ault provi der is sha red across all store s
	4589	// and threa ds.
	4590	//
	4591	// After ini tializing the store' s data str uctures an d optional ly acquiri ng a
	4592	// default c rypt provi der, CertO penStore c alls Crypt GetOIDFunc tionAddres s to
	4593	// get the a ddress of the CRYPT_ OID_OPEN_S TORE_PROV_ FUNC speci fied by
	4594	// lpszStore Provider. Since a st ore can co ntain cert ificates w ith differ ent
	4595	// encoding types, Cry ptGetOIDFu nctionAddr ess is cal led with d wEncodingT ype
	4596	// set to 0 and not th e dwEncodi ngType pas sed to Cer tOpenStore .
	4597	// PFN_CERT_ DLL_OPEN_S TORE_FUNC specifies the signat ure of the provider' s
	4598	// open func tion. This provider open funct ion is cal led to loa d the
	4599	// store's c ertificate s and CRLs . Optional ly, the pr ovider may return an
	4600	// array of functions called bef ore a cert ificate or CRL is ad ded or del eted
	4601	// or has a property t hat is set .
	4602	//
	4603	// Use of th e dwEncodi ngType par ameter is provider d ependent. The type
	4604	// definitio n for pvPa ra also de pends on t he provide r.
	4605	//
	4606	// Store pro viders are installed or regist ered via
	4607	// CryptInst allOIDFunc tionAddres s or Crypt RegisterOI DFunction, where,
	4608	// dwEncodin gType is 0 and pszFu ncName is CRYPT_OID_ OPEN_STORE _PROV_FUNC .
	4609	//
	4610	// Here's a list of th e predefin ed provide r types (i mplemented in crypt3 2.dll):
	4611	//
	4612	// CERT_STOR E_PROV_MSG :
	4613	// Gets the certificat es and CRL s from the specified cryptogra phic messa ge.
	4614	// dwEncodin gType cont ains the m essage and certifica te encodin g types.
	4615	// The messa ge's handl e is passe d in pvPar a. Given,
	4616	// HCRYPTMSG hCryptMsg ; pvPara = (const vo id *) hCry ptMsg;
	4617	//
	4618	// CERT_STOR E_PROV_MEM ORY
	4619	// sz_CERT_S TORE_PROV_ MEMORY:
	4620	// Opens a s tore witho ut any ini tial certi ficates or CRLs. pvP ara
	4621	// isn't use d.
	4622	//
	4623	// CERT_STOR E_PROV_FIL E:
	4624	// Reads the certifica tes and CR Ls from th e specifie d file. Th e file's
	4625	// handle is passed in pvPara. G iven,
	4626	// HANDLE hF ile; pvPar a = (const void *) h File;
	4627	//
	4628	// For a suc cessful op en, the fi le pointer is advanc ed past
	4629	// the certi ficates an d CRLs and their pro perties re ad from th e file.
	4630	// Note, onl y expects a serializ ed store a nd not a f ile contai ning
	4631	// either a PKCS #7 si gned messa ge or a si ngle encod ed certifi cate.
	4632	//
	4633	// The hFile isn't clo sed.
	4634	//
	4635	// CERT_STOR E_PROV_REG :
	4636	// Reads the certifica tes and CR Ls from th e registry . The regi stry's
	4637	// key handl e is passe d in pvPar a. Given,
	4638	// HKEY hKey ; pvPara = (const vo id *) hKey ;
	4639	//
	4640	// The input hKey isn' t closed b y the prov ider. Befo re returni ng, the
	4641	// provider opens/crea tes "Certi ficates" a nd "CRLs" subkeys. T hese
	4642	// subkeys r emain open until the store is closed.
	4643	//
	4644	// If CERT_S TORE_READO NLY_FLAG i s set, the n, the reg istry subk eys are
	4645	// RegOpenKe y'ed with KEY_READ_A CCESS. Oth erwise, th e registry subkeys
	4646	// are RegCr eateKey'ed with KEY_ ALL_ACCESS .
	4647	//
	4648	// This prov ider retur ns the arr ay of func tions for reading, w riting,
	4649	// deleting and proper ty setting certifica tes and CR Ls.
	4650	// Any chang es to the opened sto re are imm ediately p ushed thro ugh to
	4651	// the regis try. Howev er, if CER T_STORE_RE ADONLY_FLA G is set, then,
	4652	// writing, deleting o r property setting r esults in a
	4653	// SetLastEr ror(E_ACCE SSDENIED).
	4654	//
	4655	// Note, all the certi ficates an d CRLs are read from the regis try
	4656	// when the store is o pened. The opened st ore serves as a writ e through
	4657	// cache. Ho wever, the opened st ore isn't notified o f other ch anges
	4658	// made to t he registr y. Note, R egNotifyCh angeKeyVal ue is supp orted
	4659	// on NT but not suppo rted on Wi ndows95.
	4660	//
	4661	// CERT_STOR E_PROV_PKC S7:
	4662	// sz_CERT_S TORE_PROV_ PKCS7:
	4663	// Gets the certificat es and CRL s from the encoded P KCS #7 sig ned messag e.
	4664	// dwEncodin gType spec ifies the message an d certific ate encodi ng types.
	4665	// The point er to the encoded me ssage's bl ob is pass ed in pvPa ra. Given,
	4666	// CRYPT_DAT A_BLOB Enc odedMsg; p vPara = (c onst void *) &Encode dMsg;
	4667	//
	4668	// Note, als o supports the IE3.0 special v ersion of a
	4669	// PKCS #7 s igned mess age referr ed to as a "SPC" for matted mes sage.
	4670	//
	4671	// CERT_STOR E_PROV_SER IALIZED:
	4672	// sz_CERT_S TORE_PROV_ SERIALIZED :
	4673	// Gets the certificat es and CRL s from mem ory contai ning a ser ialized
	4674	// store. T he pointer to the se rialized m emory blob is passed in pvPara .
	4675	// Given,
	4676	// CRYPT_DAT A_BLOB Ser ialized; p vPara = (c onst void *) &Serial ized;
	4677	//
	4678	// CERT_STOR E_PROV_FIL ENAME_A:
	4679	// CERT_STOR E_PROV_FIL ENAME_W:
	4680	// CERT_STOR E_PROV_FIL ENAME:
	4681	// sz_CERT_S TORE_PROV_ FILENAME_W :
	4682	// sz_CERT_S TORE_PROV_ FILENAME:
	4683	// Opens the file and first atte mpts to re ad as a se rialized s tore. Then ,
	4684	// as a PKCS #7 signed message. Finally, a s a single encoded c ertificate .
	4685	// The filen ame is pas sed in pvP ara. The f ilename is UNICODE f or the
	4686	// "_W" prov ider and A SCII for t he "_A" pr ovider. Fo r "_W": gi ven,
	4687	// LPCWSTR p wszFilenam e; pvPara = (const v oid *) pws zFilename;
	4688	// For "_A": given,
	4689	// LPCSTR ps zFilename; pvPara = (const voi d *) pszFi lename;
	4690	//
	4691	// Note, the default ( without "_ A" or "_W" ) is unico de.
	4692	//
	4693	// Note, als o supports the readi ng of the IE3.0 spec ial versio n of a
	4694	// PKCS #7 s igned mess age file r eferred to as a "SPC " formatte d file.
	4695	//
	4696	// CERT_STOR E_PROV_SYS TEM_A:
	4697	// CERT_STOR E_PROV_SYS TEM_W:
	4698	// CERT_STOR E_PROV_SYS TEM:
	4699	// sz_CERT_S TORE_PROV_ SYSTEM_W:
	4700	// sz_CERT_S TORE_PROV_ SYSTEM:
	4701	// Opens the specified "system" store. Cur rently, al l the syst em
	4702	// stores ar e stored i n the regi stry. The upper word of the dw Flags
	4703	// parameter is used t o specify the locati on of the system sto re. It
	4704	// should be set to ei ther CERT_ SYSTEM_STO RE_CURRENT _USER for
	4705	// HKEY_CURR ENT_USER o r CERT_SYS TEM_STORE_ LOCAL_MACH INE for
	4706	// HKEY_LOCA L_MACHINE.
	4707	//
	4708	// After ope ning the r egistry ke y associat ed with th e system n ame,
	4709	// the CERT_ STORE_PROV _REG provi der is cal led to com plete the open.
	4710	//
	4711	// The syste m store na me is pass ed in pvPa ra. The na me is UNIC ODE for th e
	4712	// "_W" prov ider and A SCII for t he "_A" pr ovider. Fo r "_W": gi ven,
	4713	// LPCWSTR p wszSystemN ame; pvPar a = (const void *) p wszSystemN ame;
	4714	// For "_A": given,
	4715	// LPCSTR ps zSystemNam e; pvPara = (const v oid *) psz SystemName ;
	4716	//
	4717	// Note, the default ( without "_ A" or "_W" ) is UNICO DE.
	4718	//
	4719	// If CERT_S TORE_READO NLY_FLAG i s set, the n, the reg istry is
	4720	// RegOpenKe y'ed with KEY_READ_A CCESS. Oth erwise, th e registry is
	4721	// RegCreate Key'ed wit h KEY_ALL_ ACCESS.
	4722	//
	4723	// The "root " store is treated d ifferently from the other syst em
	4724	// stores. B efore a ce rtificate is added t o or delet ed from th e "root"
	4725	// store, a pop up mes sage box i s displaye d. The cer tificate's subject,
	4726	// issuer, s erial numb er, time v alidity, s ha1 and md 5 thumbpri nts are
	4727	// displayed . The user is given the option to do the add or de lete.
	4728	// If they d on't allow the opera tion, Last Error is s et to E_AC CESSDENIED .
	4729	// --------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	4730
	4731	fu nction Cer tOpenStore (lpszStore Provider: LPCSTR;
	4732	dwEncoding Type: DWOR D;
	4733	HCRYPTPROV : HCRYPTPR OV;
	4734	dwFlags: D WORD;
	4735	const pvPa ra: PVOID) : HCERTSTO RE; stdcal l;
	4736
	4737	function C ertGetName String(pCe rtContext: PCCERT_CO NTEXT;
	4738	dwType: DWORD;
	4739	dwFlags: DWORD;
	4740	pvTypePa ra: DWORD;
	4741	pNameStr ing: LPAWS TR;
	4742	cchNameS tring: DWO RD): LONGI NT; stdcal l; // JLI // Modifie d from PCh ar to comp iler direc tive for L PAWSTR Ret urn type i s LONGINT- DRP
	4743
	4744	{
	4745	function CertGetNa meStringA( pCertConte xt: PCCERT _CONTEXT;
	4746	dwType: DWORD;
	4747	dwFlags: DWORD;
	4748	pvTypePa ra: DWORD;
	4749	pNameStr ing: LPCST R;
	4750	cchNameS tring: DWO RD): LONGI NT; stdcal l; // DRP
	4751
	4752	function CertGetNa meStringW( pCertConte xt: PCCERT _CONTEXT;
	4753	dwType: DWORD;
	4754	dwFlags: DWORD;
	4755	pvTypePa ra: DWORD;
	4756	pNameStr ing: LPAWS TR;
	4757	cchNameS tring: DWO RD): LONGI NT; stdcal l; // DRP
	4758	}
	4759	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	4760	// OID Ins tallable C ertificate Store Pro vider Data Structure s
	4761	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	4762
	4763	// Handle returned b y the stor e provider when open ed.
	4764	type
	4765	HCERTSTO REPROV = P VOID;
	4766
	4767	// Store Provider OID functi on's pszFu ncName.
	4768	const
	4769	CRYPT_OI D_OPEN_STO RE_PROV_FU NC = 'Cert DllOpenSto reProv';
	4770
	4771	// Note, the Store Provider OID functi on's dwEnc odingType is always 0.
	4772
	4773	// The f ollowing i nformation is return ed by the provider w hen opened . Its
	4774	// zeroe d with cbS ize set be fore the p rovider is called. I f the prov ider
	4775	// doesn 't need to be called again aft er the ope n it doesn 't need to
	4776	// make any update s to the C ERT_STORE_ PROV_INFO.
	4777
	4778	type
	4779	PCERT_ST ORE_PROV_I NFO = ^CER T_STORE_PR OV_INFO;
	4780
	4781	CERT_STO RE_PROV_IN FO = recor d
	4782	cbSize : DWORD;
	4783	cStore ProvFunc: DWORD;
	4784	rgpvSt oreProvFun c: PPVOID;
	4785	hStore Prov: HCER TSTOREPROV ;
	4786	dwStor eProvFlags : DWORD;
	4787	end;
	4788
	4789	// Defin ition of t he store p rovider's open funct ion.
	4790	//
	4791	// *pSto reProvInfo has been zeroed bef ore the ca ll.
	4792	//
	4793	// Note, pStorePro vInfo->cSt oreProvFun c should b e set last . Once se t,
	4794	// all s ubsequent store call s, such as CertAddSe rializedEl ementToSto re will
	4795	// call the approp riate prov ider callb ack functi on.
	4796
	4797	type
	4798	PFN_CERT _DLL_OPEN_ STORE_PROV _FUNC = fu nction(lps zStoreProv ider: LPCS TR;
	4799	dwEnco dingType: DWORD;
	4800	HCRYPT PROV: HCRY PTPROV;
	4801	dwFlag s: DWORD;
	4802	const pvPara: PV OID;
	4803	HCERTS TORE: HCER TSTORE;
	4804	pStore ProvInfo: PCERT_STOR E_PROV_INF O
	4805	): BOO L; stdcall ;
	4806
	4807	// Indic es into th e store pr ovider's a rray of ca llback fun ctions.
	4808	//
	4809	// The p rovider ca n implemen t any subs et of the following functions. It
	4810	// sets pStoreProv Info->cSto reProvFunc to the la st index + 1 and any
	4811	// prece ding not i mplemented functions to NULL.
	4812
	4813	const
	4814	CERT_STO RE_PROV_CL OSE_FUNC = 0;
	4815	CERT_STO RE_PROV_RE AD_CERT_FU NC = 1;
	4816	CERT_STO RE_PROV_WR ITE_CERT_F UNC = 2;
	4817	CERT_STO RE_PROV_DE LETE_CERT_ FUNC = 3;
	4818	CERT_STO RE_PROV_SE T_CERT_PRO PERTY_FUNC = 4;
	4819	CERT_STO RE_PROV_RE AD_CRL_FUN C = 5;
	4820	CERT_STO RE_PROV_WR ITE_CRL_FU NC = 6;
	4821	CERT_STO RE_PROV_DE LETE_CRL_F UNC = 7;
	4822	CERT_STO RE_PROV_SE T_CRL_PROP ERTY_FUNC = 8;
	4823	CERT_STO RE_PROV_RE AD_CTL_FUN C = 9;
	4824	CERT_STO RE_PROV_WR ITE_CTL_FU NC = 10;
	4825	CERT_STO RE_PROV_DE LETE_CTL_F UNC = 11;
	4826	CERT_STO RE_PROV_SE T_CTL_PROP ERTY_FUNC = 12;
	4827
	4828	// Calle d by CertC loseStore when the s tore's ref erence cou nt is
	4829	// decre mented to 0.
	4830
	4831	type
	4832	PFN_CERT _STORE_PRO V_CLOSE = procedure( hStoreProv : HCERTSTO REPROV;
	4833	dwFlag s: DWORD); stdcall;
	4834
	4835	// Curre ntly not c alled dire ctly by th e store AP Is. Howeve r, may be exported
	4836	// to su pport othe r provider s based on it.
	4837	//
	4838	// Reads the provi der's copy of the ce rtificate context. I f it exist s,
	4839	// creat es a new c ertificate context.
	4840
	4841	type
	4842	PFN_CERT _STORE_PRO V_READ_CER T = functi on(hStoreP rov: HCERT STOREPROV;
	4843	pStore CertContex t: PCCERT_ CONTEXT;
	4844	dwFlag s: DWORD;
	4845	var pp ProvCertCo ntext: PCC ERT_CONTEX T
	4846	): BOO L; stdcall ;
	4847
	4848	const
	4849	CERT_STO RE_PROV_WR ITE_ADD_FL AG = $1;
	4850
	4851	// Calle d by CertA ddEncodedC ertificate ToStore,
	4852	// CertA ddCertific ateContext ToStore or CertAddSe rializedEl ementToSto re before
	4853	// addin g to the s tore. The CERT_STORE _PROV_WRIT E_ADD_FLAG is set. I n
	4854	// addit ion to the encoded c ertificate , the adde d pCertCon text might also
	4855	// have properties .
	4856	//
	4857	// Retur ns TRUE if its OK to update th e the stor e.
	4858
	4859	type
	4860	PFN_CERT _STORE_PRO V_WRITE_CE RT = funct ion(hStore Prov: HCER TSTOREPROV ;
	4861	pCertC ontext: PC CERT_CONTE XT;
	4862	dwFlag s: DWORD): BOOL; std call;
	4863
	4864	// Calle d by CertD eleteCerti ficateFrom Store befo re deletin g from the
	4865	// store .
	4866	//
	4867	// Retur ns TRUE if its OK to delete fr om the sto re.
	4868
	4869	type
	4870	PFN_CERT _STORE_PRO V_DELETE_C ERT = func tion(hStor eProv: HCE RTSTOREPRO V;
	4871	pCertC ontext: PC CERT_CONTE XT;
	4872	dwFlag s: DWORD): BOOL; std call;
	4873
	4874	// Calle d by CertS etCertific ateContext Property b efore sett ing the
	4875	// certi ficate's p roperty. A lso called by CertGe tCertifica teContextP roperty,
	4876	// when getting a hash prope rty that n eeds to be created a nd then pe rsisted
	4877	// via t he set.
	4878	//
	4879	// Upon input, the property hasn't bee n set for the pCertC ontext par ameter.
	4880	//
	4881	// Retur ns TRUE if its OK to set the p roperty.
	4882
	4883	type
	4884	PFN_CERT _STORE_PRO V_SET_CERT _PROPERTY = function (hStorePro v: HCERTST OREPROV;
	4885	pCertC ontext: PC CERT_CONTE XT;
	4886	dwProp Id: DWORD;
	4887	dwFlag s: DWORD;
	4888	const pvData: PV OID
	4889	): BOO L; stdcall ;
	4890
	4891	// Curre ntly not c alled dire ctly by th e store AP Is. Howeve r, may be exported
	4892	// to su pport othe r provider s based on it.
	4893	//
	4894	// Reads the provi der's copy of the CR L context. If it exi sts,
	4895	// creat es a new C RL context .
	4896
	4897	type
	4898	PFN_CERT _STORE_PRO V_READ_CRL = functio n(hStorePr ov: HCERTS TOREPROV;
	4899	pStore CrlContext : PCCRL_CO NTEXT;
	4900	dwFlag s: DWORD;
	4901	var pp ProvCrlCon text: PCCR L_CONTEXT
	4902	): BOO L; stdcall ;
	4903
	4904	// Calle d by CertA ddEncodedC RLToStore,
	4905	// CertA ddCRLConte xtToStore or CertAdd Serialized ElementToS tore befor e
	4906	// addin g to the s tore. The CERT_STORE _PROV_WRIT E_ADD_FLAG is set. I n
	4907	// addit ion to the encoded C RL, the ad ded pCertC ontext mig ht also
	4908	// have properties .
	4909	//
	4910	// Retur ns TRUE if its OK to update th e the stor e.
	4911
	4912	type
	4913	PFN_CERT _STORE_PRO V_WRITE_CR L = functi on(hStoreP rov: HCERT STOREPROV;
	4914	pCrlCo ntext: PCC RL_CONTEXT ;
	4915	dwFlag s: DWORD): BOOL; std call;
	4916
	4917	// Calle d by CertD eleteCRLFr omStore be fore delet ing from t he store.
	4918	//
	4919	// Retur ns TRUE if its OK to delete fr om the sto re.
	4920
	4921	type
	4922	PFN_CERT _STORE_PRO V_DELETE_C RL = funct ion(hStore Prov: HCER TSTOREPROV ;
	4923	pCrlCo ntext: PCC RL_CONTEXT ;
	4924	dwFlag s: DWORD): BOOL; std call;
	4925
	4926	// Calle d by CertD eleteCRLFr omStore be fore delet ing from t he store.
	4927	//
	4928	// Retur ns TRUE if its OK to delete fr om the sto re.
	4929
	4930	type
	4931	PFN_CERT _STORE_PRO V_SET_CRL_ PROPERTY = function( hStoreProv : HCERTSTO REPROV;
	4932	pCrlCo ntext: PCC RL_CONTEXT ;
	4933	dwProp Id: DWORD;
	4934	dwFlag s: DWORD;
	4935	pvData : PVOID): BOOL; stdc all;
	4936
	4937	// Curre ntly not c alled dire ctly by th e store AP Is. Howeve r, may be exported
	4938	// to su pport othe r provider s based on it.
	4939	//
	4940	// Reads the provi der's copy of the CT L context. If it exi sts,
	4941	// creat es a new C TL context .
	4942
	4943	type
	4944	PFN_CERT _STORE_PRO V_READ_CTL = functio n(hStorePr ov: HCERTS TOREPROV;
	4945	pStore CtlContext : PCCTL_CO NTEXT;
	4946	dwFlag s: DWORD;
	4947	var pp ProvCtlCon text: PCCT L_CONTEXT
	4948	): BOO L; stdcall ;
	4949
	4950	// Calle d by CertA ddEncodedC TLToStore,
	4951	// CertA ddCTLConte xtToStore or CertAdd Serialized ElementToS tore befor e
	4952	// addin g to the s tore. The CERT_STORE _PROV_WRIT E_ADD_FLAG is set. I n
	4953	// addit ion to the encoded C TL, the ad ded pCertC ontext mig ht also
	4954	// have properties .
	4955	//
	4956	// Retur ns TRUE if its OK to update th e the stor e.
	4957
	4958	type
	4959	PFN_CERT _STORE_PRO V_WRITE_CT L = functi on(hStoreP rov: HCERT STOREPROV;
	4960	pCtlCo ntext: PCC TL_CONTEXT ;
	4961	dwFlag s: DWORD): BOOL; std call;
	4962
	4963	// Calle d by CertD eleteCTLFr omStore be fore delet ing from t he store.
	4964	//
	4965	// Retur ns TRUE if its OK to delete fr om the sto re.
	4966
	4967	type
	4968	PFN_CERT _STORE_PRO V_DELETE_C TL = funct ion(hStore Prov: HCER TSTOREPROV ;
	4969	pCtlCo ntext: PCC TL_CONTEXT ;
	4970	dwFlag s: DWORD): BOOL; std call;
	4971
	4972	// Calle d by CertS etCTLConte xtProperty before se tting the
	4973	// CTL's property. Also call ed by Cert GetCTLCont extPropert y,
	4974	// when getting a hash prope rty that n eeds to be created a nd then pe rsisted
	4975	// via t he set.
	4976	//
	4977	// Upon input, the property hasn't bee n set for the pCtlCo ntext para meter.
	4978	//
	4979	// Retur ns TRUE if its OK to set the p roperty.
	4980
	4981	type
	4982	PFN_CERT _STORE_PRO V_SET_CTL_ PROPERTY = function( hStoreProv : HCERTSTO REPROV;
	4983	pCtlCo ntext: PCC TL_CONTEXT ;
	4984	dwProp Id: DWORD;
	4985	dwFlag s: DWORD;
	4986	const pvData: PV OID
	4987	): BOO L; stdcall ;
	4988
	4989	// +---- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	4990	// Dupli cate a cer t store ha ndle
	4991	// ----- ---------- ---------- ---------- ---------- ---------- ---------- ---------
	4992
	4993	function CertDupli cateStore( HCERTSTORE : HCERTSTO RE): HCERT STORE; std call;
	4994
	4995	const
	4996	CERT_S TORE_SAVE_ AS_STORE = 1;
	4997	const
	4998	CERT_S TORE_SAVE_ AS_PKCS7 = 2;
	4999
	5000	const
	5001	CERT_S TORE_SAVE_ TO_FILE = 1;
	5002	const
	5003	CERT_S TORE_SAVE_ TO_MEMORY = 2;
	5004	const
	5005	CERT_S TORE_SAVE_ TO_FILENAM E_A = 3;
	5006	const
	5007	CERT_S TORE_SAVE_ TO_FILENAM E_W = 4;
	5008	const
	5009	CERT_S TORE_SAVE_ TO_FILENAM E = CERT_S TORE_SAVE_ TO_FILENAM E_W;
	5010
	5011	// +-- ---------- ---------- ---------- ---------- ---------- ---------- ---------- -
	5012	// Sav e the cert store. Ex tended ver sion with lots of op tions.
	5013	//
	5014	// Acc ording to the dwSave As paramet er, the st ore can be saved as a
	5015	// ser ialized st ore (CERT_ STORE_SAVE _AS_STORE) containin g properti es in
	5016	// add ition to e ncoded cer tificates, CRLs and CTLs or th e store ca n be saved
	5017	// as a PKCS #7 signed mes sage (CERT _STORE_SAV E_AS_PKCS7 ) which do esn't
	5018	// inc lude the p roperties or CTLs.
	5019	//
	5020	// Not e, the CER T_KEY_CONT EXT_PROP_I D property (and its
	5021	// CER T_KEY_PROV _HANDLE_PR OP_ID or C ERT_KEY_SP EC_PROP_ID ) isn't sa ved into
	5022	// a s erialized store.
	5023	//
	5024	// For CERT_STOR E_SAVE_AS_ PKCS7, the dwEncodin gType spec ifies the message
	5025	// enc oding type . The dwEn codingType parameter isn't use d for
	5026	// CER T_STORE_SA VE_AS_STOR E.
	5027	//
	5028	// The dwFlags p arameter c urrently i sn't used and should be set to 0.
	5029	//
	5030	// The dwSaveTo and pvSave ToPara par ameters sp ecify wher e to save the
	5031	// sto re as foll ows:
	5032	// CER T_STORE_SA VE_TO_FILE :
	5033	// Sav es to the specified file. The file's han dle is pas sed in
	5034	// pvS aveToPara. Given,
	5035	// HAN DLE hFile; pvSaveToP ara = (voi d *) hFile ;
	5036	//
	5037	// For a success ful save, the file p ointer is positioned after the
	5038	// las t write.
	5039	//
	5040	// CER T_STORE_SA VE_TO_MEMO RY:
	5041	// Sav es to the specified memory blo b. The poi nter to
	5042	// the memory bl ob is pass ed in pvSa veToPara. Given,
	5043	// CRY PT_DATA_BL OB SaveBlo b; pvSaveT oPara = (v oid *) &Sa veBlob;
	5044	// Upo n entry, t he SaveBlo b's pbData and cbDat a need to be initial ized.
	5045	// Upo n return, cbData is updated wi th the act ual length .
	5046	// For a length only calcu lation, pb Data shoul d be set t o NULL. If
	5047	// pbD ata is non -NULL and cbData isn 't large e nough, FAL SE is retu rned
	5048	// wit h a last e rror of ER RROR_MORE_ DATA.
	5049	//
	5050	// CER T_STORE_SA VE_TO_FILE NAME_A:
	5051	// CER T_STORE_SA VE_TO_FILE NAME_W:
	5052	// CER T_STORE_SA VE_TO_FILE NAME:
	5053	// Ope ns the fil e and save s to it. T he filenam e is passe d in pvSav eToPara.
	5054	// The filename is UNICODE for the " _W" option and ASCII for the " _A"
	5055	// opt ion. For " _W": given ,
	5056	// LPC WSTR pwszF ilename; p vSaveToPar a = (void *) pwszFil ename;
	5057	// For "_A": giv en,
	5058	// LPC STR pszFil ename; pvS aveToPara = (void *) pszFilena me;
	5059	//
	5060	// Not e, the def ault (with out "_A" o r "_W") is UNICODE.
	5061	//
	5062	// --- ---------- ---------- ---------- ---------- ---------- ---------- ---------- -
	5063
	5064	functi on CertSav eStore(HCE RTSTORE: H CERTSTORE;
	5065	dwEn codingType : DWORD;
	5066	dwSa veAs: DWOR D;
	5067	dwSa veTo: DWOR D;
	5068	pvSa veToPara: PVOID;
	5069	dwFl ags: DWORD ): BOOL; s tdcall;
	5070
	5071	// +-- ---------- ---------- ---------- ---------- ---------- ---------- ---------- -
	5072	// Cer tificate S tore close flags
	5073	// --- ---------- ---------- ---------- ---------- ---------- ---------- ---------- -
	5074	const
	5075	CERT _CLOSE_STO RE_FORCE_F LAG = $000 00001;
	5076	const
	5077	CERT _CLOSE_STO RE_CHECK_F LAG = $000 00002;
	5078
	5079	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	5080	// C lose a cer t store ha ndle.
	5081	//
	5082	// T here needs to be a c orrespondi ng close f or each op en and dup licate.
	5083	//
	5084	// E ven on the final clo se, the ce rt store i sn't freed until all of its
	5085	// c ertificate and CRL c ontexts ha ve also be en freed.
	5086	//
	5087	// O n the fina l close, t he hCryptP rov passed to CertSt oreOpen is
	5088	// C ryptReleas eContext'e d.
	5089	//
	5090	// T o force th e closure of the sto re with al l of its m emory free d, set the
	5091	// C ERT_STORE_ CLOSE_FORC E_FLAG. Th is flag sh ould be se t when the caller do es
	5092	// i ts own ref erence cou nting and wants ever ything to vanish.
	5093	//
	5094	// T o check if all the s tore's cer tificates and CRLs h ave been f reed and t hat
	5095	// t his is the last Cert CloseStore , set the CERT_CLOSE _STORE_CHE CK_FLAG. I f
	5096	// s et and cer ts, CRLs o r stores s till need to be free d/closed, FALSE is
	5097	// r eturned wi th LastErr or set to CRYPT_E_PE NDING_CLOS E. Note, f or FALSE,
	5098	// t he store i s still cl osed. This is a diag nostic fla g.
	5099	//
	5100	// L astError i s preserve d unless C ERT_CLOSE_ STORE_CHEC K_FLAG is set and FA LSE
	5101	// i s returned .
	5102	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	5103
	5104	func tion CertC loseStore( HCERTSTORE : HCERTSTO RE; dwFlag s: DWORD): BOOL; std call;
	5105
	5106	// + ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	5107	// G et the sub ject certi ficate con text uniqu ely identi fied by it s Issuer a nd
	5108	// S erialNumbe r from the store.
	5109	//
	5110	// I f the cert ificate is n't found, NULL is r eturned. O therwise, a pointer to
	5111	// a read only CERT_CONT EXT is ret urned. CER T_CONTEXT must be fr eed by cal ling
	5112	// C ertFreeCer tificateCo ntext. Cer tDuplicate Certificat eContext c an be call ed to make a
	5113	// d uplicate.
	5114	//
	5115	// T he returne d certific ate might not be val id. Normal ly, it wou ld be
	5116	// v erified wh en getting its issue r certific ate (CertG etIssuerCe rtificateF romStore).
	5117	// - ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
	5118
	5119	fu nction Cer tGetSubjec tCertifica teFromStor e(HCERTSTO RE: HCERTS TORE;
	5120	dwCertEnco dingType: DWORD;
	5121	pCertId: P CERT_INFO // Only th e Issuer a nd SerialN umber
	5122	): PCCERT_ CONTEXT; s tdcall; // fields ar e used
	5123
	5124	// +-------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	5125	// Enumerate the certi ficate con texts in t he store.
	5126	//
	5127	// If a cert ificate is n't found, NULL is r eturned.
	5128	// Otherwise , a pointe r to a rea d only CER T_CONTEXT is returne d. CERT_CO NTEXT
	5129	// must be f reed by ca lling Cert FreeCertif icateConte xt or is f reed when passed as the
	5130	// pPrevCert Context on a subsequ ent call. CertDuplic ateCertifi cateContex t
	5131	// can be ca lled to ma ke a dupli cate.
	5132	//
	5133	// pPrevCert Context MU ST BE NULL to enumer ate the fi rst
	5134	// certifica te in the store. Suc cessive ce rtificates are enume rated by s etting
	5135	// pPrevCert Context to the CERT_ CONTEXT re turned by a previous call.
	5136	//
	5137	// NOTE: a N ON-NULL pP revCertCon text is al ways CertF reeCertifi cateContex t'ed by
	5138	// this func tion, even for an er ror.
	5139	// --------- ---------- ---------- ---------- ---------- ---------- ---------- -----
	5140
	5141	function C ertEnumCer tificatesI nStore(HCE RTSTORE: H CERTSTORE;
	5142	pPrevCertC ontext: PC CERT_CONTE XT
	5143	): PCCERT_ CONTEXT; s tdcall;
	5144	{ function CertEnumC ertificate sInStore(h CertStore :HCERTSTOR E;
	5145	pPrevCertC ontext :po inter
	5146	):pointer ; stdcall;
	5147	}
	5148	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5149	// Find th e first or next cert ificate co ntext in t he store.
	5150	//
	5151	// The cer tificate i s found ac cording to the dwFin dType and its pvFind Para.
	5152	// See bel ow for a l ist of the find type s and its parameters .
	5153	//
	5154	// Current ly dwFindF lags is on ly used fo r CERT_FIN D_SUBJECT_ ATTR,
	5155	// CERT_FI ND_ISSUER_ ATTR or CE RT_FIND_CT L_USAGE. O therwise, must be se t to 0.
	5156	//
	5157	// Usage o f dwCertEn codingType depends o n the dwFi ndType.
	5158	//
	5159	// If the first or n ext certif icate isn' t found, N ULL is ret urned.
	5160	// Otherwi se, a poin ter to a r ead only C ERT_CONTEX T is retur ned. CERT_ CONTEXT
	5161	// must be freed by calling Ce rtFreeCert ificateCon text or is freed whe n passed a s the
	5162	// pPrevCe rtContext on a subse quent call . CertDupl icateCerti ficateCont ext
	5163	// can be called to make a dup licate.
	5164	//
	5165	// pPrevCe rtContext MUST BE NU LL on the first
	5166	// call to find the certificat e. To find the next certificat e, the
	5167	// pPrevCe rtContext is set to the CERT_C ONTEXT ret urned by a previous call.
	5168	//
	5169	// NOTE: a NON-NULL pPrevCertC ontext is always Cer tFreeCerti ficateCont ext'ed by
	5170	// this fu nction, ev en for an error.
	5171	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5172
	5173	function C ertFindCer tificateIn Store(HCER TSTORE: HC ERTSTORE;
	5174	dwCertEnco dingType: DWORD;
	5175	dwFindFlag s: DWORD;
	5176	dwFindType : DWORD;
	5177	const pvFi ndPara: PV OID;
	5178	pPrevCertC ontext: PC CERT_CONTE XT
	5179	): PCCERT_ CONTEXT; s tdcall;
	5180
	5181	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5182	// Certifi cate compa rison func tions
	5183	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5184
	5185	const
	5186	CERT_COMPA RE_SHIFT = 16;
	5187	const
	5188	CERT_COMPA RE_ANY = 0 ;
	5189	const
	5190	CERT_COMPA RE_SHA1_HA SH = 1;
	5191	const
	5192	CERT_COMPA RE_NAME = 2;
	5193	const
	5194	CERT_COMPA RE_ATTR = 3;
	5195	const
	5196	CERT_COMPA RE_MD5_HAS H = 4;
	5197	const
	5198	CERT_COMPA RE_PROPERT Y = 5;
	5199	const
	5200	CERT_COMPA RE_PUBLIC_ KEY = 6;
	5201	const
	5202	CERT_COMPA RE_HASH = CERT_COMPA RE_SHA1_HA SH;
	5203	const
	5204	CERT_COMPA RE_NAME_ST R_A = 7;
	5205	const
	5206	CERT_COMPA RE_NAME_ST R_W = 8;
	5207	const
	5208	CERT_COMPA RE_KEY_SPE C = 9;
	5209	const
	5210	CERT_COMPA RE_ENHKEY_ USAGE = 10 ;
	5211	const
	5212	CERT_COMPA RE_CTL_USA GE = CERT_ COMPARE_EN HKEY_USAGE ;
	5213
	5214	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5215	// dwFindT ype
	5216	//
	5217	// The dwF indType de finition c onsists of two compo nents:
	5218	// - compa rison func tion
	5219	// - certi ficate inf ormation f lag
	5220	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5221
	5222	const
	5223	CERT_FIND_ ANY = (CER T_COMPARE_ ANY shl CE RT_COMPARE _SHIFT);
	5224	const
	5225	CERT_FIND_ SHA1_HASH = (CERT_CO MPARE_SHA1 _HASH shl CERT_COMPA RE_SHIFT);
	5226	const
	5227	CERT_FIND_ MD5_HASH = (CERT_COM PARE_MD5_H ASH shl CE RT_COMPARE _SHIFT);
	5228	const
	5229	CERT_FIND_ HASH = CER T_FIND_SHA 1_HASH;
	5230	const
	5231	CERT_FIND_ PROPERTY = (CERT_COM PARE_PROPE RTY shl CE RT_COMPARE _SHIFT);
	5232	const
	5233	CERT_FIND_ PUBLIC_KEY = (CERT_C OMPARE_PUB LIC_KEY sh l CERT_COM PARE_SHIFT );
	5234
	5235	const
	5236	CERT_FIND_ SUBJECT_NA ME = (CERT _COMPARE_N AME shl CE RT_COMPARE _SHIFT or CERT_INFO_ SUBJECT_FL AG);
	5237	const
	5238	CERT_FIND_ SUBJECT_AT TR = (CERT _COMPARE_A TTR shl CE RT_COMPARE _SHIFT or CERT_INFO_ SUBJECT_FL AG);
	5239	const
	5240	CERT_FIND_ ISSUER_NAM E = (CERT_ COMPARE_NA ME shl CER T_COMPARE_ SHIFT or C ERT_INFO_I SSUER_FLAG );
	5241	const
	5242	CERT_FIND_ ISSUER_ATT R = (CERT_ COMPARE_AT TR shl CER T_COMPARE_ SHIFT or C ERT_INFO_I SSUER_FLAG );
	5243	const
	5244	CERT_FIND_ SUBJECT_ST R_A = (CER T_COMPARE_ NAME_STR_A shl CERT_ COMPARE_SH IFT or CER T_INFO_SUB JECT_FLAG) ;
	5245	const
	5246	CERT_FIND_ SUBJECT_ST R_W = (CER T_COMPARE_ NAME_STR_W shl CERT_ COMPARE_SH IFT or CER T_INFO_SUB JECT_FLAG) ;
	5247	const
	5248	CERT_FIND_ SUBJECT_ST R = CERT_F IND_SUBJEC T_STR_W;
	5249	const
	5250	CERT_FIND_ ISSUER_STR _A = (CERT _COMPARE_N AME_STR_A shl CERT_C OMPARE_SHI FT or CERT _INFO_ISSU ER_FLAG);
	5251	const
	5252	CERT_FIND_ ISSUER_STR _W = (CERT _COMPARE_N AME_STR_W shl CERT_C OMPARE_SHI FT or CERT _INFO_ISSU ER_FLAG);
	5253	const
	5254	CERT_FIND_ ISSUER_STR = CERT_FI ND_ISSUER_ STR_W;
	5255	const
	5256	CERT_FIND_ KEY_SPEC = (CERT_COM PARE_KEY_S PEC shl CE RT_COMPARE _SHIFT);
	5257	const
	5258	CERT_FIND_ ENHKEY_USA GE = (CERT _COMPARE_E NHKEY_USAG E shl CERT _COMPARE_S HIFT);
	5259	const
	5260	CERT_FIND_ CTL_USAGE = CERT_FIN D_ENHKEY_U SAGE;
	5261
	5262	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5263	// CERT_FI ND_ANY
	5264	//
	5265	// Find an y certific ate.
	5266	//
	5267	// pvFindP ara isn't used.
	5268	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5269
	5270	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5271	// CERT_FI ND_HASH
	5272	//
	5273	// Find a certificat e with the specified hash.
	5274	//
	5275	// pvFindP ara points to a CRYP T_HASH_BLO B.
	5276	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5277
	5278	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5279	// CERT_FI ND_PROPERT Y
	5280	//
	5281	// Find a certificat e having t he specifi ed propert y.
	5282	//
	5283	// pvFindP ara points to a DWOR D containi ng the PRO P_ID
	5284	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5285
	5286	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5287	// CERT_FI ND_PUBLIC_ KEY
	5288	//
	5289	// Find a certificat e matching the speci fied publi c key.
	5290	//
	5291	// pvFindP ara points to a CERT _PUBLIC_KE Y_INFO con taining th e public k ey
	5292	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5293
	5294	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5295	// CERT_FI ND_SUBJECT _NAME
	5296	// CERT_FI ND_ISSUER_ NAME
	5297	//
	5298	// Find a certificat e with the specified subject/i ssuer name . Does an exact
	5299	// match o f the enti re name.
	5300	//
	5301	// Restric ts search to certifi cates matc hing the d wCertEncod ingType.
	5302	//
	5303	// pvFindP ara points to a CERT _NAME_BLOB .
	5304	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5305
	5306	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5307	// CERT_FI ND_SUBJECT _ATTR
	5308	// CERT_FI ND_ISSUER_ ATTR
	5309	//
	5310	// Find a certificat e with the specified subject/i ssuer attr ibutes.
	5311	//
	5312	// Compare s the attr ibutes in the subjec t/issuer n ame with t he
	5313	// Relativ e Distingu ished Name 's (CERT_R DN) array of attribu tes specif ied in
	5314	// pvFindP ara. The c omparison iterates t hrough the CERT_RDN attributes and looks
	5315	// for an attribute match in a ny of the subject/is suer's RDN s.
	5316	//
	5317	// The CER T_RDN_ATTR fields ca n have the following special v alues:
	5318	// pszObjI d == NULL - ignor e the attr ibute obje ct identif ier
	5319	// dwValue Type == RD N_ANY_TYPE - ignor e the valu e type
	5320	// Value.p bData == N ULL - match any value
	5321	//
	5322	// Current ly only an exact, ca se sensiti ve match i s supporte d.
	5323	//
	5324	// CERT_UN ICODE_IS_R DN_ATTRS_F LAG should be set in dwFindFla gs if the RDN was
	5325	// initial ized with unicode st rings as f or
	5326	// CryptEn codeObject (X509_UNIC ODE_NAME).
	5327	//
	5328	// Restric ts search to certifi cates matc hing the d wCertEncod ingType.
	5329	//
	5330	// pvFindP ara points to a CERT _RDN (defi ned in win cert.h).
	5331	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5332
	5333	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5334	// CERT_FI ND_SUBJECT _STR_A
	5335	// CERT_FI ND_SUBJECT _STR_W \| C ERT_FIND_S UBJECT_STR
	5336	// CERT_FI ND_ISSUER_ STR_A
	5337	// CERT_FI ND_ISSUER_ STR_W \| C ERT_FIND_I SSUER_STR
	5338	//
	5339	// Find a certificat e containi ng the spe cified sub ject/issue r name str ing.
	5340	//
	5341	// First, the certif icate's su bject/issu er is conv erted to a name stri ng
	5342	// via Cer tNameToStr A/CertName ToStrW(CER T_SIMPLE_N AME_STR). Then, a
	5343	// case in sensitive substring within str ing match is perform ed.
	5344	//
	5345	// Restric ts search to certifi cates matc hing the d wCertEncod ingType.
	5346	//
	5347	// For *_S TR_A, pvFi ndPara poi nts to a n ull termin ated chara cter strin g.
	5348	// For *_S TR_W, pvFi ndPara poi nts to a n ull termin ated wide character string.
	5349	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5350
	5351	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5352	// CERT_FI ND_KEY_SPE C
	5353	//
	5354	// Find a certificat e having a CERT_KEY_ SPEC_PROP_ ID propert y matching
	5355	// the spe cified Key Spec.
	5356	//
	5357	// pvFindP ara points to a DWOR D containi ng the Key Spec.
	5358	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5359
	5360	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5361	// CERT_FI ND_ENHKEY_ USAGE
	5362	//
	5363	// Find a certificat e having t he szOID_E NHANCED_KE Y_USAGE ex tension or
	5364	// the CER T_ENHKEY_U SAGE_PROP_ ID and mat ching the specified pszUsageId entifers.
	5365	//
	5366	// pvFindP ara points to a CERT _ENHKEY_US AGE data s tructure. If pvFindP ara
	5367	// is NULL or CERT_E NHKEY_USAG E's cUsage Identifier is 0, the n, matches any
	5368	// certifi cate havin g enhanced key usage .
	5369	//
	5370	// The CER T_FIND_OPT IONAL_ENHK EY_USAGE_F LAG can be set in dw FindFlags to
	5371	// also ma tch a cert ificate wi thout eith er the ext ension or property.
	5372	//
	5373	// If CERT _FIND_NO_E NHKEY_USAG E_FLAG is set in dwF indFlags, finds
	5374	// certifi cates with out the ke y usage ex tension or property. Setting t his
	5375	// flag ta kes preced ence over pvFindPara being NUL L.
	5376	//
	5377	// If the CERT_FIND_ EXT_ONLY_E NHKEY_USAG E_FLAG is set, then, only does a match
	5378	// using t he extensi on. If pvF indPara is NULL or c UsageIdent ifier is s et to
	5379	// 0, find s certific ates havin g the exte nsion. If
	5380	// CERT_FI ND_OPTIONA L_ENHKEY_U SAGE_FLAG is set, al so matches a certifi cate
	5381	// without the exten sion. If C ERT_FIND_N O_ENHKEY_U SAGE_FLAG is set, fi nds
	5382	// certifi cates with out the ex tension.
	5383	//
	5384	// If the CERT_FIND_ EXT_PROP_E NHKEY_USAG E_FLAG is set, then, only does a match
	5385	// using t he propert y. If pvFi ndPara is NULL or cU sageIdenti fier is se t to
	5386	// 0, find s certific ates havin g the prop erty. If
	5387	// CERT_FI ND_OPTIONA L_ENHKEY_U SAGE_FLAG is set, al so matches a certifi cate
	5388	// without the prope rty. If CE RT_FIND_NO _ENHKEY_US AGE_FLAG i s set, fin ds
	5389	// certifi cates with out the pr operty.
	5390	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5391
	5392	const
	5393	CERT_FIND_ OPTIONAL_E NHKEY_USAG E_FLAG = $ 1;
	5394	const
	5395	CERT_FIND_ EXT_ONLY_E NHKEY_USAG E_FLAG = $ 2;
	5396	const
	5397	CERT_FIND_ PROP_ONLY_ ENHKEY_USA GE_FLAG = $4;
	5398	const
	5399	CERT_FIND_ NO_ENHKEY_ USAGE_FLAG = $8;
	5400	const
	5401	CERT_FIND_ OPTIONAL_C TL_USAGE_F LAG = CERT _FIND_OPTI ONAL_ENHKE Y_USAGE_FL AG;
	5402	const
	5403	CERT_FIND_ EXT_ONLY_C TL_USAGE_F LAG = CERT _FIND_EXT_ ONLY_ENHKE Y_USAGE_FL AG;
	5404	const
	5405	CERT_FIND_ PROP_ONLY_ CTL_USAGE_ FLAG = CER T_FIND_PRO P_ONLY_ENH KEY_USAGE_ FLAG;
	5406	const
	5407	CERT_FIND_ NO_CTL_USA GE_FLAG = CERT_FIND_ NO_ENHKEY_ USAGE_FLAG ;
	5408
	5409	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5410	// Get the certifica te context from the store for the first or next is suer
	5411	// of the specified subject ce rtificate. Perform t he enabled
	5412	// verific ation chec ks on the subject. ( Note, the checks are on the su bject
	5413	// using t he returne d issuer c ertificate .)
	5414	//
	5415	// If the first or n ext issuer certifica te isn't f ound, NULL is return ed.
	5416	// Otherwi se, a poin ter to a r ead only C ERT_CONTEX T is retur ned. CERT_ CONTEXT
	5417	// must be freed by calling Ce rtFreeCert ificateCon text or is freed whe n passed a s the
	5418	// pPrevIs suerContex t on a sub sequent ca ll. CertDu plicateCer tificateCo ntext
	5419	// can be called to make a dup licate.
	5420	//
	5421	// For a s elf signed subject c ertificate , NULL is returned w ith LastEr ror set
	5422	// to CERT _STORE_SEL F_SIGNED. The enable d verifica tion check s are stil l done.
	5423	//
	5424	// The pSu bjectConte xt may hav e been obt ained from this stor e, another store
	5425	// or crea ted by the caller ap plication. When crea ted by the caller, t he
	5426	// CertCre ateCertifi cateContex t function must have been call ed.
	5427	//
	5428	// An issu er may hav e multiple certifica tes. This may occur when the v alidity
	5429	// period is about t o change. pPrevIssue rContext M UST BE NUL L on the f irst
	5430	// call to get the i ssuer. To get the ne xt certifi cate for t he issuer, the
	5431	// pPrevIs suerContex t is set t o the CERT _CONTEXT r eturned by a previou s call.
	5432	//
	5433	// NOTE: a NON-NULL pPrevIssue rContext i s always C ertFreeCer tificateCo ntext'ed b y
	5434	// this fu nction, ev en for an error.
	5435	//
	5436	// The fol lowing fla gs can be set in *pd wFlags to enable ver ification checks
	5437	// on the subject ce rtificate context:
	5438	// CERT_ST ORE_SIGNAT URE_FLAG - use t he public key in the returned
	5439	// issuer certificat e to verif y the
	5440	// signatu re on the subject ce rtificate.
	5441	// Note, i f pSubject Context->h CertStore ==
	5442	// hCertSt ore, the s tore provi der might
	5443	// be able to elimin ate a redo of
	5444	// the sig nature ver ify.
	5445	// CERT_ST ORE_TIME_V ALIDITY_FL AG - get t he current time and verify tha t
	5446	// its wit hin the su bject cert ificate's
	5447	// validit y period
	5448	// CERT_ST ORE_REVOCA TION_FLAG - check if the su bject cert ificate is on
	5449	// the iss uer's revo cation lis t
	5450	//
	5451	// If an e nabled ver ification check fail s, then, i ts flag is set upon return.
	5452	// If CERT _STORE_REV OCATION_FL AG was ena bled and t he issuer doesn't ha ve a
	5453	// CRL in the store, then, CER T_STORE_NO _CRL_FLAG is set in addition t o
	5454	// the CER T_STORE_RE VOCATION_F LAG.
	5455	//
	5456	// If CERT _STORE_SIG NATURE_FLA G or CERT_ STORE_REVO CATION_FLA G is set, then,
	5457	// CERT_ST ORE_NO_ISS UER_FLAG i s set if i t doesn't have an is suer certi ficate
	5458	// in the store.
	5459	//
	5460	// For a v erificatio n check fa ilure, a p ointer to the issuer 's CERT_CO NTEXT
	5461	// is stil l returned and SetLa stError is n't update d.
	5462	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5463	function C ertGetIssu erCertific ateFromSto re(HCERTST ORE: HCERT STORE;
	5464	pSubjectCo ntext: PCC ERT_CONTEX T;
	5465	pPrevIssue rContext: PCCERT_CON TEXT; // O PTIONAL
	5466	pdwFlags: PDWORD): P CCERT_CONT EXT; stdca ll;
	5467	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5468	// Perform the enabl ed verific ation chec ks on the subject ce rtificate
	5469	// using t he issuer. Same chec ks and fla gs definit ions as fo r the abov e
	5470	// CertGet IssuerCert ificateFro mStore.
	5471	//
	5472	// If you are only c hecking CE RT_STORE_T IME_VALIDI TY_FLAG, t hen, the
	5473	// issuer can be NUL L.
	5474	//
	5475	// For a v erificatio n check fa ilure, SUC CESS is st ill return ed.
	5476	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5477
	5478	function C ertVerifyS ubjectCert ificateCon text(pSubj ect: PCCER T_CONTEXT;
	5479	pIssuer: P CCERT_CONT EXT; // OP TIONAL
	5480	pdwFlags: PDWORD): B OOL; stdca ll;
	5481	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5482	// Duplica te a certi ficate con text
	5483	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5484
	5485	function C ertDuplica teCertific ateContext (pCertCont ext: PCCER T_CONTEXT) : PCCERT_C ONTEXT; st dcall;
	5486	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5487	// Create a certific ate contex t from the encoded c ertificate . The crea ted
	5488	// context isn't put in a stor e.
	5489	//
	5490	// Makes a copy of t he encoded certifica te in the created co ntext.
	5491	//
	5492	// If unab le to deco de and cre ate the ce rtificate context, N ULL is ret urned.
	5493	// Otherwi se, a poin ter to a r ead only C ERT_CONTEX T is retur ned.
	5494	// CERT_CO NTEXT must be freed by calling CertFreeC ertificate Context.
	5495	// CertDup licateCert ificateCon text can b e called t o make a d uplicate.
	5496	//
	5497	// CertSet Certificat eContextPr operty and CertGetCe rtificateC ontextProp erty can b e called
	5498	// to stor e properti es for the certifica te.
	5499	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5500	function C ertCreateC ertificate Context(dw CertEncodi ngType: DW ORD;
	5501	pbCertEnco ded: PBYTE ;
	5502	cbCertEnco ded: DWORD ): PCCERT_ CONTEXT; s tdcall;
	5503	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5504	// Free a certificat e context
	5505	//
	5506	// There n eeds to be a corresp onding fre e for each context o btained by a
	5507	// get, fi nd, duplic ate or cre ate.
	5508	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5509	function C ertFreeCer tificateCo ntext(pCer tContext: PCCERT_CON TEXT): BOO L; stdcall ;
	5510	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5511	// Set the property for the sp ecified ce rtificate context.
	5512	//
	5513	// The typ e definiti on for pvD ata depend s on the d wPropId va lue. There are
	5514	// five pr edefined t ypes:
	5515	// CERT_KE Y_PROV_HAN DLE_PROP_I D - a HCRY PTPROV for the certi ficate's
	5516	// private key is pa ssed in pv Data. Upda tes the hC ryptProv f ield
	5517	// of the CERT_KEY_C ONTEXT_PRO P_ID. If t he CERT_KE Y_CONTEXT_ PROP_ID
	5518	// doesn't exist, it s created with all t he other f ields zero ed out. If
	5519	// CERT_ST ORE_NO_CRY PT_RELEASE _FLAG isn' t set, HCR YPTPROV is implicitl y
	5520	// release d when eit her the pr operty is set to NUL L or on th e final
	5521	// free of the CertC ontext.
	5522	//
	5523	// CERT_KE Y_PROV_INF O_PROP_ID - a PCRYPT _KEY_PROV_ INFO for t he certifi cate's
	5524	// private key is pa ssed in pv Data.
	5525	//
	5526	// CERT_SH A1_HASH_PR OP_ID -
	5527	// CERT_MD 5_HASH_PRO P_ID - no rmally, ei ther prope rty is imp licitly
	5528	// set by doing a Ce rtGetCerti ficateCont extPropert y. pvData points to a
	5529	// CRYPT_H ASH_BLOB.
	5530	//
	5531	// CERT_KE Y_CONTEXT_ PROP_ID - a PCERT_KE Y_CONTEXT for the ce rtificate' s
	5532	// private key is pa ssed in pv Data. The CERT_KEY_C ONTEXT con tains both the
	5533	// hCryptP rov and dw KeySpec fo r the priv ate key.
	5534	// See the CERT_KEY_ PROV_HANDL E_PROP_ID for more i nformation about
	5535	// the hCr yptProv fi eld and dw Flags sett ings. Note , more fie lds may
	5536	// be adde d for this property. The cbSiz e field va lue will b e adjusted
	5537	// accordi ngly.
	5538	//
	5539	// CERT_KE Y_SPEC_PRO P_ID - the dwKeySpec for the p rivate key . pvData
	5540	// points to a DWORD containin g the KeyS pec
	5541	//
	5542	// CERT_EN HKEY_USAGE _PROP_ID - enhanced key usage definition for the
	5543	// certifi cate. pvDa ta points to a CRYPT _DATA_BLOB containin g an
	5544	// ASN.1 e ncoded CER T_ENHKEY_U SAGE (enco ded via
	5545	// CryptEn codeObject (X509_ENHA NCED_KEY_U SAGE).
	5546	//
	5547	// CERT_NE XT_UPDATE_ LOCATION_P ROP_ID - l ocation of the next update.
	5548	// Current ly only ap plicable t o CTLs. pv Data point s to a CRY PT_DATA_BL OB
	5549	// contain ing an ASN .1 encoded CERT_ALT_ NAME_INFO (encoded v ia
	5550	// CryptEn codeObject (X509_ALTE RNATE_NAME )).
	5551	//
	5552	// CERT_FR IENDLY_NAM E_PROP_ID - friendly name for the cert, CRL or CTL .
	5553	// pvData points to a CRYPT_DA TA_BLOB. p bData is a pointer t o a NULL
	5554	// termina ted unicod e, wide ch aracter st ring.
	5555	// cbData = (wcslen( (LPWSTR) p bData) + 1 ) * sizeof (WCHAR).
	5556	//
	5557	// For all the other PROP_IDs: an encode d PCRYPT_D ATA_BLOB i s passed i n pvData.
	5558	//
	5559	// If the property a lready exi sts, then, the old v alue is de leted and silently
	5560	// replace d. Setting , pvData t o NULL, de letes the property.
	5561	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5562	function C ertSetCert ificateCon textProper ty(pCertCo ntext: PCC ERT_CONTEX T;
	5563	dwPropId: DWORD;
	5564	dwFlags: D WORD;
	5565	pvData: PV OID): BOOL ; stdcall;
	5566	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5567	// Get the property for the sp ecified ce rtificate context.
	5568	//
	5569	// For CER T_KEY_PROV _HANDLE_PR OP_ID, pvD ata points to a HCRY PTPROV.
	5570	//
	5571	// For CER T_KEY_PROV _INFO_PROP _ID, pvDat a points t o a CRYPT_ KEY_PROV_I NFO struct ure.
	5572	// Element s pointed to by fiel ds in the pvData str ucture fol low the
	5573	// structu re. Theref ore, *pcbD ata may ex ceed the s ize of the structure .
	5574	//
	5575	// For CER T_KEY_CONT EXT_PROP_I D, pvData points to a CERT_KEY _CONTEXT s tructure.
	5576	//
	5577	// For CER T_KEY_SPEC _PROP_ID, pvData poi nts to a D WORD conta ining the KeySpec.
	5578	// If the CERT_KEY_C ONTEXT_PRO P_ID exist s, the Key Spec is ob tained fro m there.
	5579	// Otherwi se, if the CERT_KEY_ PROV_INFO_ PROP_ID ex ists, its the source
	5580	// of the KeySpec.
	5581	//
	5582	// For CER T_SHA1_HAS H_PROP_ID or CERT_MD 5_HASH_PRO P_ID, if t he hash
	5583	// doesn't already e xist, then , its comp uted via C ryptHashCe rtificate( )
	5584	// and the n set. pvD ata points to the co mputed has h. Normall y, the len gth
	5585	// is 20 b ytes for S HA and 16 for MD5.
	5586	//
	5587	// For all other PRO P_IDs, pvD ata points to an enc oded array of bytes.
	5588	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5589	function C ertGetCert ificateCon textProper ty(pCertCo ntext: PCC ERT_CONTEX T;
	5590	dwPropId: DWORD;
	5591	pvData: PV OID;
	5592	pcbData: P DWORD): BO OL; stdcal l;
	5593	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5594	// Enumera te the pro perties fo r the spec ified cert ificate co ntext.
	5595	//
	5596	// To get the first property, set dwProp Id to 0. T he ID of t he first
	5597	// propert y is retur ned. To ge t the next property, set dwPro pId to the
	5598	// ID retu rned by th e last cal l. To enum erate all the proper ties conti nue
	5599	// until 0 is return ed.
	5600	//
	5601	// CertGet Certificat eContextPr operty is called to get the pr operty's d ata.
	5602	//
	5603	// Note, s ince, the CERT_KEY_P ROV_HANDLE _PROP_ID a nd CERT_KE Y_SPEC_PRO P_ID
	5604	// propert ies are st ored as fi elds in th e CERT_KEY _CONTEXT_P ROP_ID
	5605	// propert y, they ar en't enume rated indi vidually.
	5606	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5607	function C ertEnumCer tificateCo ntextPrope rties(pCer tContext: PCCERT_CON TEXT;
	5608	dwPropId: DWORD): DW ORD; stdca ll;
	5609	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5610	// Get the first or next CRL c ontext fro m the stor e for the specified
	5611	// issuer certificat e. Perform the enabl ed verific ation chec ks on the CRL.
	5612	//
	5613	// If the first or n ext CRL is n't found, NULL is r eturned.
	5614	// Otherwi se, a poin ter to a r ead only C RL_CONTEXT is return ed. CRL_CO NTEXT
	5615	// must be freed by calling Ce rtFreeCRLC ontext. Ho wever, the free must be
	5616	// pPrevCr lContext o n a subseq uent call. CertDupli cateCRLCon text
	5617	// can be called to make a dup licate.
	5618	//
	5619	// The pIs suerContex t may have been obta ined from this store , another store
	5620	// or crea ted by the caller ap plication. When crea ted by the caller, t he
	5621	// CertCre ateCertifi cateContex t function must have been call ed.
	5622	//
	5623	// If pIss uerContext == NULL, finds all the CRLs i n the stor e.
	5624	//
	5625	// An issu er may hav e multiple CRLs. For example, it generat es delta C RLs
	5626	// using a X.509 v3 extension. pPrevCrlC ontext MUS T BE NULL on the fir st
	5627	// call to get the C RL. To get the next CRL for th e issuer, the
	5628	// pPrevCr lContext i s set to t he CRL_CON TEXT retur ned by a p revious ca ll.
	5629	//
	5630	// NOTE: a NON-NULL pPrevCrlCo ntext is a lways Cert FreeCRLCon text'ed by
	5631	// this fu nction, ev en for an error.
	5632	//
	5633	// The fol lowing fla gs can be set in *pd wFlags to enable ver ification checks
	5634	// on the returned C RL:
	5635	// CERT_ST ORE_SIGNAT URE_FLAG - use t he public key in the
	5636	// issuer' s certific ate to ver ify the
	5637	// signatu re on the returned C RL.
	5638	// Note, i f pIssuerC ontext->hC ertStore = =
	5639	// hCertSt ore, the s tore provi der might
	5640	// be able to elimin ate a redo of
	5641	// the sig nature ver ify.
	5642	// CERT_ST ORE_TIME_V ALIDITY_FL AG - get t he current time and verify tha t
	5643	// its wit hin the CR L's ThisUp date and
	5644	// NextUpd ate validi ty period.
	5645	//
	5646	// If an e nabled ver ification check fail s, then, i ts flag is set upon return.
	5647	//
	5648	// If pIss uerContext == NULL, then, an e nabled CER T_STORE_SI GNATURE_FL AG
	5649	// always fails and the CERT_S TORE_NO_IS SUER_FLAG is also se t.
	5650	//
	5651	// For a v erificatio n check fa ilure, a p ointer to the first or next
	5652	// CRL_CON TEXT is st ill return ed and Set LastError isn't upda ted.
	5653	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5654	function C ertGetCRLF romStore(H CERTSTORE: HCERTSTOR E;
	5655	pIssuerCon text: PCCE RT_CONTEXT ; // OPTIO NAL
	5656	pPrevCrlCo ntext: PCC RL_CONTEXT ;
	5657	pdwFlags: PDWORD): P CCRL_CONTE XT; stdcal l;
	5658	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5659	// Enumera te the CRL contexts in the sto re.
	5660	//
	5661	// If a CR L isn't fo und, NULL is returne d.
	5662	// Otherwi se, a poin ter to a r ead only C RL_CONTEXT is return ed. CRL_CO NTEXT
	5663	// must be freed by calling Ce rtFreeCRLC ontext or is freed w hen passed as the
	5664	// pPrevCr lContext o n a subseq uent call. CertDupli cateCRLCon text
	5665	// can be called to make a dup licate.
	5666	//
	5667	// pPrevCr lContext M UST BE NUL L to enume rate the f irst
	5668	// CRL in the store. Successiv e CRLs are enumerate d by setti ng
	5669	// pPrevCr lContext t o the CRL_ CONTEXT re turned by a previous call.
	5670	//
	5671	// NOTE: a NON-NULL pPrevCrlCo ntext is a lways Cert FreeCRLCon text'ed by
	5672	// this fu nction, ev en for an error.
	5673	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5674	function C ertEnumCRL sInStore(H CERTSTORE: HCERTSTOR E;
	5675	pPrevCrlCo ntext: PCC RL_CONTEXT ): PCCRL_C ONTEXT; st dcall;
	5676	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5677	// Duplica te a CRL c ontext
	5678	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5679	function C ertDuplica teCRLConte xt(pCrlCon text: PCCR L_CONTEXT) : PCCRL_CO NTEXT; std call;
	5680	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5681	// Create a CRL cont ext from t he encoded CRL. The created
	5682	// context isn't put in a stor e.
	5683	//
	5684	// Makes a copy of t he encoded CRL in th e created context.
	5685	//
	5686	// If unab le to deco de and cre ate the CR L context, NULL is r eturned.
	5687	// Otherwi se, a poin ter to a r ead only C RL_CONTEXT is return ed.
	5688	// CRL_CON TEXT must be freed b y calling CertFreeCR LContext.
	5689	// CertDup licateCRLC ontext can be called to make a duplicate .
	5690	//
	5691	// CertSet CRLContext Property a nd CertGet CRLContext Property c an be call ed
	5692	// to stor e properti es for the CRL.
	5693	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5694	function C ertCreateC RLContext( dwCertEnco dingType: DWORD;
	5695	pbCrlEncod ed: PBYTE;
	5696	cbCrlEncod ed: DWORD) : PCCRL_CO NTEXT; std call;
	5697	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5698	// Free a CRL contex t
	5699	//
	5700	// There n eeds to be a corresp onding fre e for each context o btained by a
	5701	// get, du plicate or create.
	5702	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5703	function C ertFreeCRL Context(pC rlContext: PCCRL_CON TEXT): BOO L; stdcall ;
	5704	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5705	// Set the property for the sp ecified CR L context.
	5706	//
	5707	// Same Pr operty Ids and seman tics as Ce rtSetCerti ficateCont extPropert y.
	5708	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5709	function C ertSetCRLC ontextProp erty(pCrlC ontext: PC CRL_CONTEX T;
	5710	dwPropId: DWORD;
	5711	dwFlags: D WORD;
	5712	const pvDa ta: PVOID) : BOOL; st dcall;
	5713	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5714	// Get the property for the sp ecified CR L context.
	5715	//
	5716	// Same Pr operty Ids and seman tics as Ce rtGetCerti ficateCont extPropert y.
	5717	//
	5718	// CERT_SH A1_HASH_PR OP_ID or C ERT_MD5_HA SH_PROP_ID is the pr edefined
	5719	// propert y of most interest.
	5720	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5721	function C ertGetCRLC ontextProp erty(pCrlC ontext: PC CRL_CONTEX T;
	5722	dwPropId: DWORD;
	5723	pvData: PV OID;
	5724	pcbData: P DWORD): BO OL; stdcal l;
	5725	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5726	// Enumera te the pro perties fo r the spec ified CRL context.
	5727	//
	5728	// To get the first property, set dwProp Id to 0. T he ID of t he first
	5729	// propert y is retur ned. To ge t the next property, set dwPro pId to the
	5730	// ID retu rned by th e last cal l. To enum erate all the proper ties conti nue
	5731	// until 0 is return ed.
	5732	//
	5733	// CertGet CRLContext Property i s called t o get the property's data.
	5734	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5735	function C ertEnumCRL ContextPro perties(pC rlContext: PCCRL_CON TEXT;
	5736	dwPropId: DWORD): DW ORD; stdca ll;
	5737	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5738	// Add cer tificate/C RL, encode d, context or elemen t disposit ion values .
	5739	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5740	const
	5741	CERT_STORE _ADD_NEW = 1;
	5742	const
	5743	CERT_STORE _ADD_USE_E XISTING = 2;
	5744	const
	5745	CERT_STORE _ADD_REPLA CE_EXISTIN G = 3;
	5746	const
	5747	CERT_STORE _ADD_ALWAY S = 4;
	5748	const
	5749	CERT_STORE _ADD_REPLA CE_EXISTIN G_INHERIT_ PROPERTIES = 5;
	5750	const
	5751	CERT_STORE _ADD_NEWER = 6;
	5752	const
	5753	CERT_STORE _ADD_NEWER _INHERIT_P ROPERTIES = 7;
	5754
	5755	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5756	// Add the encoded c ertificate to the st ore accord ing to the specified
	5757	// disposi tion actio n.
	5758	//
	5759	// Makes a copy of t he encoded certifica te before adding to the store.
	5760	//
	5761	// dwAddDi spostion s pecifies t he action to take if the certi ficate
	5762	// already exists in the store . This par ameter mus t be one o f the foll owing
	5763	// values:
	5764	// CERT_ST ORE_ADD_NE W
	5765	// Fails i f the cert ificate al ready exis ts in the store. Las tError
	5766	// is set to CRYPT_E _EXISTS.
	5767	// CERT_ST ORE_ADD_US E_EXISTING
	5768	// If the certifcate already e xists, the n, its use d and if p pCertConte xt
	5769	// is non- NULL, the existing c ontext is duplicated .
	5770	// CERT_ST ORE_ADD_RE PLACE_EXIS TING
	5771	// If the certificat e already exists, th en, the ex isting cer tificate
	5772	// context is delete d before c reating an d adding t he new con text.
	5773	// CERT_ST ORE_ADD_AL WAYS
	5774	// No chec k is made to see if the certif icate alre ady exists . A
	5775	// new cer tificate c ontext is always cre ated. This may lead to
	5776	// duplica tes in the store.
	5777	//
	5778	// CertGet SubjectCer tificateFr omStore is called to determine if the
	5779	// certifi cate alrea dy exists in the sto re.
	5780	//
	5781	// ppCertC ontext can be NULL, indicating the calle r isn't in terested
	5782	// in gett ing the CE RT_CONTEXT of the ad ded or exi sting cert ificate.
	5783	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5784	function C ertAddEnco dedCertifi cateToStor e(HCERTSTO RE: HCERTS TORE;
	5785	dwCertEnco dingType: DWORD;
	5786	const pbCe rtEncoded: PBYTE;
	5787	cbCertEnco ded: DWORD ;
	5788	dwAddDispo sition: DW ORD;
	5789	var ppCert Context: P CCERT_CONT EXT): BOOL ; stdcall;
	5790	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5791	// Add the certifica te context to the st ore accord ing to the specified
	5792	// disposi tion actio n.
	5793	//
	5794	// In addi tion to th e encoded certificat e, the con text's pro perties ar e
	5795	// also co pied. Not e, the CER T_KEY_CONT EXT_PROP_I D property (and its
	5796	// CERT_KE Y_PROV_HAN DLE_PROP_I D or CERT_ KEY_SPEC_P ROP_ID) is n't copied .
	5797	//
	5798	// Makes a copy of t he certifi cate conte xt before adding to the store.
	5799	//
	5800	// dwAddDi spostion s pecifies t he action to take if the certi ficate
	5801	// already exists in the store . This par ameter mus t be one o f the foll owing
	5802	// values:
	5803	// CERT_ST ORE_ADD_NE W
	5804	// Fails i f the cert ificate al ready exis ts in the store. Las tError
	5805	// is set to CRYPT_E _EXISTS.
	5806	// CERT_ST ORE_ADD_US E_EXISTING
	5807	// If the certifcate already e xists, the n, its use d and if p pStoreCont ext
	5808	// is non- NULL, the existing c ontext is duplicated . Iterates
	5809	// through pCertCont ext's prop erties and only copi es the pro perties
	5810	// that do n't alread y exist. T he SHA1 an d MD5 hash propertie s aren't
	5811	// copied.
	5812	// CERT_ST ORE_ADD_RE PLACE_EXIS TING
	5813	// If the certificat e already exists, th en, the ex isting cer tificate
	5814	// context is delete d before c reating an d adding a new conte xt.
	5815	// Propert ies are co pied befor e doing th e add.
	5816	// CERT_ST ORE_ADD_AL WAYS
	5817	// No chec k is made to see if the certif icate alre ady exists . A
	5818	// new cer tificate c ontext is always cre ated and a dded. This may lead to
	5819	// duplica tes in the store. Pr operties a re
	5820	// copied before doi ng the add .
	5821	//
	5822	// CertGet SubjectCer tificateFr omStore is called to determine if the
	5823	// certifi cate alrea dy exists in the sto re.
	5824	//
	5825	// ppStore Context ca n be NULL, indicatin g the call er isn't i nterested
	5826	// in gett ing the CE RT_CONTEXT of the ad ded or exi sting cert ificate.
	5827	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5828	function C ertAddCert ificateCon textToStor e(HCERTSTO RE: HCERTS TORE;
	5829	pCertConte xt: PCCERT _CONTEXT;
	5830	dwAddDispo sition: DW ORD;
	5831	var ppStor eContext: PCCERT_CON TEXT // OP TIONAL
	5832	): BOOL; s tdcall;
	5833
	5834	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5835	// Certifi cate Store Context T ypes
	5836	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5837	const
	5838	CERT_STORE _CERTIFICA TE_CONTEXT = 1;
	5839	const
	5840	CERT_STORE _CRL_CONTE XT = 2;
	5841	const
	5842	CERT_STORE _CTL_CONTE XT = 3;
	5843
	5844	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5845	// Certifi cate Store Context B it Flags
	5846	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5847	const
	5848	CERT_STORE _ALL_CONTE XT_FLAG = (not ULONG (0));
	5849	const
	5850	CERT_STORE _CERTIFICA TE_CONTEXT _FLAG = (1 shl CERT_ STORE_CERT IFICATE_CO NTEXT);
	5851	const
	5852	CERT_STORE _CRL_CONTE XT_FLAG = (1 shl CER T_STORE_CR L_CONTEXT) ;
	5853	const
	5854	CERT_STORE _CTL_CONTE XT_FLAG = (1 shl CER T_STORE_CT L_CONTEXT) ;
	5855
	5856	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5857	// Add the serialize d certific ate or CRL element t o the stor e.
	5858	//
	5859	// The ser ialized el ement cont ains the e ncoded cer tificate, CRL or CTL and
	5860	// its pro perties, s uch as, CE RT_KEY_PRO V_INFO_PRO P_ID.
	5861	//
	5862	// If hCer tStore is NULL, crea tes a cert ificate, C RL or CTL context no t
	5863	// residin g in any s tore.
	5864	//
	5865	// dwAddDi spostion s pecifies t he action to take if the certi ficate or CRL
	5866	// already exists in the store . See Cert AddCertifi cateContex tToStore f or a
	5867	// list of and actio ns taken.
	5868	//
	5869	// dwFlags currently isn't use d and shou ld be set to 0.
	5870	//
	5871	// dwConte xtTypeFlag s specifie s the set of allowab le context s. For exa mple, to
	5872	// add eit her a cert ificate or CRL, set dwContextT ypeFlags t o:
	5873	// CERT_ST ORE_CERTIF ICATE_CONT EXT_FLAG \| CERT_STOR E_CRL_CONT EXT_FLAG
	5874	//
	5875	// *pdwCon textType i s updated with the t ype of the context r eturned in
	5876	// *ppvCon txt. pdwCo ntextType or ppvCont ext can be NULL, ind icating th e
	5877	// caller isn't inte rested in getting th e output. If *ppvCon text is
	5878	// returne d it must be freed b y calling CertFreeCe rtificateC ontext or
	5879	// CertFre eCRLContex t.
	5880	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5881	function C ertAddSeri alizedElem entToStore (HCERTSTOR E: HCERTST ORE;
	5882	pbElement: PBYTE;
	5883	cbElement: DWORD;
	5884	dwAddDispo sition: DW ORD;
	5885	dwFlags: D WORD;
	5886	dwContextT ypeFlags: DWORD;
	5887	pdwContext Type: PDWO RD;
	5888	var ppvCon text: arra y of PVOID ): BOOL; s tdcall;
	5889	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5890	// Delete the specif ied certif icate from the store .
	5891	//
	5892	// All sub sequent ge ts or find s for the certificat e will fai l. However ,
	5893	// memory allocated for the ce rtificate isn't free d until al l of its c ontexts
	5894	// have al so been fr eed.
	5895	//
	5896	// The pCe rtContext is obtaine d from a g et, enum, find or du plicate.
	5897	//
	5898	// Some st ore provid er impleme ntations m ight also delete the issuer's CRLs
	5899	// if this is the la st certifi cate for t he issuer in the sto re.
	5900	//
	5901	// NOTE: t he pCertCo ntext is a lways Cert FreeCertif icateConte xt'ed by
	5902	// this fu nction, ev en for an error.
	5903	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5904	function C ertDeleteC ertificate FromStore( pCertConte xt: PCCERT _CONTEXT): BOOL; std call;
	5905	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5906	// Add the encoded C RL to the store acco rding to t he specifi ed
	5907	// disposi tion optio n.
	5908	//
	5909	// Makes a copy of t he encoded CRL befor e adding t o the stor e.
	5910	//
	5911	// dwAddDi spostion s pecifies t he action to take if the CRL
	5912	// already exists in the store . See Cert AddEncoded Certificat eToStore f or a
	5913	// list of and actio ns taken.
	5914	//
	5915	// Compare s the CRL' s Issuer t o determin e if the C RL already exists in the
	5916	// store.
	5917	//
	5918	// ppCrlCo ntext can be NULL, i ndicating the caller isn't int erested
	5919	// in gett ing the CR L_CONTEXT of the add ed or exis ting CRL.
	5920	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5921	function C ertAddEnco dedCRLToSt ore(HCERTS TORE: HCER TSTORE;
	5922	dwCertEnco dingType: DWORD;
	5923	pbCrlEncod ed: PBYTE;
	5924	cbCrlEncod ed: DWORD;
	5925	dwAddDispo sition: DW ORD;
	5926	var ppCrlC ontext: PC CRL_CONTEX T
	5927	): BOOL; s tdcall;
	5928	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5929	// Add the CRL conte xt to the store acco rding to t he specifi ed
	5930	// disposi tion optio n.
	5931	//
	5932	// In addi tion to th e encoded CRL, the c ontext's p roperties are
	5933	// also co pied. Not e, the CER T_KEY_CONT EXT_PROP_I D property (and its
	5934	// CERT_KE Y_PROV_HAN DLE_PROP_I D or CERT_ KEY_SPEC_P ROP_ID) is n't copied .
	5935	//
	5936	// Makes a copy of t he encoded CRL befor e adding t o the stor e.
	5937	//
	5938	// dwAddDi spostion s pecifies t he action to take if the CRL
	5939	// already exists in the store . See Cert AddCertifi cateContex tToStore f or a
	5940	// list of and actio ns taken.
	5941	//
	5942	// Compare s the CRL' s Issuer, ThisUpdate and NextU pdate to d etermine
	5943	// if the CRL alread y exists i n the stor e.
	5944	//
	5945	// ppStore Context ca n be NULL, indicatin g the call er isn't i nterested
	5946	// in gett ing the CR L_CONTEXT of the add ed or exis ting CRL.
	5947	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5948	function C ertAddCRLC ontextToSt ore(HCERTS TORE: HCER TSTORE;
	5949	pCrlContex t: PCCRL_C ONTEXT;
	5950	dwAddDispo sition: DW ORD;
	5951	var ppStor eContext: PCCRL_CONT EXT
	5952	): BOOL; s tdcall;
	5953	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5954	// Delete the specif ied CRL fr om the sto re.
	5955	//
	5956	// All sub sequent ge ts for the CRL will fail. Howe ver,
	5957	// memory allocated for the CR L isn't fr eed until all of its contexts
	5958	// have al so been fr eed.
	5959	//
	5960	// The pCr lContext i s obtained from a ge t or dupli cate.
	5961	//
	5962	// NOTE: t he pCrlCon text is al ways CertF reeCRLCont ext'ed by
	5963	// this fu nction, ev en for an error.
	5964	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5965	function C ertDeleteC RLFromStor e(pCrlCont ext: PCCRL _CONTEXT): BOOL; std call;
	5966	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5967	// Seriali ze the cer tificate c ontext's e ncoded cer tificate a nd its
	5968	// propert ies.
	5969	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5970	function C ertSeriali zeCertific ateStoreEl ement(pCer tContext: PCCERT_CON TEXT;
	5971	dwFlags: D WORD;
	5972	pbElement: PBYTE;
	5973	pcbElement : PDWORD): BOOL; std call;
	5974	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5975	// Seriali ze the CRL context's encoded C RL and its propertie s.
	5976	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5977	function C ertSeriali zeCRLStore Element(pC rlContext: PCCRL_CON TEXT;
	5978	dwFlags: D WORD;
	5979	pbElement: PBYTE;
	5980	pcbElement : PDWORD): BOOL; std call;
	5981	// +====== ========== ========== ========== ========== ========== ========== =======
	5982	// Certifi cate Trust List (CTL ) Store Da ta Structu res and AP Is
	5983	// ======= ========== ========== ========== ========== ========== ========== =======
	5984
	5985	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5986	// Duplica te a CTL c ontext
	5987	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	5988	function C ertDuplica teCTLConte xt(pCtlCon text: PCCT L_CONTEXT) : PCCTL_CO NTEXT; std call;
	5989	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	5990	// Create a CTL cont ext from t he encoded CTL. The created
	5991	// context isn't put in a stor e.
	5992	//
	5993	// Makes a copy of t he encoded CTL in th e created context.
	5994	//
	5995	// If unab le to deco de and cre ate the CT L context, NULL is r eturned.
	5996	// Otherwi se, a poin ter to a r ead only C TL_CONTEXT is return ed.
	5997	// CTL_CON TEXT must be freed b y calling CertFreeCT LContext.
	5998	// CertDup licateCTLC ontext can be called to make a duplicate .
	5999	//
	6000	// CertSet CTLContext Property a nd CertGet CTLContext Property c an be call ed
	6001	// to stor e properti es for the CTL.
	6002	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6003	function C ertCreateC TLContext( dwMsgAndCe rtEncoding Type: DWOR D;
	6004	const pbCt lEncoded: PBYTE;
	6005	cbCtlEncod ed: DWORD) : PCCTL_CO NTEXT; std call;
	6006	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6007	// Free a CTL contex t
	6008	//
	6009	// There n eeds to be a corresp onding fre e for each context o btained by a
	6010	// get, du plicate or create.
	6011	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6012	function C ertFreeCTL Context(pC tlContext: PCCTL_CON TEXT): BOO L; stdcall ;
	6013	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6014	// Set the property for the sp ecified CT L context.
	6015	//
	6016	// Same Pr operty Ids and seman tics as Ce rtSetCerti ficateCont extPropert y.
	6017	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6018	function C ertSetCTLC ontextProp erty(pCtlC ontext: PC CTL_CONTEX T;
	6019	dwPropId: DWORD;
	6020	dwFlags: D WORD;
	6021	const pvDa ta: PVOID) : BOOL; st dcall;
	6022	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6023	// Get the property for the sp ecified CT L context.
	6024	//
	6025	// Same Pr operty Ids and seman tics as Ce rtGetCerti ficateCont extPropert y.
	6026	//
	6027	// CERT_SH A1_HASH_PR OP_ID or C ERT_NEXT_U PDATE_LOCA TION_PROP_ ID are the
	6028	// predefi ned proper ties of mo st interes t.
	6029	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6030	function C ertGetCTLC ontextProp erty(pCtlC ontext: PC CTL_CONTEX T;
	6031	dwPropId: DWORD;
	6032	pvData: PV OID;
	6033	pcbData: P DWORD): BO OL; stdcal l;
	6034	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6035	// Enumera te the pro perties fo r the spec ified CTL context.
	6036	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6037	function C ertEnumCTL ContextPro perties(pC tlContext: PCCTL_CON TEXT;
	6038	dwPropId: DWORD): DW ORD; stdca ll;
	6039	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6040	// Enumera te the CTL contexts in the sto re.
	6041	//
	6042	// If a CT L isn't fo und, NULL is returne d.
	6043	// Otherwi se, a poin ter to a r ead only C TL_CONTEXT is return ed. CTL_CO NTEXT
	6044	// must be freed by calling Ce rtFreeCTLC ontext or is freed w hen passed as the
	6045	// pPrevCt lContext o n a subseq uent call. CertDupli cateCTLCon text
	6046	// can be called to make a dup licate.
	6047	//
	6048	// pPrevCt lContext M UST BE NUL L to enume rate the f irst
	6049	// CTL in the store. Successiv e CTLs are enumerate d by setti ng
	6050	// pPrevCt lContext t o the CTL_ CONTEXT re turned by a previous call.
	6051	//
	6052	// NOTE: a NON-NULL pPrevCtlCo ntext is a lways Cert FreeCTLCon text'ed by
	6053	// this fu nction, ev en for an error.
	6054	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6055	function C ertEnumCTL sInStore(H CERTSTORE: HCERTSTOR E;
	6056	pPrevCtlCo ntext: PCC TL_CONTEXT
	6057	): PCCTL_C ONTEXT; st dcall;
	6058	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6059	// Attempt to find t he specifi ed subject in the CT L.
	6060	//
	6061	// For CTL _CERT_SUBJ ECT_TYPE, pvSubject points to a CERT_CON TEXT. The CTL's
	6062	// Subject Algorithm is examine d to deter mine the r epresentat ion of the
	6063	// subject 's identit y. Initial ly, only S HA1 or MD5 hash will be suppor ted.
	6064	// The app ropriate h ash proper ty is obta ined from the CERT_C ONTEXT.
	6065	//
	6066	// For CTL _ANY_SUBJE CT_TYPE, p vSubject p oints to t he CTL_ANY _SUBJECT_I NFO
	6067	// structu re which c ontains th e SubjectA lgorithm t o be match ed in the CTL
	6068	// and the SubjectId entifer to be matche d in one o f the CTL entries.
	6069	//
	6070	// The cer tificate's hash or t he CTL_ANY _SUBJECT_I NFO's Subj ectIdentif ier
	6071	// is used as the ke y in searc hing the s ubject ent ries. A bi nary
	6072	// memory comparison is done b etween the key and t he entry's SubjectId entifer.
	6073	//
	6074	// dwEncod ingType is n't used f or either of the abo ve Subject Types.
	6075	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6076	function C ertFindSub jectInCTL( dwEncoding Type: DWOR D;
	6077	dwSubjectT ype: DWORD ;
	6078	pvSubject: PVOID;
	6079	pCtlContex t: PCCTL_C ONTEXT;
	6080	dwFlags: D WORD): PCT L_ENTRY; s tdcall;
	6081	// Subject Types:
	6082	// CTL_ANY _SUBJECT_T YPE, pvSub ject point s to follo wing CTL_A NY_SUBJECT _INFO.
	6083	// CTL_CER T_SUBJECT_ TYPE, pvSu bject poin ts to CERT _CONTEXT.
	6084	const
	6085	CTL_ANY_SU BJECT_TYPE = 1;
	6086	const
	6087	CTL_CERT_S UBJECT_TYP E = 2;
	6088
	6089	type
	6090	PCTL_ANY_S UBJECT_INF O = ^CTL_A NY_SUBJECT _INFO;
	6091
	6092	CTL_ANY_SU BJECT_INFO = record
	6093	SubjectAlg orithm: CR YPT_ALGORI THM_IDENTI FIER;
	6094	SubjectIde ntifier: C RYPT_DATA_ BLOB;
	6095	end;
	6096
	6097	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6098	// Find th e first or next CTL context in the store .
	6099	//
	6100	// The CTL is found according to the dwF indType an d its pvFi ndPara.
	6101	// See bel ow for a l ist of the find type s and its parameters .
	6102	//
	6103	// Current ly dwFindF lags isn't used and must be se t to 0.
	6104	//
	6105	// Usage o f dwMsgAnd CertEncodi ngType dep ends on th e dwFindTy pe.
	6106	//
	6107	// If the first or n ext CTL is n't found, NULL is r eturned.
	6108	// Otherwi se, a poin ter to a r ead only C TL_CONTEXT is return ed. CTL_CO NTEXT
	6109	// must be freed by calling Ce rtFreeCTLC ontext or is freed w hen passed as the
	6110	// pPrevCt lContext o n a subseq uent call. CertDupli cateCTLCon text
	6111	// can be called to make a dup licate.
	6112	//
	6113	// pPrevCt lContext M UST BE NUL L on the f irst
	6114	// call to find the CTL. To fi nd the nex t CTL, the
	6115	// pPrevCt lContext i s set to t he CTL_CON TEXT retur ned by a p revious ca ll.
	6116	//
	6117	// NOTE: a NON-NULL pPrevCtlCo ntext is a lways Cert FreeCTLCon text'ed by
	6118	// this fu nction, ev en for an error.
	6119	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6120	function C ertFindCTL InStore(HC ERTSTORE: HCERTSTORE ;
	6121	dwMsgAndCe rtEncoding Type: DWOR D;
	6122	dwFindFlag s: DWORD;
	6123	dwFindType : DWORD;
	6124	const pvFi ndPara: PV OID;
	6125	pPrevCtlCo ntext: PCC TL_CONTEXT ): PCCTL_C ONTEXT; st dcall;
	6126
	6127	const
	6128	CTL_FIND_A NY = 0;
	6129	const
	6130	CTL_FIND_S HA1_HASH = 1;
	6131	const
	6132	CTL_FIND_M D5_HASH = 2;
	6133	const
	6134	CTL_FIND_U SAGE = 3;
	6135	const
	6136	CTL_FIND_S UBJECT = 4 ;
	6137
	6138	type
	6139	PCTL_FIND_ USAGE_PARA = ^CTL_FI ND_USAGE_P ARA;
	6140
	6141	CTL_FIND_U SAGE_PARA = record
	6142	cbSize: DW ORD;
	6143	SubjectUsa ge: CTL_US AGE; // op tional
	6144	ListIdenti fier: CRYP T_DATA_BLO B; // opti onal
	6145	pSigner: P CERT_INFO; // option al
	6146	end;
	6147
	6148	const
	6149	CTL_FIND_N O_LIST_ID_ CBDATA = $ FFFFFFFF;
	6150	const
	6151	CTL_FIND_N O_SIGNER_P TR = (PCER T_INFO($FF FFFFFF));
	6152
	6153	const
	6154	CTL_FIND_S AME_USAGE_ FLAG = $1;
	6155
	6156	type
	6157	PCTL_FIND_ SUBJECT_PA RA = ^CTL_ FIND_SUBJE CT_PARA;
	6158
	6159	CTL_FIND_S UBJECT_PAR A = record
	6160	cbSize: DW ORD;
	6161	pUsagePara : PCTL_FIN D_USAGE_PA RA; // opt ional
	6162	dwSubjectT ype: DWORD ;
	6163	pvSubject: PVOID;
	6164	end;
	6165
	6166	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6167	// CTL_FIN D_ANY
	6168	//
	6169	// Find an y CTL.
	6170	//
	6171	// pvFindP ara isn't used.
	6172	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6173
	6174	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6175	// CTL_FIN D_SHA1_HAS H
	6176	// CTL_FIN D_MD5_HASH
	6177	//
	6178	// Find a CTL with t he specifi ed hash.
	6179	//
	6180	// pvFindP ara points to a CRYP T_HASH_BLO B.
	6181	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6182
	6183	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6184	// CTL_FIN D_USAGE
	6185	//
	6186	// Find a CTL having the speci fied usage identifie rs, list i dentifier or
	6187	// signer. The CertE ncodingTyp e of the s igner is o btained fr om the
	6188	// dwMsgAn dCertEncod ingType pa rameter.
	6189	//
	6190	// pvFindP ara points to a CTL_ FIND_USAGE _PARA data structure . The
	6191	// Subject Usage.cUsa geIdentife r can be 0 to match any usage. The
	6192	// ListIde ntifier.cb Data can b e 0 to mat ch any lis t identifi er. To onl y match
	6193	// CTLs wi thout a Li stIdentifi er, cbData must be s et to
	6194	// CTL_FIN D_NO_LIST_ ID_CBDATA. pSigner c an be NULL to match any signer . Only
	6195	// the Iss uer and Se rialNumber fields of the pSign er's PCERT _INFO are used.
	6196	// To only match CTL s without a signer, pSigner mu st be set to
	6197	// CTL_FIN D_NO_SIGNE R_PTR.
	6198	//
	6199	// The CTL _FIND_SAME _USAGE_FLA G can be s et in dwFi ndFlags to
	6200	// only ma tch CTLs w ith the sa me usage i dentifiers . CTLs hav ing additi onal
	6201	// usage i dentifiers aren't ma tched. For example, if only "1 .2.3" is s pecified
	6202	// in CTL_ FIND_USAGE _PARA, the n, for a m atch, the CTL must o nly contai n
	6203	// "1.2.3" and not a ny additio nal usage identifers .
	6204	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6205
	6206	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6207	// CTL_FIN D_SUBJECT
	6208	//
	6209	// Find a CTL having the speci fied subje ct. CertFi ndSubjectI nCTL can b e
	6210	// called to get a p ointer to the subjec t's entry in the CTL . pUsageP ara can
	6211	// optiona lly be set to enable the above CTL_FIND_ USAGE matc hing.
	6212	//
	6213	// pvFindP ara points to a CTL_ FIND_SUBJE CT_PARA da ta structu re.
	6214	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6215
	6216	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6217	// Add the encoded C TL to the store acco rding to t he specifi ed
	6218	// disposi tion optio n.
	6219	//
	6220	// Makes a copy of t he encoded CTL befor e adding t o the stor e.
	6221	//
	6222	// dwAddDi spostion s pecifies t he action to take if the CTL
	6223	// already exists in the store . See Cert AddEncoded Certificat eToStore f or a
	6224	// list of and actio ns taken.
	6225	//
	6226	// Compare s the CTL' s SubjectU sage, List Identifier and any o f its sign ers
	6227	// to dete rmine if t he CTL alr eady exist s in the s tore.
	6228	//
	6229	// ppCtlCo ntext can be NULL, i ndicating the caller isn't int erested
	6230	// in gett ing the CT L_CONTEXT of the add ed or exis ting CTL.
	6231	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6232	function C ertAddEnco dedCTLToSt ore(HCERTS TORE: HCER TSTORE;
	6233	dwMsgAndCe rtEncoding Type: DWOR D;
	6234	const pbCt lEncoded: PBYTE;
	6235	cbCtlEncod ed: DWORD;
	6236	dwAddDispo sition: DW ORD;
	6237	var ppCtlC ontext: PC CTL_CONTEX T // OPTIO NAL
	6238	): BOOL; s tdcall;
	6239	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6240	// Add the CTL conte xt to the store acco rding to t he specifi ed
	6241	// disposi tion optio n.
	6242	//
	6243	// In addi tion to th e encoded CTL, the c ontext's p roperties are
	6244	// also co pied. Not e, the CER T_KEY_CONT EXT_PROP_I D property (and its
	6245	// CERT_KE Y_PROV_HAN DLE_PROP_I D or CERT_ KEY_SPEC_P ROP_ID) is n't copied .
	6246	//
	6247	// Makes a copy of t he encoded CTL befor e adding t o the stor e.
	6248	//
	6249	// dwAddDi spostion s pecifies t he action to take if the CTL
	6250	// already exists in the store . See Cert AddCertifi cateContex tToStore f or a
	6251	// list of and actio ns taken.
	6252	//
	6253	// Compare s the CTL' s SubjectU sage, List Identifier and any o f its sign ers
	6254	// to dete rmine if t he CTL alr eady exist s in the s tore.
	6255	//
	6256	// ppStore Context ca n be NULL, indicatin g the call er isn't i nterested
	6257	// in gett ing the CT L_CONTEXT of the add ed or exis ting CTL.
	6258	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6259	function C ertAddCTLC ontextToSt ore(HCERTS TORE: HCER TSTORE;
	6260	pCtlContex t: PCCTL_C ONTEXT;
	6261	dwAddDispo sition: DW ORD;
	6262	var ppStor eContext: PCCTL_CONT EXT
	6263	): BOOL; s tdcall;
	6264	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6265	// Seriali ze the CTL context's encoded C TL and its propertie s.
	6266	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6267	function C ertSeriali zeCTLStore Element(pC tlContext: PCCTL_CON TEXT;
	6268	dwFlags: D WORD;
	6269	pbElement: PBYTE;
	6270	pcbElement : PDWORD): BOOL; std call;
	6271	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6272	// Delete the specif ied CTL fr om the sto re.
	6273	//
	6274	// All sub sequent ge ts for the CTL will fail. Howe ver,
	6275	// memory allocated for the CT L isn't fr eed until all of its contexts
	6276	// have al so been fr eed.
	6277	//
	6278	// The pCt lContext i s obtained from a ge t or dupli cate.
	6279	//
	6280	// NOTE: t he pCtlCon text is al ways CertF reeCTLCont ext'ed by
	6281	// this fu nction, ev en for an error.
	6282	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6283	function C ertDeleteC TLFromStor e(pCtlCont ext: PCCTL _CONTEXT): BOOL; std call;
	6284	// +====== ========== ========== ========== ========== ========== ========== =======
	6285	// Enhance d Key Usag e Helper F unctions
	6286	// ======= ========== ========== ========== ========== ========== ========== =======
	6287
	6288	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6289	// Get the enhanced key usage extension or propert y from the certifica te
	6290	// and dec ode.
	6291	//
	6292	// If the CERT_FIND_ EXT_ONLY_E NHKEY_USAG E_FLAG is set, then, only get the
	6293	// extensi on.
	6294	//
	6295	// If the CERT_FIND_ PROP_ONLY_ ENHKEY_USA GE_FLAG is set, then , only get the
	6296	// propert y.
	6297	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6298	function C ertGetEnha ncedKeyUsa ge(pCertCo ntext: PCC ERT_CONTEX T;
	6299	dwFlags: D WORD;
	6300	pUsage: PC ERT_ENHKEY _USAGE;
	6301	pcbUsage: PDWORD): B OOL; stdca ll;
	6302	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6303	// Set the enhanced key usage property f or the cer tificate.
	6304	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6305	function C ertSetEnha ncedKeyUsa ge(pCertCo ntext: PCC ERT_CONTEX T;
	6306	pUsage: PC ERT_ENHKEY _USAGE
	6307	): BOOL; s tdcall;
	6308	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6309	// Add the usage ide ntifier to the certi ficate's e nhanced ke y usage pr operty.
	6310	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6311	function C ertAddEnha ncedKeyUsa geIdentifi er(pCertCo ntext: PCC ERT_CONTEX T;
	6312	pszUsageId entifier: LPCSTR
	6313	): BOOL; s tdcall;
	6314
	6315	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6316	// Remove the usage identifier from the certificat e's enhanc ed key usa ge
	6317	// propert y.
	6318	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6319	function C ertRemoveE nhancedKey UsageIdent ifier(pCer tContext: PCCERT_CON TEXT;
	6320	pszUsageId entifier: LPCSTR
	6321	): BOOL; s tdcall;
	6322
	6323	// +====== ========== ========== ========== ========== ========== ========== =======
	6324	// Cryptog raphic Mes sage helpe r function s for veri fying and signing a
	6325	// CTL.
	6326	// ======= ========== ========== ========== ========== ========== ========== =======
	6327
	6328	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6329	// Get and verify th e signer o f a crypto graphic me ssage.
	6330	//
	6331	// To veri fy a CTL, the hCrypt Msg is obt ained from the CTL_C ONTEXT's
	6332	// hCryptM sg field.
	6333	//
	6334	// If CMSG _TRUSTED_S IGNER_FLAG is set, t hen, treat the Signe r stores a s being
	6335	// trusted and only search the m to find the certif icate corr esponding to the
	6336	// signer' s issuer a nd serial number. O therwise, the Signer Stores are
	6337	// optiona lly provid ed to supp lement the message's store of certificat es.
	6338	// If a si gner certi ficate is found, its public ke y is used to verify
	6339	// the mes sage signa ture. The CMSG_SIGNE R_ONLY_FLA G can be s et to
	6340	// return the signer without d oing the s ignature v erify.
	6341	//
	6342	// If CMSG _USE_SIGNE R_INDEX_FL AG is set, then, onl y get the signer spe cified
	6343	// by *pdw SignerInde x. Otherwi se, iterat e through all the si gners
	6344	// until a signer ve rifies or no more si gners.
	6345	//
	6346	// For a v erified si gnature, * ppSigner i s updated with certi ficate con text
	6347	// of the signer and *pdwSigne rIndex is updated wi th the ind ex of the signer.
	6348	// ppSigne r and/or p dwSignerIn dex can be NULL, ind icating th e caller i sn't
	6349	// interes ted in get ting the C ertContext and/or in dex of the signer.
	6350	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6351	function C ryptMsgGet AndVerifyS igner(HCRY PTMSG: HCR YPTMSG;
	6352	cSignerSto re: DWORD;
	6353	var rghSig nerStore: HCERTSTORE ;
	6354	dwFlags: D WORD;
	6355	var ppSign er: PCCERT _CONTEXT;
	6356	pdwSignerI ndex: PDWO RD): BOOL; stdcall;
	6357
	6358	const
	6359	CMSG_TRUST ED_SIGNER_ FLAG = $1;
	6360	const
	6361	CMSG_SIGNE R_ONLY_FLA G = $2;
	6362	const
	6363	CMSG_USE_S IGNER_INDE X_FLAG = $ 4;
	6364
	6365	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6366	// Sign an encoded C TL.
	6367	//
	6368	// The pbC tlContent can be obt ained via a CTL_CONT EXT's pbCt lContent
	6369	// field o r via a Cr yptEncodeO bject(PKCS _CTL).
	6370	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6371	function C ryptMsgSig nCTL(dwMsg EncodingTy pe: DWORD;
	6372	pbCtlConte nt: PBYTE;
	6373	cbCtlConte nt: DWORD;
	6374	pSignInfo: PCMSG_SIG NED_ENCODE _INFO;
	6375	dwFlags: D WORD;
	6376	pbEncoded: PBYTE;
	6377	pcbEncoded : PDWORD): BOOL; std call;
	6378	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6379	// Encode the CTL an d create a signed me ssage cont aining the encoded C TL.
	6380	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6381	function C ryptMsgEnc odeAndSign CTL(dwMsgE ncodingTyp e: DWORD;
	6382	pCtlInfo: PCTL_INFO;
	6383	pSignInfo: PCMSG_SIG NED_ENCODE _INFO;
	6384	dwFlags: D WORD;
	6385	pbEncoded: PBYTE;
	6386	pcbEncoded : PDWORD): BOOL; std call;
	6387
	6388	// +====== ========== ========== ========== ========== ========== ========== =======
	6389	// Certifi cate Verif y CTL Usag e Data Str uctures an d APIs
	6390	// ======= ========== ========== ========== ========== ========== ========== =======
	6391	type
	6392	PHCERTSTOR E = ^HCERT STORE;
	6393
	6394	type
	6395	PCTL_VERIF Y_USAGE_PA RA = ^CTL_ VERIFY_USA GE_PARA;
	6396
	6397	CTL_VERIFY _USAGE_PAR A = record
	6398	cbSize: DW ORD;
	6399	ListIdenti fier: CRYP T_DATA_BLO B; // OPTI ONAL
	6400	cCtlStore: DWORD;
	6401	rghCtlStor e: PHCERTS TORE; // O PTIONAL
	6402	cSignerSto re: DWORD;
	6403	rghSignerS tore: PHCE RTSTORE; / / OPTIONAL
	6404	end;
	6405
	6406	type
	6407	PCTL_VERIF Y_USAGE_ST ATUS = ^CT L_VERIFY_U SAGE_STATU S;
	6408
	6409	CTL_VERIFY _USAGE_STA TUS = reco rd
	6410	cbSize: DW ORD;
	6411	dwError: D WORD;
	6412	dwFlags: D WORD;
	6413	ppCtl: PPC CTL_CONTEX T; // IN O UT OPTIONA L
	6414	dwCtlEntry Index: DWO RD;
	6415	ppSigner: PPCCERT_CO NTEXT; // IN OUT OPT IONAL
	6416	dwSignerIn dex: DWORD ;
	6417	end;
	6418
	6419	const
	6420	CERT_VERIF Y_INHIBIT_ CTL_UPDATE _FLAG = $1 ;
	6421	const
	6422	CERT_VERIF Y_TRUSTED_ SIGNERS_FL AG = $2;
	6423	const
	6424	CERT_VERIF Y_NO_TIME_ CHECK_FLAG = $4;
	6425	const
	6426	CERT_VERIF Y_ALLOW_MO RE_USAGE_F LAG = $8;
	6427
	6428	const
	6429	CERT_VERIF Y_UPDATED_ CTL_FLAG = $1;
	6430
	6431	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6432	// Verify that a sub ject is tr usted for the specif ied usage by finding a
	6433	// signed and time v alid CTL w ith the us age identi fiers and containing the
	6434	// the sub ject. A su bject can be identif ied by eit her its ce rtificate context
	6435	// or any identifier such as i ts SHA1 ha sh.
	6436	//
	6437	// See Cer tFindSubje ctInCTL fo r definiti on of dwSu bjectType and pvSubj ect
	6438	// paramet ers.
	6439	//
	6440	// Via pVe rifyUsageP ara, the c aller can specify th e stores t o be searc hed
	6441	// to find the CTL. The caller can also specify th e stores c ontaining
	6442	// accepta ble CTL si gners. By setting th e ListIden tifier, th e caller
	6443	// can als o restrict to a part icular sig ner CTL li st.
	6444	//
	6445	// Via pVe rifyUsageS tatus, the CTL conta ining the subject, t he subject 's
	6446	// index i nto the CT L's array of entries , and the signer of the CTL
	6447	// are ret urned. If the caller is not in terested, ppCtl and ppSigner c an be set
	6448	// to NULL . Returned contexts must be fr eed via th e store's free conte xt APIs.
	6449	//
	6450	// If the CERT_VERIF Y_INHIBIT_ CTL_UPDATE _FLAG isn' t set, the n, a time
	6451	// invalid CTL in on e of the C tlStores m ay be repl aced. When replaced, the
	6452	// CERT_VE RIFY_UPDAT ED_CTL_FLA G is set i n pVerifyU sageStatus ->dwFlags.
	6453	//
	6454	// If the CERT_VERIF Y_TRUSTED_ SIGNERS_FL AG is set, then, onl y the
	6455	// SignerS tores spec ified in p VerifyUsag eStatus ar e searched to find
	6456	// the sig ner. Other wise, the SignerStor es provide additiona l sources
	6457	// to find the signe r's certif icate.
	6458	//
	6459	// If CERT _VERIFY_NO _TIME_CHEC K_FLAG is set, then, the CTLs aren't che cked
	6460	// for tim e validity .
	6461	//
	6462	// If CERT _VERIFY_AL LOW_MORE_U SAGE_FLAG is set, th en, the CT L may cont ain
	6463	// additio nal usage identifier s than spe cified by pSubjectUs age. Other wise,
	6464	// the fou nd CTL wil l contain the same u sage ident ifers and no more.
	6465	//
	6466	// CertVer ifyCTLUsag e will be implemente d as a dis patcher to OID insta llable
	6467	// functio ns. First, it will t ry to find an OID fu nction mat ching the first
	6468	// usage o bject iden tifier in the pUsage sequence. Next, it will dispa tch
	6469	// to the default Ce rtDllVerif yCTLUsage functions.
	6470	//
	6471	// If the subject is trusted f or the spe cified usa ge, then, TRUE is
	6472	// returne d. Otherwi se, FALSE is returne d with dwE rror set t o one of t he
	6473	// followi ng:
	6474	// CRYPT_E _NO_VERIFY _USAGE_DLL
	6475	// CRYPT_E _NO_VERIFY _USAGE_CHE CK
	6476	// CRYPT_E _VERIFY_US AGE_OFFLIN E
	6477	// CRYPT_E _NOT_IN_CT L
	6478	// CRYPT_E _NO_TRUSTE D_SIGNER
	6479	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6480	function C ertVerifyC TLUsage(dw EncodingTy pe: DWORD;
	6481	dwSubjectT ype: DWORD ;
	6482	pvSubject: PVOID;
	6483	pSubjectUs age: PCTL_ USAGE;
	6484	dwFlags: D WORD;
	6485	pVerifyUsa gePara: PC TL_VERIFY_ USAGE_PARA ;
	6486	pVerifyUsa geStatus: PCTL_VERIF Y_USAGE_ST ATUS
	6487	): BOOL; s tdcall;
	6488
	6489	// +====== ========== ========== ========== ========== ========== ========== =======
	6490	// Certifi cate Revoc ation Data Structure s and APIs
	6491	// ======= ========== ========== ========== ========== ========== ========== =======
	6492
	6493	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6494	// The fol lowing dat a structur e may be p assed to C ertVerifyR evocation to
	6495	// assist in finding the issue r of the c ontext to be verifie d.
	6496	//
	6497	// When pI ssuerCert is specifi ed, pIssue rCert is t he issuer of
	6498	// rgpvCon text[cCont ext - 1].
	6499	//
	6500	// When cC ertStore a nd rgCertS tore are s pecified, these stor es may con tain
	6501	// an issu er certifi cate.
	6502	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6503	type
	6504	PCERT_REVO CATION_PAR A = ^CERT_ REVOCATION _PARA;
	6505
	6506	CERT_REVOC ATION_PARA = record
	6507	cbSize: DW ORD;
	6508	pIssuerCer t: PCCERT_ CONTEXT;
	6509	cCertStore : DWORD;
	6510	rgCertStor e: PHCERTS TORE;
	6511	end;
	6512
	6513	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6514	// The fol lowing dat a structur e is retur ned by Cer tVerifyRev ocation to
	6515	// specify the statu s of the r evoked or unchecked context. R eview the
	6516	// followi ng CertVer ifyRevocat ion commen ts for det ails.
	6517	//
	6518	// Upon in put to Cer tVerifyRev ocation, c bSize must be set to a size
	6519	// >= size of(CERT_RE VOCATION_S TATUS). Ot herwise, C ertVerifyR evocation
	6520	// returns FALSE and sets Last Error to E _INVALIDAR G.
	6521	//
	6522	// Upon in put to the installed or regist ered CRYPT _OID_VERIF Y_REVOCATI ON_FUNC
	6523	// functio ns, the dw Index, dwE rror and d wReason ha ve been ze ro'ed.
	6524	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6525	type
	6526	PCERT_REVO CATION_STA TUS = ^CER T_REVOCATI ON_STATUS;
	6527
	6528	CERT_REVOC ATION_STAT US = recor d
	6529	cbSize: DW ORD;
	6530	dwIndex: D WORD;
	6531	dwError: D WORD;
	6532	dwReason: DWORD;
	6533	// Dependi ng on cbSi ze, the fo llowing fi elds may o ptionally be returne d.
	6534
	6535	// The Fre shness tim e is only applicable to the la st context checked. If
	6536	// interes ted in thi s informat ion, then, CertVerif yRevocatio n should b e
	6537	// called with cCont ext = 1.
	6538	//
	6539	// fHasFre shnessTime is only s et if we a re able to retrieve revocation
	6540	// informa tion. For a CRL its CurrentTim e - ThisUp date.
	6541	fHasFreshn essTime: B OOL;
	6542	dwFreshnes sTime: DWO RD; // sec onds
	6543	end;
	6544
	6545	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6546	// Verifie s the arra y of conte xts for re vocation. The dwRevT ype parame ter
	6547	// indicat es the typ e of the c ontext dat a structur e passed i n rgpvCont ext.
	6548	// Current ly only th e revocati on of cert ificates i s defined.
	6549	//
	6550	// If the CERT_VERIF Y_REV_CHAI N_FLAG fla g is set, then, Cert VerifyRevo cation
	6551	// is veri fying a ch ain of cer ts where, rgpvContex t[i + 1] i s the issu er
	6552	// of rgpv Context[i] . Otherwis e, CertVer ifyRevocat ion makes no assumpt ions
	6553	// about t he order o f the cont exts.
	6554	//
	6555	// To assi st in find ing the is suer, the pRevPara m ay optiona lly be set . See
	6556	// the CER T_REVOCATI ON_PARA da ta structu re for det ails.
	6557	//
	6558	// The con texts must contain e nough info rmation to allow the
	6559	// install able or re gistered r evocation DLLs to fi nd the rev ocation se rver. For
	6560	// certifi cates, thi s informat ion would normally b e conveyed in an
	6561	// extensi on such as the IETF' s Authorit yInfoAcces s extensio n.
	6562	//
	6563	// CertVer ifyRevocat ion return s TRUE if all of the contexts were succe ssfully
	6564	// checked and none were revok ed. Otherw ise, retur ns FALSE a nd updates the
	6565	// returne d pRevStat us data st ructure as follows:
	6566	// dwIndex
	6567	// Index o f the firs t context that was r evoked or unable to
	6568	// be chec ked for re vocation
	6569	// dwError
	6570	// Error s tatus. Las tError is also set t o this err or status.
	6571	// dwError can be se t to one o f the foll owing erro r codes de fined
	6572	// in wine rror.h:
	6573	// ERROR_S UCCESS - g ood contex t
	6574	// CRYPT_E _REVOKED - context w as revoked . dwReason contains the
	6575	// reason for revoca tion
	6576	// CRYPT_E _REVOCATIO N_OFFLINE - unable t o connect to the
	6577	// revocat ion server
	6578	// CRYPT_E _NOT_IN_RE VOCATION_D ATABASE - the contex t to be ch ecked
	6579	// was not found in the revoca tion serve r's databa se.
	6580	// CRYPT_E _NO_REVOCA TION_CHECK - the cal led revoca tion funct ion
	6581	// wasn't able to do a revocat ion check on the con text
	6582	// CRYPT_E _NO_REVOCA TION_DLL - no instal led or reg istered Dl l was
	6583	// found t o verify r evocation
	6584	// dwReaso n
	6585	// The dwR eason is c urrently o nly set fo r CRYPT_E_ REVOKED an d contains
	6586	// the rea son why th e context was revoke d. May be one of the following
	6587	// CRL rea sons defin ed by the CRL Reason Code exte nsion ("2. 5.29.21")
	6588	// CRL_REA SON_UNSPEC IFIED 0
	6589	// CRL_REA SON_KEY_CO MPROMISE 1
	6590	// CRL_REA SON_CA_COM PROMISE 2
	6591	// CRL_REA SON_AFFILI ATION_CHAN GED 3
	6592	// CRL_REA SON_SUPERS EDED 4
	6593	// CRL_REA SON_CESSAT ION_OF_OPE RATION 5
	6594	// CRL_REA SON_CERTIF ICATE_HOLD 6
	6595	//
	6596	// For eac h entry in rgpvConte xt, CertVe rifyRevoca tion itera tes
	6597	// through the CRYPT _OID_VERIF Y_REVOCATI ON_FUNC
	6598	// functio n set's li st of inst alled DEFA ULT functi ons.
	6599	// CryptGe tDefaultOI DFunctionA ddress is called wit h pwszDll = NULL. If no
	6600	// install ed functio ns are fou nd capable of doing the revoca tion verif ication,
	6601	// CryptVe rifyRevoca tion itera tes throug h CRYPT_OI D_VERIFY_R EVOCATION_ FUNC's
	6602	// list of registere d DEFAULT Dlls. Cryp tGetDefaul tOIDDllLis t is calle d to
	6603	// get the list. Cry ptGetDefau ltOIDFunct ionAddress is called to load t he Dll.
	6604	//
	6605	// The cal led functi ons have t he same si gnature as CertVerif yRevocatio n. A
	6606	// called function r eturns TRU E if it wa s able to successful ly check a ll of
	6607	// the con texts and none were revoked. O therwise, the called function returns
	6608	// FALSE a nd updates pRevStatu s. dwIndex is set to the index of
	6609	// the fir st context that was found to b e revoked or unable to be chec ked.
	6610	// dwError and LastE rror are u pdated. Fo r CRYPT_E_ REVOKED, d wReason
	6611	// is upda ted. Upon input to t he called function, dwIndex, d wError and
	6612	// dwReaso n have bee n zero'ed. cbSize ha s been che cked to be >=
	6613	// sizeof( CERT_REVOC ATION_STAT US).
	6614	//
	6615	// If the called fun ction retu rns FALSE, and dwErr or isn't s et to
	6616	// CRYPT_E _REVOKED, then, Cert VerifyRevo cation eit her contin ues on to the
	6617	// next DL L in the l ist for a returned d wIndex of 0 or for a returned
	6618	// dwIndex > 0, rest arts the p rocess of finding a verify fun ction by
	6619	// advanci ng the sta rt of the context ar ray to the returned dwIndex an d
	6620	// decreme nting the count of r emaining c ontexts.
	6621	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6622	function C ertVerifyR evocation( dwEncoding Type: DWOR D;
	6623	dwRevType: DWORD;
	6624	cContext: DWORD;
	6625	// The nex t was a "a rray of PV OID" chang ed to a PP VOID; *RWF
	6626	rgpvContex t: PPVOID; // Pointe r to an ar ray of PVO ID's
	6627	dwFlags: D WORD;
	6628	pRevPara: PCERT_REVO CATION_PAR A;
	6629	pRevStatus : PCERT_RE VOCATION_S TATUS
	6630	): BOOL; s tdcall;
	6631	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6632	// Revocat ion types
	6633	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6634	const
	6635	CERT_CONTE XT_REVOCAT ION_TYPE = 1;
	6636
	6637	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6638	// When th e followin g flag is set, rgpvC ontext[] c onsists of a chain
	6639	// of cert ificates, where rgpv Context[i + 1] is th e issuer o f rgpvCont ext[i].
	6640	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6641	const
	6642	CERT_VERIF Y_REV_CHAI N_FLAG = $ 1;
	6643
	6644	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6645	// When th e followin g flag is set, only OCSP respo nses are u sed for
	6646	// doing r evocation checking. If the cer tificate d oesn't hav e any
	6647	// OCSP AI A URLs, dw Error is s et to CRYP T_E_NOT_IN _REVOCATIO N_DATABASE .
	6648	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6649	const
	6650	CERT_VERIF Y_REV_SERV ER_OCSP_FL AG = $8;
	6651
	6652	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6653	// CERT_CO NTEXT_REVO CATION_TYP E
	6654	//
	6655	// pvConte xt points to a const CERT_CONT EXT.
	6656	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6657
	6658	// +====== ========== ========== ========== ========== ========== ========== =======
	6659	// Certifi cate Helpe r APIs
	6660	// ======= ========== ========== ========== ========== ========== ========== =======
	6661
	6662	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6663	// Compare two multi ple byte i nteger blo bs to see if they ar e identica l.
	6664	//
	6665	// Before doing the comparison , leading zero bytes are remov ed from a
	6666	// positiv e number a nd leading 0xFF byte s are remo ved from a negative
	6667	// number.
	6668	//
	6669	// The mul tiple byte integers are treate d as Littl e Endian. pbData[0] is the
	6670	// least s ignificant byte and pbData[cbD ata - 1] i s the most significa nt
	6671	// byte.
	6672	//
	6673	// Returns TRUE if t he integer blobs are identical after rem oving lead ing
	6674	// 0 or 0x FF bytes.
	6675	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6676	function C ertCompare IntegerBlo b(pInt1: P CRYPT_INTE GER_BLOB;
	6677	pInt2: PCR YPT_INTEGE R_BLOB
	6678	): BOOL; s tdcall;
	6679	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6680	// Compare two certi ficates to see if th ey are ide ntical.
	6681	//
	6682	// Since a certifica te is uniq uely ident ified by i ts Issuer and Serial Number,
	6683	// these a re the onl y fields n eeding to be compare d.
	6684	//
	6685	// Returns TRUE if t he certifi cates are identical.
	6686	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6687	function C ertCompare Certificat e(dwCertEn codingType : DWORD;
	6688	pCertId1: PCERT_INFO ;
	6689	pCertId2: PCERT_INFO ): BOOL; s tdcall;
	6690	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6691	// Compare two certi ficate nam es to see if they ar e identica l.
	6692	//
	6693	// Returns TRUE if t he names a re identic al.
	6694	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6695	function C ertCompare Certificat eName(dwCe rtEncoding Type: DWOR D;
	6696	pCertName1 : PCERT_NA ME_BLOB;
	6697	pCertName2 : PCERT_NA ME_BLOB): BOOL; stdc all;
	6698	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6699	// Compare the attri butes in t he certifi cate name with the s pecified
	6700	// Relativ e Distingu ished Name 's (CERT_R DN) array of attribu tes.
	6701	// The com parison it erates thr ough the C ERT_RDN at tributes a nd looks f or an
	6702	// attribu te match i n any of t he certifi cate name' s RDNs.
	6703	// Returns TRUE if a ll the att ributes ar e found an d match.
	6704	//
	6705	// The CER T_RDN_ATTR fields ca n have the following special v alues:
	6706	// pszObjI d == NULL - ignor e the attr ibute obje ct identif ier
	6707	// dwValue Type == RD N_ANY_TYPE - ignor e the valu e type
	6708	//
	6709	// Current ly only an exact, ca se sensiti ve match i s supporte d.
	6710	//
	6711	// CERT_UN ICODE_IS_R DN_ATTRS_F LAG should be set if the pRDN was initia lized
	6712	// with un icode stri ngs as for CryptEnco deObject(X 509_UNICOD E_NAME).
	6713	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6714	function C ertIsRDNAt trsInCerti ficateName (dwCertEnc odingType: DWORD;
	6715	dwFlags: D WORD;
	6716	pCertName: PCERT_NAM E_BLOB;
	6717	pRDN: PCER T_RDN): BO OL; stdcal l;
	6718
	6719	const
	6720	CERT_UNICO DE_IS_RDN_ ATTRS_FLAG = $1;
	6721
	6722	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6723	// Compare two publi c keys to see if the y are iden tical.
	6724	//
	6725	// Returns TRUE if t he keys ar e identica l.
	6726	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6727	function C ertCompare PublicKeyI nfo(dwCert EncodingTy pe: DWORD;
	6728	pPublicKey 1: PCERT_P UBLIC_KEY_ INFO;
	6729	pPublicKey 2: PCERT_P UBLIC_KEY_ INFO
	6730	): BOOL; s tdcall;
	6731	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6732	// Get the public/pr ivate key' s bit leng th.
	6733	//
	6734	// Returns 0 if unab le to dete rmine the key's leng th.
	6735	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6736	function C ertGetPubl icKeyLengt h(dwCertEn codingType : DWORD;
	6737	pPublicKey : PCERT_PU BLIC_KEY_I NFO
	6738	): DWORD; stdcall;
	6739	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6740	// Verify the signat ure of a s ubject cer tificate o r a CRL us ing the
	6741	// public key info
	6742	//
	6743	// Returns TRUE for a valid si gnature.
	6744	//
	6745	// hCryptP rov specif ies the cr ypto provi der to use to verify the signa ture.
	6746	// It does n't need t o use a pr ivate key.
	6747	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6748	function C ryptVerify Certificat eSignature (HCRYPTPRO V: HCRYPTP ROV;
	6749	dwCertEnco dingType: DWORD;
	6750	const pbEn coded: PBY TE;
	6751	cbEncoded: DWORD;
	6752	pPublicKey : PCERT_PU BLIC_KEY_I NFO
	6753	): BOOL; s tdcall;
	6754	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6755	// Compute the hash of the "to be signed " informat ion in the encoded
	6756	// signed content (C ERT_SIGNED _CONTENT_I NFO).
	6757	//
	6758	// hCryptP rov specif ies the cr ypto provi der to use to comput e the hash .
	6759	// It does n't need t o use a pr ivate key.
	6760	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6761	function C ryptHashTo BeSigned(H CRYPTPROV: HCRYPTPRO V;
	6762	dwCertEnco dingType: DWORD;
	6763	const pbEn coded: PBY TE;
	6764	cbEncoded: DWORD;
	6765	pbComputed Hash: PBYT E;
	6766	pcbCompute dHash: PDW ORD): BOOL ; stdcall;
	6767	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6768	// Hash th e encoded content.
	6769	//
	6770	// hCryptP rov specif ies the cr ypto provi der to use to comput e the hash .
	6771	// It does n't need t o use a pr ivate key.
	6772	//
	6773	// Algid s pecifies t he CAPI ha sh algorit hm to use. If Algid is 0, then , the
	6774	// default hash algo rithm (cur rently SHA 1) is used .
	6775	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6776	function C ryptHashCe rtificate( HCRYPTPROV : HCRYPTPR OV;
	6777	Algid: ALG _ID;
	6778	dwFlags: D WORD;
	6779	const pbEn coded: PBY TE;
	6780	cbEncoded: DWORD;
	6781	pbComputed Hash: PBYT E;
	6782	pcbCompute dHash: PDW ORD): BOOL ; stdcall;
	6783	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6784	// Sign th e "to be s igned" inf ormation i n the enco ded signed content.
	6785	//
	6786	// hCryptP rov specif ies the cr ypto provi der to use to do the signature .
	6787	// It uses the speci fied priva te key.
	6788	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6789	function C ryptSignCe rtificate( HCRYPTPROV : HCRYPTPR OV;
	6790	dwKeySpec: DWORD;
	6791	dwCertEnco dingType: DWORD;
	6792	const pbEn codedToBeS igned: PBY TE;
	6793	cbEncodedT oBeSigned: DWORD;
	6794	pSignature Algorithm: PCRYPT_AL GORITHM_ID ENTIFIER;
	6795	const pvHa shAuxInfo: PVOID;
	6796	pbSignatur e: PBYTE;
	6797	pcbSignatu re: PDWORD ): BOOL; s tdcall;
	6798	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6799	// Encode the "to be signed" i nformation . Sign the encoded " to be sign ed".
	6800	// Encode the "to be signed" a nd the sig nature.
	6801	//
	6802	// hCryptP rov specif ies the cr ypto provi der to use to do the signature .
	6803	// It uses the speci fied priva te key.
	6804	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6805	function C ryptSignAn dEncodeCer tificate(H CRYPTPROV: HCRYPTPRO V;
	6806	dwKeySpec: DWORD;
	6807	dwCertEnco dingType: DWORD;
	6808	const lpsz StructType : LPCSTR; // "to be signed"
	6809	pvStructIn fo: PVOID;
	6810	pSignature Algorithm: PCRYPT_AL GORITHM_ID ENTIFIER;
	6811	const pvHa shAuxInfo: PVOID;
	6812	pbEncoded: PBYTE;
	6813	pcbEncoded : PDWORD): BOOL; std call;
	6814
	6815	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6816	// Verify the time v alidity of a certifi cate.
	6817	//
	6818	// Returns -1 if bef ore NotBef ore, +1 if after Not After and otherwise 0 for
	6819	// a valid certifica te
	6820	//
	6821	// If pTim eToVerify is NULL, u ses the cu rrent time .
	6822	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6823	function C ertVerifyT imeValidit y(pTimeToV erify: PFI LETIME;
	6824	pCertInfo: PCERT_INF O): LONG; stdcall;
	6825
	6826	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6827	// Verify the time v alidity of a CRL.
	6828	//
	6829	// Returns -1 if bef ore ThisUp date, +1 i f after Ne xtUpdate a nd otherwi se 0 for
	6830	// a valid CRL
	6831	//
	6832	// If pTim eToVerify is NULL, u ses the cu rrent time .
	6833	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6834	function C ertVerifyC RLTimeVali dity(pTime ToVerify: PFILETIME;
	6835	pCrlInfo: PCRL_INFO) : LONG; st dcall;
	6836	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6837	// Verify that the s ubject's t ime validi ty nests w ithin the issuer's t ime
	6838	// validit y.
	6839	//
	6840	// Returns TRUE if i t nests. O therwise, returns FA LSE.
	6841	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6842	function C ertVerifyV alidityNes ting(pSubj ectInfo: P CERT_INFO;
	6843	pIssuerInf o: PCERT_I NFO): BOOL ; stdcall;
	6844	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6845	// Verify that the s ubject cer tificate i sn't on it s issuer C RL.
	6846	//
	6847	// Returns true if t he certifi cate isn't on the CR L.
	6848	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6849	function C ertVerifyC RLRevocati on(dwCertE ncodingTyp e: DWORD;
	6850	pCertId: P CERT_INFO; // Only t he Issuer and Serial Number
	6851	cCrlInfo: DWORD; // fields are used
	6852	// The nex t was an " array of P CRL_INFO" but
	6853	// changed to PPVOID to get it to work * RWF
	6854	rgpCrlInfo : PPVOID): BOOL; std call;
	6855	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6856	// Convert the CAPI AlgId to t he ASN.1 O bject Iden tifier str ing
	6857	//
	6858	// Returns NULL if t here isn't an ObjId correspond ing to the AlgId.
	6859	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6860	function C ertAlgIdTo OID(dwAlgI d: DWORD): LPCSTR; s tdcall;
	6861	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6862	// Convert the ASN.1 Object Id entifier s tring to t he CAPI Al gId.
	6863	//
	6864	// Returns 0 if ther e isn't an AlgId cor responding to the Ob jId.
	6865	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6866	function C ertOIDToAl gId(pszObj Id: LPCSTR ): DWORD; stdcall;
	6867	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6868	// Find an extension identifie d by its O bject Iden tifier.
	6869	//
	6870	// If foun d, returns pointer t o the exte nsion. Oth erwise, re turns NULL .
	6871	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6872	function C ertFindExt ension(psz ObjId: LPC STR;
	6873	cExtension s: DWORD;
	6874	rgExtensio ns: PPVOID // *RWF a rray of CE RT_EXTENSI ON
	6875	): PCERT_E XTENSION; stdcall;
	6876	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6877	// Find th e first at tribute id entified b y its Obje ct Identif ier.
	6878	//
	6879	// If foun d, returns pointer t o the attr ibute. Oth erwise, re turns NULL .
	6880	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6881	function C ertFindAtt ribute(psz ObjId: LPC STR;
	6882	cAttr: DWO RD;
	6883	rgAttr: ar ray of CRY PT_ATTRIBU TE): PCRYP T_ATTRIBUT E; stdcall ;
	6884	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6885	// Find th e first CE RT_RDN att ribute ide ntified by its Objec t Identifi er in
	6886	// the nam e's list o f Relative Distingui shed Names .
	6887	//
	6888	// If foun d, returns pointer t o the attr ibute. Oth erwise, re turns NULL .
	6889	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6890	function C ertFindRDN Attr(pszOb jId: LPCST R;
	6891	pName: PCE RT_NAME_IN FO): PCERT _RDN_ATTR; stdcall;
	6892	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6893	// Get the intended key usage bytes from the certi ficate.
	6894	//
	6895	// If the certificat e doesn't have any i ntended ke y usage by tes, retur ns FALSE
	6896	// and *pb KeyUsage i s zeroed. Otherwise, returns T RUE and up through
	6897	// cbKeyUs age bytes are copied into *pbK eyUsage. A ny remaini ng uncopie d
	6898	// bytes a re zeroed.
	6899	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6900	function C ertGetInte ndedKeyUsa ge(dwCertE ncodingTyp e: DWORD;
	6901	pCertInfo: PCERT_INF O;
	6902	pbKeyUsage : PBYTE;
	6903	cbKeyUsage : DWORD): BOOL; stdc all;
	6904
	6905	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6906	// Export the public key info associated with the provider's correspon ding
	6907	// private key.
	6908	//
	6909	// Calls C ryptExport PublicKeyI nfo with p szPublicKe yObjId = s zOID_RSA_R SA,
	6910	// dwFlags = 0 and p vAuxInfo = NULL.
	6911	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6912	function C ryptExport PublicKeyI nfo(HCRYPT PROV: HCRY PTPROV;
	6913	dwKeySpec: DWORD;
	6914	dwCertEnco dingType: DWORD;
	6915	pInfo: PCE RT_PUBLIC_ KEY_INFO;
	6916	pcbInfo: P DWORD): BO OL; stdcal l;
	6917	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6918	// Export the public key info associated with the provider's correspon ding
	6919	// private key.
	6920	//
	6921	// Uses th e dwCertEn codingType and pszPu blicKeyObj Id to call the
	6922	// install able CRYPT _OID_EXPOR T_PUBLIC_K EY_INFO_FU NC. The ca lled funct ion
	6923	// has the same sign ature as C ryptExport PublicKeyI nfoEx.
	6924	//
	6925	// If unab le to find an instal lable OID function f or the psz PublicKeyO bjId,
	6926	// attempt s to expor t as a RSA Public Ke y (szOID_R SA_RSA).
	6927	//
	6928	// The dwF lags and p vAuxInfo a ren't used for szOID _RSA_RSA.
	6929	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6930	const
	6931	CRYPT_OID_ EXPORT_PUB LIC_KEY_IN FO_FUNC = 'CryptDllE xportPubli cKeyInfoEx ';
	6932
	6933	function C ryptExport PublicKeyI nfoEx(HCRY PTPROV: HC RYPTPROV;
	6934	dwKeySpec: DWORD;
	6935	dwCertEnco dingType: DWORD;
	6936	pszPublicK eyObjId: L PSTR;
	6937	dwFlags: D WORD;
	6938	pvAuxInfo: PVOID;
	6939	pInfo: PCE RT_PUBLIC_ KEY_INFO;
	6940	pcbInfo: P DWORD): BO OL; stdcal l;
	6941	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6942	// Convert and impor t the publ ic key inf o into the provider and return a
	6943	// handle to the pub lic key.
	6944	//
	6945	// Calls C ryptImport PublicKeyI nfoEx with aiKeyAlg = 0, dwFla gs = 0 and
	6946	// pvAuxIn fo = NULL.
	6947	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6948	function C ryptImport PublicKeyI nfo(HCRYPT PROV: HCRY PTPROV;
	6949	dwCertEnco dingType: DWORD;
	6950	pInfo: PCE RT_PUBLIC_ KEY_INFO;
	6951	phKey: PHC RYPTKEY): BOOL; stdc all;
	6952	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6953	// Convert and impor t the publ ic key inf o into the provider and return a
	6954	// handle to the pub lic key.
	6955	//
	6956	// Uses th e dwCertEn codingType and pInfo ->Algorith m.pszObjId to call t he
	6957	// install able CRYPT _OID_IMPOR T_PUBLIC_K EY_INFO_FU NC. The ca lled funct ion
	6958	// has the same sign ature as C ryptImport PublicKeyI nfoEx.
	6959	//
	6960	// If unab le to find an instal lable OID function f or the psz ObjId,
	6961	// attempt s to impor t as a RSA Public Ke y (szOID_R SA_RSA).
	6962	//
	6963	// For szO ID_RSA_RSA : aiKeyAlg may be se t to CALG_ RSA_SIGN o r CALG_RSA _KEYX.
	6964	// Default s to CALG_ RSA_KEYX. The dwFlag s and pvAu xInfo aren 't used.
	6965	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6966	const
	6967	CRYPT_OID_ IMPORT_PUB LIC_KEY_IN FO_FUNC = 'CryptDllI mportPubli cKeyInfoEx ';
	6968
	6969	function C ryptImport PublicKeyI nfoEx(HCRY PTPROV: HC RYPTPROV;
	6970	dwCertEnco dingType: DWORD;
	6971	pInfo: PCE RT_PUBLIC_ KEY_INFO;
	6972	aiKeyAlg: ALG_ID;
	6973	dwFlags: D WORD;
	6974	pvAuxInfo: PVOID;
	6975	phKey: PHC RYPTKEY
	6976	): BOOL; s tdcall;
	6977	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6978	// Compute the hash of the enc oded publi c key info .
	6979	//
	6980	// The pub lic key in fo is enco ded and th en hashed.
	6981	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	6982	function C ryptHashPu blicKeyInf o(HCRYPTPR OV: HCRYPT PROV;
	6983	Algid: ALG _ID;
	6984	dwFlags: D WORD;
	6985	dwCertEnco dingType: DWORD;
	6986	pInfo: PCE RT_PUBLIC_ KEY_INFO;
	6987	pbComputed Hash: PBYT E;
	6988	pcbCompute dHash: PDW ORD): BOOL ; stdcall;
	6989	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	6990	// Convert a Name Va lue to a n ull termin ated char string
	6991	//
	6992	// Returns the numbe r of chara cters conv erted incl uding the terminatin g null
	6993	// charact er. If psz is NULL o r csz is 0 , returns the requir ed size of the
	6994	// destina tion strin g (includi ng the ter minating n ull char).
	6995	//
	6996	// If psz != NULL && csz != 0, returned psz is alw ays NULL t erminated.
	6997	//
	6998	// Note: c sz include s the NULL char.
	6999	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	7000	function C ertRDNValu eToStrA(dw ValueType: DWORD;
	7001	pValue: PC ERT_RDN_VA LUE_BLOB;
	7002	psz: LPSTR ; // OPTIO NAL
	7003	csz: DWORD ): DWORD; stdcall;
	7004	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	7005	// Convert a Name Va lue to a n ull termin ated char string
	7006	//
	7007	// Returns the numbe r of chara cters conv erted incl uding the terminatin g null
	7008	// charact er. If psz is NULL o r csz is 0 , returns the requir ed size of the
	7009	// destina tion strin g (includi ng the ter minating n ull char).
	7010	//
	7011	// If psz != NULL && csz != 0, returned psz is alw ays NULL t erminated.
	7012	//
	7013	// Note: c sz include s the NULL char.
	7014	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	7015	function C ertRDNValu eToStrW(dw ValueType: DWORD;
	7016	pValue: PC ERT_RDN_VA LUE_BLOB;
	7017	psz: LPWST R; // OPTI ONAL
	7018	csz: DWORD ): DWORD; stdcall;
	7019
	7020	function C ertRDNValu eToStr(dwV alueType: DWORD;
	7021	pValue: PC ERT_RDN_VA LUE_BLOB;
	7022	psz: LPAWS TR; // OPT IONAL
	7023	csz: DWORD ): DWORD; stdcall;
	7024
	7025	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	7026	// Convert the certi ficate nam e blob to a null ter minated ch ar string.
	7027	//
	7028	// Follows the strin g represen tation of distinguis hed names specified in
	7029	// RFC 177 9. (Note, added doub le quoting "" for em bedded quo tes, quote
	7030	// empty s trings and don't quo te strings containin g consecut ive spaces ).
	7031	// RDN val ues of typ e CERT_RDN _ENCODED_B LOB or CER T_RDN_OCTE T_STRING a re
	7032	// formatt ed in hexa decimal (e .g. #0A56C F).
	7033	//
	7034	// The nam e string i s formatte d accordin g to the d wStrType:
	7035	// CERT_SI MPLE_NAME_ STR
	7036	// The obj ect identi fiers are discarded. CERT_RDN entries ar e separate d
	7037	// by ", " . Multiple attribute s per CERT _RDN are s eparated b y " + ".
	7038	// For exa mple:
	7039	// Microso ft, Joe Co ol + Progr ammer
	7040	// CERT_OI D_NAME_STR
	7041	// The obj ect identi fiers are included w ith a "=" separator from their
	7042	// attribu te value. CERT_RDN e ntries are separated by ", ".
	7043	// Multipl e attribut es per CER T_RDN are separated by " + ". For exampl e:
	7044	// 2.5.4.1 1=Microsof t, 2.5.4.3 =Joe Cool + 2.5.4.12 =Programme r
	7045	// CERT_X5 00_NAME_ST R
	7046	// The obj ect identi fiers are converted to their X 500 key na me. Otherw ise,
	7047	// same as CERT_OID_ NAME_STR. If the obj ect identi fier doesn 't have
	7048	// a corre sponding X 500 key na me, then, the object identifie r is used with
	7049	// a "OID. " prefix. For exampl e:
	7050	// OU=Micr osoft, CN= Joe Cool + T=Program mer, OID.1 .2.3.4.5.6 =Unknown
	7051	//
	7052	// We quot e the RDN value if i t contains leading o r trailing whitespac e
	7053	// or one of the fol lowing cha racters: " ,", "+", " =", """, " \n", "<", ">",
	7054	// "#" or ";". The q uoting cha racter is ". If the the RDN Va lue contai ns
	7055	// a " it is double quoted ("" ). For exa mple:
	7056	// OU=" M icrosoft", CN="Joe " "Cool""" + T="Progra mmer, Mana ger"
	7057	//
	7058	// CERT_NA ME_STR_SEM ICOLON_FLA G can be o r'ed into dwStrType to replace
	7059	// the ", " separato r with a " ; " separa tor.
	7060	//
	7061	// CERT_NA ME_STR_CRL F_FLAG can be or'ed into dwStr Type to re place
	7062	// the ", " separato r with a " \r\n" sepa rator.
	7063	//
	7064	// CERT_NA ME_STR_NO_ PLUS_FLAG can be or' ed into dw StrType to replace t he
	7065	// " + " s eparator w ith a sing le space, " ".
	7066	//
	7067	// CERT_NA ME_STR_NO_ QUOTING_FL AG can be or'ed into dwStrType to inhibi t
	7068	// the abo ve quoting .
	7069	//
	7070	// Returns the numbe r of chara cters conv erted incl uding the terminatin g null
	7071	// charact er. If psz is NULL o r csz is 0 , returns the requir ed size of the
	7072	// destina tion strin g (includi ng the ter minating n ull char).
	7073	//
	7074	// If psz != NULL && csz != 0, returned psz is alw ays NULL t erminated.
	7075	//
	7076	// Note: c sz include s the NULL char.
	7077	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	7078
	7079	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	7080	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	7081	function C ertNameToS trA(dwCert EncodingTy pe: DWORD;
	7082	pName: PCE RT_NAME_BL OB;
	7083	dwStrType: DWORD;
	7084	psz: LPSTR ; // OPTIO NAL
	7085	csz: DWORD ): DWORD; stdcall;
	7086	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	7087	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	7088	function C ertNameToS trW(dwCert EncodingTy pe: DWORD;
	7089	pName: PCE RT_NAME_BL OB;
	7090	dwStrType: DWORD;
	7091	psz: LPWST R; // OPTI ONAL
	7092	csz: DWORD ): DWORD; stdcall;
	7093
	7094	function C ertNameToS tr(dwCertE ncodingTyp e: DWORD;
	7095	pName: PCE RT_NAME_BL OB;
	7096	dwStrType: DWORD;
	7097	psz: LPAWS TR; // OPT IONAL
	7098	csz: DWORD ): DWORD; stdcall;
	7099
	7100	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	7101	// Certifi cate name string typ es
	7102	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	7103	const
	7104	CERT_SIMPL E_NAME_STR = 1;
	7105	const
	7106	CERT_OID_N AME_STR = 2;
	7107	const
	7108	CERT_X500_ NAME_STR = 3;
	7109
	7110	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	7111	// Certifi cate name string typ e flags OR 'ed with t he above t ypes
	7112	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	7113	const
	7114	CERT_NAME_ STR_SEMICO LON_FLAG = $40000000 ;
	7115	const
	7116	CERT_NAME_ STR_NO_PLU S_FLAG = $ 20000000;
	7117	const
	7118	CERT_NAME_ STR_NO_QUO TING_FLAG = $1000000 0;
	7119	const
	7120	CERT_NAME_ STR_CRLF_F LAG = $080 00000;
	7121	const
	7122	CERT_NAME_ STR_COMMA_ FLAG = $04 000000;
	7123
	7124
	7125	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	7126	// Convert the null terminated X500 stri ng to an e ncoded cer tificate n ame.
	7127	//
	7128	// The inp ut string is expecte d to be fo rmatted th e same as the output
	7129	// from th e above Ce rtNameToSt r API.
	7130	//
	7131	// The CER T_SIMPLE_N AME_STR ty pe isn't s upported. Otherwise, when dwSt rType
	7132	// is set to 0, CERT _OID_NAME_ STR or CER T_X500_NAM E_STR, all ow either a
	7133	// case in sensitive X500 key ( CN=), case insensiti ve "OID." prefixed
	7134	// object identifier (OID.1.2. 3.4.5.6=) or an obje ct identif ier (1.2.3 .4=).
	7135	//
	7136	// If no f lags are O R'ed into dwStrType, then, all ow "," or ";" as RDN
	7137	// separat ors and "+ " as the m ultiple RD N value se parator. Q uoting is
	7138	// support ed. A quot e may be i ncluded in a quoted value by d ouble quot ing,
	7139	// for exa mple (CN=" Joe ""Cool """). A va lue starti ng with a "#" is tre ated
	7140	// as asci i hex and converted to a CERT_ RDN_OCTET_ STRING. Em bedded whi tespace
	7141	// is skip ped (1.2.3 = # AB CD 01 is th e same as 1.2.3=#ABC D01).
	7142	//
	7143	// Whitesp ace surrou nding the keys, obje ct identif ers and va lues is re moved.
	7144	//
	7145	// CERT_NA ME_STR_COM MA_FLAG ca n be or'ed into dwSt rType to o nly allow the
	7146	// "," as the RDN se parator.
	7147	//
	7148	// CERT_NA ME_STR_SEM ICOLON_FLA G can be o r'ed into dwStrType to only al low the
	7149	// ";" as the RDN se parator.
	7150	//
	7151	// CERT_NA ME_STR_CRL F_FLAG can be or'ed into dwStr Type to on ly allow
	7152	// "\r" or "\n" as t he RDN sep arator.
	7153	//
	7154	// CERT_NA ME_STR_NO_ PLUS_FLAG can be or' ed into dw StrType to ignore "+ "
	7155	// as a se parator an d not allo w multiple values pe r RDN.
	7156	//
	7157	// CERT_NA ME_STR_NO_ QUOTING_FL AG can be or'ed into dwStrType to inhibi t
	7158	// quoting .
	7159	//
	7160	// Support the follo wing X500 Keys:
	7161	//
	7162	// Key Objec t Identifi er RDN Value Typ e(s)
	7163	// --- ----- ---------- -- --- ---------- ----
	7164	// CN szOID _COMMON_NA ME Pri ntable, T6 1
	7165	// L szOID _LOCALITY_ NAME Pri ntable, T6 1
	7166	// O szOID _ORGANIZAT ION_NAME Pri ntable, T6 1
	7167	// OU szOID _ORGANIZAT IONAL_UNIT _NAME Pri ntable, T6 1
	7168	// Email szOID _RSA_email Addr Onl y IA5
	7169	// C szOID _COUNTRY_N AME Onl y Printabl e
	7170	// S szOID _STATE_OR_ PROVINCE_N AME Pri ntable, T6 1
	7171	// ST szOID _STATE_OR_ PROVINCE_N AME Pri ntable, T6 1
	7172	// STREET szOID _STREET_AD DRESS Pri ntable, T6 1
	7173	// T szOID _TITLE Pri ntable, T6 1
	7174	// Title szOID _TITLE Pri ntable, T6 1
	7175	// G szOID _GIVEN_NAM E Pri ntable, T6 1
	7176	// GivenNa me szOID _GIVEN_NAM E Pri ntable, T6 1
	7177	// I szOID _INITIALS Pri ntable, T6 1
	7178	// Initial s szOID _INITIALS Pri ntable, T6 1
	7179	// SN szOID _SUR_NAME Pri ntable, T6 1
	7180	// DC szOID _DOMAIN_CO MPONENT Onl y IA5
	7181	//
	7182	// The T61 types are UTF-8 enc oded.
	7183	//
	7184	// Returns TRUE if s uccessfull y parsed t he input s tring and encoded
	7185	// the nam e.
	7186	//
	7187	// If the input stri ng is dete cted to be invalid, *ppszError is update d
	7188	// to poin t to the b eginning o f the inva lid charac ter sequen ce. Otherw ise,
	7189	// ppszEr ror is set to NULL. ppszError is update d with a n on-NULL po inter
	7190	// for the following errors:
	7191	// CRYPT_E _INVALID_X 500_STRING
	7192	// CRYPT_E _INVALID_N UMERIC_STR ING
	7193	// CRYPT_E _INVALID_P RINTABLE_S TRING
	7194	// CRYPT_E _INVALID_I A5_STRING
	7195	//
	7196	// ppszErr or can be set to NUL L if not i nterested in getting a pointer
	7197	// to the invalid ch aracter se quence.
	7198	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	7199
	7200	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	7201	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	7202	function C ertStrToNa meA(dwCert EncodingTy pe: DWORD;
	7203	pszX500: L PCSTR;
	7204	dwStrType: DWORD;
	7205	pvReserved : PVOID;
	7206	pbEncoded: PBYTE;
	7207	pcbEncoded : PDWORD;
	7208	var ppszEr ror: array of LPCSTR ): BOOL; s tdcall; { --max-- in iziato qui }
	7209	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	7210	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	7211	function C ertStrToNa meW(dwCert EncodingTy pe: DWORD;
	7212	pszX500: L PCWSTR;
	7213	dwStrType: DWORD;
	7214	pvReserved : PVOID;
	7215	pbEncoded: PBYTE;
	7216	pcbEncoded : PDWORD;
	7217	var ppszEr ror: array of LPWSTR ): BOOL; s tdcall;
	7218
	7219	function C ertStrToNa me(dwCertE ncodingTyp e: DWORD;
	7220	pszX500: L PAWSTR;
	7221	dwStrType: DWORD;
	7222	pvReserved : PVOID;
	7223	pbEncoded: PBYTE;
	7224	pcbEncoded : PDWORD;
	7225	var ppszEr ror: array of LPAWST R): BOOL; stdcall;
	7226
	7227	// +====== ========== ========== ========== ========== ========== ========== =======
	7228	// Simplif ied Crypto graphic Me ssage Data Structure s and APIs
	7229	// ======= ========== ========== ========== ========== ========== ========== =======
	7230
	7231
	7232	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	7233	// Convent ions for t he pb and pcb outp ut paramet ers:
	7234	//
	7235	// Upon en try to the function:
	7236	// if pcb is OPTIONA L && pcb = = NULL, th en,
	7237	// No outp ut is retu rned
	7238	// else if pb == NUL L && pcb ! = NULL, th en,
	7239	// Length only deter mination. No length error is
	7240	// returne d.
	7241	// otherwi se where ( pb != NULL && pcb != NULL && * pcb != 0)
	7242	// Output is returne d. If *pcb isn't big enough a
	7243	// length error is r eturned. I n all case s *pcb is updated
	7244	// with th e actual l ength need ed/returne d.
	7245	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	7246
	7247
	7248	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	7249	// Type de finitions of the par ameters us ed for doi ng the cry ptographic
	7250	// operati ons.
	7251	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	7252
	7253	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	7254	// Callbac k to get a nd verify the signer 's certifi cate.
	7255	//
	7256	// Passed the CertId of the si gner (its Issuer and SerialNum ber) and a
	7257	// handle to its cry ptographic signed me ssage's ce rt store.
	7258	//
	7259	// For CRY PT_E_NO_SI GNER, call ed with pS ignerId == NULL.
	7260	//
	7261	// For a v alid signe r certific ate, retur ns a point er to a re ad only
	7262	// CERT_CO NTEXT. The returned CERT_CONTE XT is eith er obtaine d from a
	7263	// cert st ore or was created v ia CertCre ateCertifi cateContex t. For eit her case,
	7264	// its fre ed via Cer tFreeCerti ficateCont ext.
	7265	//
	7266	// If a va lid certif icate isn' t found, t his callba ck returns NULL with
	7267	// LastErr or set via SetLastEr ror().
	7268	//
	7269	// The NUL L implemen tation tri es to get the Signer certifica te from th e
	7270	// message cert stor e. It does n't verify the certi ficate.
	7271	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	7272
	7273	type
	7274	PFN_CRYPT_ GET_SIGNER _CERTIFICA TE = funct ion(pvGetA rg: PVOID;
	7275	dwCertEnco dingType: DWORD;
	7276	pSignerId: PCERT_INF O; // Only the Issue r and Seri alNumber
	7277	hMsgCertSt ore: HCERT STORE // f ields have been upda ted
	7278	): PCCERT_ CONTEXT; s tdcall;
	7279	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	7280	// The CRY PT_SIGN_ME SSAGE_PARA are used for signin g messages using the
	7281	// specifi ed signing certifica te context s. (Note, allows mul tiple sign ers.)
	7282	//
	7283	// Either the CERT_K EY_PROV_HA NDLE_PROP_ ID or CERT _KEY_PROV_ INFO_PROP_ ID must
	7284	// be set for each r gpSigningC ert[]. Eit her one sp ecifies th e private
	7285	// signatu re key to use.
	7286	//
	7287	// If any certificat es and/or CRLs are t o be inclu ded in the signed me ssage,
	7288	// then, t he MsgCert and MsgCr l paramete rs need to be update d. If the
	7289	// rgpSign ingCerts a re to be i ncluded, t hen, they must also be in the
	7290	// rgpMsgC ert array.
	7291	//
	7292	// cbSize must be se t to the s izeof(CRYP T_SIGN_MES SAGE_PARA) or else
	7293	// LastErr or will be updated w ith E_INVA LIDARG.
	7294	//
	7295	// pvHashA uxInfo cur rently isn 't used an d must be set to NUL L.
	7296	//
	7297	// dwFlags normally is set to 0. However , if the e ncoded out put
	7298	// is to b e a CMSG_S IGNED inne r content of an oute r cryptogr aphic mess age,
	7299	// such as a CMSG_EN VELOPED, t hen, the C RYPT_MESSA GE_BARE_CO NTENT_OUT_ FLAG
	7300	// should be set. If not set, then it wo uld be enc oded as an inner con tent
	7301	// type of CMSG_DATA .
	7302	//
	7303	// dwInner ContentTyp e is norma lly set to 0. It nee ds to be s et if the
	7304	// ToBeSig ned input is the enc oded outpu t of anoth er cryptog raphic
	7305	// message , such as, an CMSG_E NVELOPED. When set, it's one o f the cryp tographic
	7306	// message types, fo r example, CMSG_ENVE LOPED.
	7307	//
	7308	// If the inner cont ent of a n ested cryp tographic message is data (CMS G_DATA
	7309	// the def ault), the n, neither dwFlags o r dwInnerC ontentType need to b e set.
	7310	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	7311
	7312	type
	7313	PCRYPT_SIG N_MESSAGE_ PARA = ^CR YPT_SIGN_M ESSAGE_PAR A;
	7314
	7315	CRYPT_SIGN _MESSAGE_P ARA = reco rd
	7316	cbSize: DW ORD;
	7317	dwMsgEncod ingType: D WORD;
	7318	pSigningCe rt: PCCERT _CONTEXT;
	7319	HashAlgori thm: CRYPT _ALGORITHM _IDENTIFIE R;
	7320	pvHashAuxI nfo: PVOID ;
	7321	cMsgCert: DWORD;
	7322	rgpMsgCert : PPCCERT_ CONTEXT; / / pointer to array o f PCCERT_C ONTEXT
	7323	cMsgCrl: D WORD;
	7324	rgpMsgCrl: PPCCRL_CO NTEXT; // pointer to array of PCCERT_CO
	7325	cAuthAttr: DWORD;
	7326	rgAuthAttr : PCRYPT_A TTRIBUTE;
	7327	cUnauthAtt r: DWORD;
	7328	rgUnauthAt tr: PCRYPT _ATTRIBUTE ;
	7329	dwFlags: D WORD;
	7330	dwInnerCon tentType: DWORD;
	7331	end;
	7332	const
	7333	CRYPT_MESS AGE_BARE_C ONTENT_OUT _FLAG = $1 ;
	7334
	7335	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	7336	// The CRY PT_VERIFY_ MESSAGE_PA RA are use d to verif y signed m essages.
	7337	//
	7338	// hCryptP rov is use d to do ha shing and signature verificati on.
	7339	//
	7340	// The dwC ertEncodin gType spec ifies the encoding t ype of the certifica tes
	7341	// and/or CRLs in th e message.
	7342	//
	7343	// pfnGetS ignerCerti ficate is called to get and ve rify the m essage sig ner's
	7344	// certifi cate.
	7345	//
	7346	// cbSize must be se t to the s izeof(CRYP T_VERIFY_M ESSAGE_PAR A) or else
	7347	// LastErr or will be updated w ith E_INVA LIDARG.
	7348	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	7349	type
	7350	PCRYPT_VER IFY_MESSAG E_PARA = ^ CRYPT_VERI FY_MESSAGE _PARA;
	7351
	7352	CRYPT_VERI FY_MESSAGE _PARA = re cord
	7353	cbSize: DW ORD;
	7354	dwMsgAndCe rtEncoding Type: DWOR D;
	7355	HCRYPTPROV : HCRYPTPR OV;
	7356	pfnGetSign erCertific ate: PFN_C RYPT_GET_S IGNER_CERT IFICATE;
	7357	pvGetArg: PVOID;
	7358	end;
	7359
	7360	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	7361	// The CRY PT_ENCRYPT _MESSAGE_P ARA are us ed for enc rypting me ssages.
	7362	//
	7363	// hCryptP rov is use d to do co ntent encr yption, re cipient ke y
	7364	// encrypt ion, and r ecipient k ey export. Its priva te key
	7365	// isn't u sed.
	7366	//
	7367	// pvEncry ptionAuxIn fo current ly isn't u sed and mu st be set to NULL.
	7368	//
	7369	// cbSize must be se t to the s izeof(CRYP T_ENCRYPT_ MESSAGE_PA RA) or els e
	7370	// LastErr or will be updated w ith E_INVA LIDARG.
	7371	//
	7372	// dwFlags normally is set to 0. However , if the e ncoded out put
	7373	// is to b e a CMSG_E NVELOPED i nner conte nt of an o uter crypt ographic m essage,
	7374	// such as a CMSG_SI GNED, then , the CRYP T_MESSAGE_ BARE_CONTE NT_OUT_FLA G
	7375	// should be set. If not set, then it wo uld be enc oded as an inner con tent
	7376	// type of CMSG_DATA .
	7377	//
	7378	// dwInner ContentTyp e is norma lly set to 0. It nee ds to be s et if the
	7379	// ToBeEnc rypted inp ut is the encoded ou tput of an other cryp tographic
	7380	// message , such as, an CMSG_S IGNED. Whe n set, it' s one of t he cryptog raphic
	7381	// message types, fo r example, CMSG_SIGN ED.
	7382	//
	7383	// If the inner cont ent of a n ested cryp tographic message is data (CMS G_DATA
	7384	// the def ault), the n, neither dwFlags o r dwInnerC ontentType need to b e set.
	7385	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	7386	type
	7387	PCRYPT_ENC RYPT_MESSA GE_PARA = ^CRYPT_ENC RYPT_MESSA GE_PARA;
	7388
	7389	CRYPT_ENCR YPT_MESSAG E_PARA = r ecord
	7390	cbSize: DW ORD;
	7391	dwMsgEncod ingType: D WORD;
	7392	HCRYPTPROV : HCRYPTPR OV;
	7393	ContentEnc ryptionAlg orithm: CR YPT_ALGORI THM_IDENTI FIER;
	7394	pvEncrypti onAuxInfo: PVOID;
	7395	dwFlags: D WORD;
	7396	dwInnerCon tentType: DWORD;
	7397	end;
	7398
	7399	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	7400	// The CRY PT_DECRYPT _MESSAGE_P ARA are us ed for dec rypting me ssages.
	7401	//
	7402	// The Cer tContext t o use for decrypting a message is obtain ed from on e
	7403	// of the specified cert store s. An encr ypted mess age can ha ve one or
	7404	// more re cipients. The recipi ents are i dentified by their C ertId (Iss uer
	7405	// and Ser ialNumber) . The cert stores ar e searched to find t he CertCon text
	7406	// corresp onding to the CertId .
	7407	//
	7408	// Only Ce rtContexts in the st ore with e ither
	7409	// the CER T_KEY_PROV _HANDLE_PR OP_ID or C ERT_KEY_PR OV_INFO_PR OP_ID set
	7410	// can be used. Eith er propert y specifie s the priv ate exchan ge key to use.
	7411	//
	7412	// cbSize must be se t to the s izeof(CRYP T_DECRYPT_ MESSAGE_PA RA) or els e
	7413	// LastErr or will be updated w ith E_INVA LIDARG.
	7414	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	7415	type
	7416	PCRYPT_DEC RYPT_MESSA GE_PARA = ^CRYPT_DEC RYPT_MESSA GE_PARA;
	7417
	7418	CRYPT_DECR YPT_MESSAG E_PARA = r ecord
	7419	cbSize: DW ORD;
	7420	dwMsgAndCe rtEncoding Type: DWOR D;
	7421	cCertStore : DWORD;
	7422	rghCertSto re: PHCERT STORE;
	7423	end;
	7424	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	7425	// The CRY PT_HASH_ME SSAGE_PARA are used for hashin g or unhas hing
	7426	// message s.
	7427	//
	7428	// hCryptP rov is use d to compu te the has h.
	7429	//
	7430	// pvHashA uxInfo cur rently isn 't used an d must be set to NUL L.
	7431	//
	7432	// cbSize must be se t to the s izeof(CRYP T_HASH_MES SAGE_PARA) or else
	7433	// LastErr or will be updated w ith E_INVA LIDARG.
	7434	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	7435	type
	7436	PCRYPT_HAS H_MESSAGE_ PARA = ^CR YPT_HASH_M ESSAGE_PAR A;
	7437
	7438	CRYPT_HASH _MESSAGE_P ARA = reco rd
	7439	cbSize: DW ORD;
	7440	dwMsgEncod ingType: D WORD;
	7441	HCRYPTPROV : HCRYPTPR OV;
	7442	HashAlgori thm: CRYPT _ALGORITHM _IDENTIFIE R;
	7443	pvHashAuxI nfo: PVOID ;
	7444	end;
	7445
	7446	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	7447	// The CRY PT_KEY_SIG N_MESSAGE_ PARA are u sed for si gning mess ages until a
	7448	// certifi cate has b een create d for the signature key.
	7449	//
	7450	// pvHashA uxInfo cur rently isn 't used an d must be set to NUL L.
	7451	//
	7452	// If PubK eyAlgorith m isn't se t, default s to szOID _RSA_RSA.
	7453	//
	7454	// cbSize must be se t to the s izeof(CRYP T_KEY_SIGN _MESSAGE_P ARA) or el se
	7455	// LastErr or will be updated w ith E_INVA LIDARG.
	7456	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	7457	type
	7458	PCRYPT_KEY _SIGN_MESS AGE_PARA = ^CRYPT_KE Y_SIGN_MES SAGE_PARA;
	7459
	7460	CRYPT_KEY_ SIGN_MESSA GE_PARA = record
	7461	cbSize: DW ORD;
	7462	dwMsgAndCe rtEncoding Type: DWOR D;
	7463	HCRYPTPROV : HCRYPTPR OV;
	7464	dwKeySpec: DWORD;
	7465	HashAlgori thm: CRYPT _ALGORITHM _IDENTIFIE R;
	7466	pvHashAuxI nfo: PVOID ;
	7467	PubKeyAlgo rithm: CRY PT_ALGORIT HM_IDENTIF IER;
	7468	end;
	7469
	7470	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	7471	// The CRY PT_KEY_VER IFY_MESSAG E_PARA are used to v erify sign ed message s without
	7472	// a certi ficate for the signe r.
	7473	//
	7474	// Normall y used unt il a certi ficate has been crea ted for th e key.
	7475	//
	7476	// hCryptP rov is use d to do ha shing and signature verificati on.
	7477	//
	7478	// cbSize must be se t to the s izeof(CRYP T_KEY_VERI FY_MESSAGE _PARA) or else
	7479	// LastErr or will be updated w ith E_INVA LIDARG.
	7480	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	7481	type
	7482	PCRYPT_KEY _VERIFY_ME SSAGE_PARA = ^CRYPT_ KEY_VERIFY _MESSAGE_P ARA;
	7483
	7484	CRYPT_KEY_ VERIFY_MES SAGE_PARA = record
	7485	cbSize: DW ORD;
	7486	dwMsgEncod ingType: D WORD;
	7487	HCRYPTPROV : HCRYPTPR OV;
	7488	end;
	7489
	7490	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	7491	// Sign th e message.
	7492	//
	7493	// If fDet achedSigna ture is TR UE, the "t o be signe d" content isn't inc luded
	7494	// in the encoded si gned blob.
	7495	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	7496	function C ryptSignMe ssage(pSig nPara: PCR YPT_SIGN_M ESSAGE_PAR A;
	7497	fDetachedS ignature: BOOL;
	7498	cToBeSigne d: DWORD;
	7499	const rgpb ToBeSigned : PBYTE;
	7500	rgcbToBeSi gned: PDWO RD;
	7501	pbSignedBl ob: PBYTE;
	7502	pcbSignedB lob: PDWOR D): BOOL; stdcall;
	7503	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	7504	// Verify a signed m essage.
	7505	//
	7506	// If pbDe coded == N ULL, then, *pcbDecod ed is impl icitly set to 0 on i nput.
	7507	// For *pc bDecoded = = 0 && ppS ignerCert == NULL on input, th e signer i sn't
	7508	// verifie d.
	7509	//
	7510	// A messa ge might h ave more t han one si gner. Set dwSignerIn dex to ite rate
	7511	// through all the s igners. dw SignerInde x == 0 sel ects the f irst signe r.
	7512	//
	7513	// pVerify Para's pfn GetSignerC ertificate is called to get th e signer's
	7514	// certifi cate.
	7515	//
	7516	// For a v erified si gner and m essage, *p pSignerCer t is updat ed
	7517	// with th e CertCont ext of the signer. I t must be freed by c alling
	7518	// CertFre eCertifica teContext. Otherwise , *ppSigne rCert is s et to NULL .
	7519	//
	7520	// ppSigne rCert can be NULL, i ndicating the caller isn't int erested
	7521	// in gett ing the Ce rtContext of the sig ner.
	7522	//
	7523	// pcbDeco ded can be NULL, ind icating th e caller i sn't inter ested in g etting
	7524	// the dec oded conte nt. Furthe rmore, if the messag e doesn't contain an y
	7525	// content or signer s, then, p cbDecoded must be se t to NULL, to allow the
	7526	// pVerify Para->pfnG etCertific ate to be called. No rmally, th is would b e
	7527	// the cas e when the signed me ssage cont ains only certficate s and CRLs .
	7528	// If pcbD ecoded is NULL and t he message doesn't h ave the in dicated si gner,
	7529	// pfnGetC ertificate is called with pSig nerId set to NULL.
	7530	//
	7531	// If the message do esn't cont ain any si gners \|\| d wSignerInd ex > messa ge's
	7532	// SignerC ount, then , an error is return ed with La stError se t to
	7533	// CRYPT_E _NO_SIGNER . Also, fo r CRYPT_E_ NO_SIGNER, pfnGetSig nerCertifi cate
	7534	// is stil l called w ith pSigne rId set to NULL.
	7535	//
	7536	// Note, a n alternat ive way to get the c ertificate s and CRLs from a
	7537	// signed message is to call C ryptGetMes sageCertif icates.
	7538	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	7539	function C ryptVerify MessageSig nature(pVe rifyPara: PCRYPT_VER IFY_MESSAG E_PARA;
	7540	dwSignerIn dex: DWORD ;
	7541	const pbSi gnedBlob: PBYTE;
	7542	cbSignedBl ob: DWORD;
	7543	pbDecoded: PBYTE;
	7544	pcbDecoded : DWORD;
	7545	ppSignerCe rt: PCCERT _CONTEXT
	7546	): BOOL; s tdcall;
	7547	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	7548	// Returns the count of signer s in the s igned mess age. For n o signers, returns
	7549	// 0. For an error r eturns -1 with LastE rror updat ed accordi ngly.
	7550	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	7551	function C ryptGetMes sageSigner Count(dwMs gEncodingT ype: DWORD ;
	7552	const pbSi gnedBlob: PBYTE;
	7553	cbSignedBl ob: DWORD) : LONG; st dcall;
	7554	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	7555	// Returns the cert store cont aining the message's certs and CRLs.
	7556	// For an error, ret urns NULL with LastE rror updat ed.
	7557	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	7558	function C ryptGetMes sageCertif icates(dwM sgAndCertE ncodingTyp e: DWORD;
	7559	HCRYPTPROV : HCRYPTPR OV; // pas sed to Cer tOpenStore
	7560	dwFlags: D WORD; // p assed to C ertOpenSto re
	7561	const pbSi gnedBlob: PBYTE;
	7562	cbSignedBl ob: DWORD) : HCERTSTO RE; stdcal l;
	7563	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	7564	// Verify a signed m essage con taining de tached sig nature(s).
	7565	// The "to be signed " content is passed in separat ely. No
	7566	// decoded output. O therwise, identical to CryptVe rifyMessag eSignature .
	7567	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	7568	function C ryptVerify DetachedMe ssageSigna ture(pVeri fyPara: PC RYPT_VERIF Y_MESSAGE_ PARA;
	7569	dwSignerIn dex: DWORD ;
	7570	const pbDe tachedSign Blob: PBYT E;
	7571	cbDetached SignBlob: DWORD;
	7572	cToBeSigne d: DWORD;
	7573	const rgpb ToBeSigned : array of PBYTE;
	7574	rgcbToBeSi gned: arra y of DWORD ;
	7575	ppSignerCe rt: PPCCER T_CONTEXT) : BOOL; st dcall;
	7576	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	7577	// Encrypt s the mess age for th e recipien t(s).
	7578	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	7579	function C ryptEncryp tMessage(p EncryptPar a: PCRYPT_ ENCRYPT_ME SSAGE_PARA ;
	7580	cRecipient Cert: DWOR D;
	7581	rgpRecipie ntCert: ar ray of PCC ERT_CONTEX T;
	7582	const pbTo BeEncrypte d: PBYTE;
	7583	cbToBeEncr ypted: DWO RD;
	7584	pbEncrypte dBlob: PBY TE;
	7585	pcbEncrypt edBlob: PD WORD): BOO L; stdcall ;
	7586	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	7587	// Decrypt s the mess age.
	7588	//
	7589	// If pbDe crypted == NULL, the n, *pcbDec rypted is implicitly set to 0 on input.
	7590	// For *pc bDecrypted == 0 && p pXchgCert == NULL on input, th e message isn't
	7591	// decrypt ed.
	7592	//
	7593	// For a s uccessfull y decrypte d message, *ppXchgCe rt is upda ted
	7594	// with th e CertCont ext used t o decrypt. It must b e freed by calling
	7595	// CertSto reFreeCert . Otherwis e, *ppXchg Cert is se t to NULL.
	7596	//
	7597	// ppXchgC ert can be NULL, ind icating th e caller i sn't inter ested
	7598	// in gett ing the Ce rtContext used to de crypt.
	7599	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	7600	function C ryptDecryp tMessage(p DecryptPar a: PCRYPT_ DECRYPT_ME SSAGE_PARA ;
	7601	const pbEn cryptedBlo b: PBYTE;
	7602	cbEncrypte dBlob: DWO RD;
	7603	pbDecrypte d: PBYTE;
	7604	pcbDecrypt ed: PDWORD ;
	7605	ppXchgCert : PPCCERT_ CONTEXT): BOOL; stdc all;
	7606	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	7607	// Sign th e message and encryp t for the recipient( s). Does a CryptSign Message
	7608	// followe d with a C ryptEncryp tMessage.
	7609	//
	7610	// Note: t his isn't the CMSG_S IGNED_AND_ ENVELOPED. Its a CMS G_SIGNED
	7611	// inside of an CMSG _ENVELOPED .
	7612	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	7613	function C ryptSignAn dEncryptMe ssage(pSig nPara: PCR YPT_SIGN_M ESSAGE_PAR A;
	7614	pEncryptPa ra: PCRYPT _ENCRYPT_M ESSAGE_PAR A;
	7615	cRecipient Cert: DWOR D;
	7616	rgpRecipie ntCert: ar ray of PCC ERT_CONTEX T;
	7617	const pbTo BeSignedAn dEncrypted : PBYTE;
	7618	cbToBeSign edAndEncry pted: DWOR D;
	7619	pbSignedAn dEncrypted Blob: PBYT E;
	7620	pcbSignedA ndEncrypte dBlob: PDW ORD
	7621	): BOOL; s tdcall;
	7622	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	7623	// Decrypt s the mess age and ve rifies the signer. D oes a Cryp tDecryptMe ssage
	7624	// followe d with a C ryptVerify MessageSig nature.
	7625	//
	7626	// If pbDe crypted == NULL, the n, *pcbDec rypted is implicitly set to 0 on input.
	7627	// For *pc bDecrypted == 0 && p pSignerCer t == NULL on input, the signer isn't
	7628	// verifie d.
	7629	//
	7630	// A messa ge might h ave more t han one si gner. Set dwSignerIn dex to ite rate
	7631	// through all the s igners. dw SignerInde x == 0 sel ects the f irst signe r.
	7632	//
	7633	// The pVe rifyPara's VerifySig nerPolicy is called to verify the signer 's
	7634	// certifi cate.
	7635	//
	7636	// For a s uccessfull y decrypte d and veri fied messa ge, *ppXch gCert and
	7637	// *ppSign erCert are updated. They must be freed b y calling
	7638	// CertSto reFreeCert . Otherwis e, they ar e set to N ULL.
	7639	//
	7640	// ppXchgC ert and/or ppSignerC ert can be NULL, ind icating th e
	7641	// caller isn't inte rested in getting th e CertCont ext.
	7642	//
	7643	// Note: t his isn't the CMSG_S IGNED_AND_ ENVELOPED. Its a CMS G_SIGNED
	7644	// inside of an CMSG _ENVELOPED .
	7645	//
	7646	// The mes sage alway s needs to be decryp ted to all ow access to the
	7647	// signed message. T herefore, if ppXchgC ert != NUL L, its alw ays update d.
	7648	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	7649	function C ryptDecryp tAndVerify MessageSig nature(pDe cryptPara: PCRYPT_DE CRYPT_MESS AGE_PARA;
	7650	pVerifyPar a: PCRYPT_ VERIFY_MES SAGE_PARA;
	7651	dwSignerIn dex: DWORD ;
	7652	const pbEn cryptedBlo b: PBYTE;
	7653	cbEncrypte dBlob: DWO RD;
	7654	pbDecrypte d: PBYTE;
	7655	pcbDecrypt ed: PDWORD ;
	7656	var ppXchg Cert: arra y of PCCER T_CONTEXT;
	7657	var ppSign erCert: ar ray of PCC ERT_CONTEX T
	7658	): BOOL; s tdcall;
	7659	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	7660	// Decodes a cryptog raphic mes sage which may be on e of the f ollowing t ypes:
	7661	// CMSG_DA TA
	7662	// CMSG_SI GNED
	7663	// CMSG_EN VELOPED
	7664	// CMSG_SI GNED_AND_E NVELOPED
	7665	// CMSG_HA SHED
	7666	//
	7667	// dwMsgTy peFlags sp ecifies th e set of a llowable m essages. F or example , to
	7668	// decode either SIG NED or ENV ELOPED mes sages, set dwMsgType Flags to:
	7669	// CMSG_SI GNED_FLAG \| CMSG_ENV ELOPED_FLA G.
	7670	//
	7671	// dwProvI nnerConten tType is o nly applic able when processing nested
	7672	// crytogr aphic mess ages. When processin g an outer crytograp hic messag e
	7673	// it must be set to 0. When d ecoding a nested cry ptographic message
	7674	// its the dwInnerCo ntentType returned b y a previo us CryptDe codeMessag e
	7675	// of the outer mess age. The I nnerConten tType can be any of the CMSG t ypes,
	7676	// for exa mple, CMSG _DATA, CMS G_SIGNED, ...
	7677	//
	7678	// The opt ional *pdw MsgType is updated w ith the ty pe of mess age.
	7679	//
	7680	// The opt ional *pdw InnerConte ntType is updated wi th the typ e of the i nner
	7681	// message . Unless t here is cr yptographi c message nesting, C MSG_DATA
	7682	// is retu rned.
	7683	//
	7684	// For CMS G_DATA: re turns deco ded conten t.
	7685	// For CMS G_SIGNED: same as Cr yptVerifyM essageSign ature.
	7686	// For CMS G_ENVELOPE D: same as CryptDecr yptMessage .
	7687	// For CMS G_SIGNED_A ND_ENVELOP ED: same a s CryptDec ryptMessag e plus
	7688	// CryptVe rifyMessag eSignature .
	7689	// For CMS G_HASHED: verifies t he hash an d returns decoded co ntent.
	7690	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	7691	function C ryptDecode Message(dw MsgTypeFla gs: DWORD;
	7692	pDecryptPa ra: PCRYPT _DECRYPT_M ESSAGE_PAR A;
	7693	pVerifyPar a: PCRYPT_ VERIFY_MES SAGE_PARA;
	7694	dwSignerIn dex: DWORD ;
	7695	const pbEn codedBlob: PBYTE;
	7696	cbEncodedB lob: DWORD ;
	7697	dwPrevInne rContentTy pe: DWORD;
	7698	pdwMsgType : PDWORD;
	7699	pdwInnerCo ntentType: PDWORD;
	7700	pbDecoded: PBYTE;
	7701	pcbDecoded : PDWORD;
	7702	var ppXchg Cert: arra y of PCCER T_CONTEXT;
	7703	var ppSign erCert: ar ray of PCC ERT_CONTEX T
	7704	): BOOL; s tdcall;
	7705	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	7706	// Hash th e message.
	7707	//
	7708	// If fDet achedHash is TRUE, o nly the Co mputedHash is encode d in the
	7709	// pbHashe dBlob. Oth erwise, bo th the ToB eHashed an d Computed Hash
	7710	// are enc oded.
	7711	//
	7712	// pcbHash edBlob or pcbCompute dHash can be NULL, i ndicating the caller
	7713	// isn't i nterested in getting the outpu t.
	7714	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	7715	function C ryptHashMe ssage(pHas hPara: PCR YPT_HASH_M ESSAGE_PAR A;
	7716	fDetachedH ash: BOOL;
	7717	cToBeHashe d: DWORD;
	7718	const rgpb ToBeHashed : array of PBYTE;
	7719	rgcbToBeHa shed: arra y of DWORD ;
	7720	pbHashedBl ob: PBYTE;
	7721	pcbHashedB lob: PDWOR D;
	7722	pbComputed Hash: PBYT E;
	7723	pcbCompute dHash: PDW ORD): BOOL ; stdcall;
	7724	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	7725	// Verify a hashed m essage.
	7726	//
	7727	// pcbToBe Hashed or pcbCompute dHash can be NULL,
	7728	// indicat ing the ca ller isn't intereste d in getti ng the out put.
	7729	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	7730	function C ryptVerify MessageHas h(pHashPar a: PCRYPT_ HASH_MESSA GE_PARA;
	7731	pbHashedBl ob: PBYTE;
	7732	cbHashedBl ob: DWORD;
	7733	pbToBeHash ed: PBYTE;
	7734	pcbToBeHas hed: PDWOR D;
	7735	pbComputed Hash: PBYT E;
	7736	pcbCompute dHash: PDW ORD): BOOL ; stdcall;
	7737	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	7738	// Verify a hashed m essage con taining a detached h ash.
	7739	// The "to be hashed " content is passed in separat ely. No
	7740	// decoded output. O therwise, identical to CryptVe rifyMessag eHash.
	7741	//
	7742	// pcbComp utedHash c an be NULL , indicati ng the cal ler isn't interested
	7743	// in gett ing the ou tput.
	7744	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	7745	function C ryptVerify DetachedMe ssageHash( pHashPara: PCRYPT_HA SH_MESSAGE _PARA;
	7746	pbDetached HashBlob: PBYTE;
	7747	cbDetached HashBlob: DWORD;
	7748	cToBeHashe d: DWORD;
	7749	rgpbToBeHa shed: arra y of PBYTE ;
	7750	rgcbToBeHa shed: arra y of DWORD ;
	7751	pbComputed Hash: PBYT E;
	7752	pcbCompute dHash: PDW ORD): BOOL ; stdcall;
	7753	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	7754	// Sign th e message using the provider's private k ey specifi ed in the
	7755	// paramet ers. A dum my SignerI d is creat ed and sto red in the message.
	7756	//
	7757	// Normall y used unt il a certi ficate has been crea ted for th e key.
	7758	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	7759	function C ryptSignMe ssageWithK ey(pSignPa ra: PCRYPT _KEY_SIGN_ MESSAGE_PA RA;
	7760	const pbTo BeSigned: PBYTE;
	7761	cbToBeSign ed: DWORD;
	7762	pbSignedBl ob: PBYTE;
	7763	pcbSignedB lob: PDWOR D): BOOL; stdcall;
	7764	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	7765	// Verify a signed m essage usi ng the spe cified pub lic key in fo.
	7766	//
	7767	// Normall y called b y a CA unt il it has created a certificat e for the
	7768	// key.
	7769	//
	7770	// pPublic KeyInfo co ntains the public ke y to use t o verify t he signed
	7771	// message . If NULL, the signa ture isn't verified (for insta nce, the d ecoded
	7772	// content may conta in the Pub licKeyInfo ).
	7773	//
	7774	// pcbDeco ded can be NULL, ind icating th e caller i sn't inter ested
	7775	// in gett ing the de coded cont ent.
	7776	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	7777	function C ryptVerify MessageSig natureWith Key(pVerif yPara: PCR YPT_KEY_VE RIFY_MESSA GE_PARA;
	7778	pPublicKey Info: PCER T_PUBLIC_K EY_INFO;
	7779	const pbSi gnedBlob: PBYTE;
	7780	cbSignedBl ob: DWORD;
	7781	pbDecoded: PBYTE;
	7782	pcbDecoded : PDWORD): BOOL; std call;
	7783
	7784	// +====== ========== ========== ========== ========== ========== ========== =======
	7785	// System Certificat e Store Da ta Structu res and AP Is
	7786	// ======= ========== ========== ========== ========== ========== ========== =======
	7787
	7788
	7789	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	7790	// Get a s ystem cert ificate st ore based on a subsy stem proto col.
	7791	//
	7792	// Current examples of subsyst ems protoc ols are:
	7793	// "MY" Cert Stor e hold cer ts with as sociated P rivate Key s
	7794	// "CA" Certifyin g Authorit y certs
	7795	// "ROOT" Root Cert s
	7796	// "SPC" Software publisher certs
	7797	//
	7798	//
	7799	// If hPro v is NULL the defaul t provider "1" is op ened for y ou.
	7800	// When th e store is closed th e provider is releas e. Otherwi se
	7801	// if hPro v is not N ULL, no pr ovider is created or released.
	7802	//
	7803	// The ret urned Cert Store can be search ed for an appropriat e Cert
	7804	// using t he Cert St ore API's (see certs tor.h)
	7805	//
	7806	// When do ne, the ce rt store s hould be c losed usin g CertStor eClose
	7807	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	7808
	7809	function C ertOpenSys temStoreA( hProv: HCR YPTPROV;
	7810	szSubsyste mProtocol: LPCSTR): HCERTSTORE ; stdcall;
	7811
	7812	function C ertOpenSys temStoreW( hProv: HCR YPTPROV;
	7813	szSubsyste mProtocol: LPCWSTR): HCERTSTOR E; stdcall ;
	7814
	7815	function C ertOpenSys temStore(h Prov: HCRY PTPROV;
	7816	szSubsyste mProtocol: LPAWSTR): HCERTSTOR E; stdcall ;
	7817
	7818	function C ertAddEnco dedCertifi cateToSyst emStoreA(s zCertStore Name: LPCS TR;
	7819	const pbCe rtEncoded: PBYTE;
	7820	cbCertEnco ded: DWORD ): BOOL; s tdcall;
	7821
	7822	function C ertAddEnco dedCertifi cateToSyst emStoreW(s zCertStore Name: LPCW STR;
	7823	const pbCe rtEncoded: PBYTE;
	7824	cbCertEnco ded: DWORD ): BOOL; s tdcall;
	7825
	7826	function C ertAddEnco dedCertifi cateToSyst emStore(sz CertStoreN ame: LPAWS TR;
	7827	const pbCe rtEncoded: PBYTE;
	7828	cbCertEnco ded: DWORD ): BOOL; s tdcall;
	7829
	7830	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	7831	// Find al l certific ate chains tying the given iss uer name t o any cert ificate
	7832	// that th e current user has a private k ey for.
	7833	//
	7834	// If no c ertificate chain is found, FAL SE is retu rned with LastError set
	7835	// to CRYP T_E_NOT_FO UND and th e counts z eroed.
	7836	//
	7837	// IE 3.0 ASSUMPTION :
	7838	// The cli ent certif icates are in the "M y" system store. The issuer
	7839	// cerific ates may b e in the " Root", "CA " or "My" system sto res.
	7840	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	7841	type
	7842	PCERT_CHAI N = ^CERT_ CHAIN;
	7843
	7844	CERT_CHAIN = record
	7845	cCerts: DW ORD; // nu mber of ce rts in cha in
	7846	certs: PCE RT_BLOB; / / pointer to array o f cert cha in blobs r epresentin g the cert s
	7847	keyLocator Info: CRYP T_KEY_PROV _INFO; // key locato r for cert
	7848	end;
	7849
	7850	// WINCRYP T32API This is no t exported by crypt3 2, it is e xported by softpub
	7851	function F indCertsBy Issuer(pCe rtChains: PCERT_CHAI N;
	7852	pcbCertCha ins: PDWOR D;
	7853	pcCertChai ns: PDWORD ; // count of certif icates cha ins return ed
	7854	pbEncodedI ssuerName: PBYTE; // DER encod ed issuer name
	7855	cbEncodedI ssuerName: DWORD; // count in bytes of e ncoded iss uer name
	7856	pwszPurpos e: LPCWSTR ; // "Clie ntAuth" or "CodeSign ing"
	7857	dwKeySpec: DWORD // only retur n signers supporting this keys pec
	7858	): HRESULT ; stdcall;
	7859
	7860	/// ////// ////////// ///////// VERSION 2 ////////// ////////// ////////// ////////// ////////// ////////// ////////
	7861	/// ////// ////////// ////////// ////////// ////////// ////////// ////////// /////
	7862	//
	7863	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	7864	// This da ta structu re is upda ted by a C RL revocat ion type h andler
	7865	// with th e base and possibly the delta CRL used.
	7866	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	7867	type
	7868	PCERT_REVO CATION_CRL _INFO = ^C ERT_REVOCA TION_CRL_I NFO;
	7869
	7870	CERT_REVOC ATION_CRL_ INFO = rec ord
	7871	cbSize: DW ORD;
	7872	pBaseCrlCo ntext: PCC RL_CONTEXT ;
	7873	pDeltaCrlC ontext: PC CRL_CONTEX T;
	7874
	7875	// When re voked, poi nts to ent ry in eith er of the above CRL contexts.
	7876	// Don't f ree.
	7877	pCrlEntry: PCRL_ENTR Y;
	7878	fDeltaCrlE ntry: BOOL ; // TRUE if in pDel taCrlConte xt
	7879	end;
	7880
	7881	/// ////// From Wcry pt.h SDK ////////// //////////
	7882	// +====== ========== ========== ========== ========== ========== ========== =======
	7883	// Certifi cate Chain ing Infras tructure
	7884	// ======= ========== ========== ========== ========== ========== ========== =======
	7885
	7886	//
	7887	// The cha in engine defines th e store na mespace an d cache pa rtitioning for
	7888	// the Cer tificate C haining in frastructu re. A def ault chain engine
	7889	// is defi ned for th e process which uses all defau lt system stores e.g .
	7890	// Root, C A, Trust, for chain building a nd caching . If an a pplication
	7891	// wishes to define its own st ore namesp ace or hav e its own partitione d
	7892	// cache t hen it can create it s own chai n engine. It is adv isable to create
	7893	// a chain engine at applicati on startup and use i t througho ut the lif etime
	7894	// of the applicatio n in order to get op timal cach ing behavi or
	7895	//
	7896
	7897	type
	7898	HCERTCHAIN ENGINE = U LONG;
	7899
	7900	const
	7901	HCCE_CURRE NT_USER = HCERTCHAIN ENGINE(nil );
	7902	HCCE_LOCAL _MACHINE = HCERTCHAI NENGINE($0 1);
	7903
	7904	//
	7905	// Create a certific ate chain engine.
	7906	//
	7907
	7908	//
	7909	// Configu ration par ameters fo r the cert ificate ch ain engine
	7910	//
	7911	// hRestri ctedRoot - restrict the root s tore (must be a subs et of "Roo t")
	7912	//
	7913	// hRestri ctedTrust - restrict the store for CTLs
	7914	//
	7915	// hRestri ctedOther - restrict the store for certs and CRLs
	7916	//
	7917	// cAdditi onalStore, rghAdditi onalStore - addition al stores
	7918	//
	7919	// NOTE: T he algorit hm used to define th e stores f or the eng ine is as
	7920	// follows :
	7921	//
	7922	// hRoot = hRestrict edRoot or System Sto re "Root"
	7923	//
	7924	// hTrust = hRestric tedTrust o r hWorld ( defined la ter)
	7925	//
	7926	// hOther = hRestric tedOther o r (hRestri ctedTrust == NULL) ? hWorld :
	7927	// hRestri ctedTrust + hWorld
	7928	//
	7929	// hWorld = hRoot + "CA" + "My " + "Trust " + rghAdd itionalSto re
	7930	//
	7931	// dwFlags - flags
	7932	//
	7933	// CERT_CH AIN_CACHE_ END_CERT - informati on will be cached on
	7934	// the end cert as w ell as the other
	7935	// certs i n the chai n
	7936	//
	7937	// CERT_CH AIN_THREAD _STORE_SYN C - use se parate thr ead for st ore syncs
	7938	// and rel ated cache updates
	7939	//
	7940	// CERT_CH AIN_CACHE_ ONLY_URL_R ETRIEVAL - don't hit the wire to get
	7941	// URL bas ed objects
	7942	//
	7943	// dwUrlRe trievalTim eout - tim eout for w ire based URL object retrieval s
	7944	// (millis econds)
	7945	//
	7946
	7947	const
	7948	CERT_CHAIN _CACHE_END _CERT = $0 0000001;
	7949	CERT_CHAIN _THREAD_ST ORE_SYNC = $00000002 ;
	7950	CERT_CHAIN _CACHE_ONL Y_URL_RETR IEVAL = $0 0000004;
	7951	CERT_CHAIN _USE_LOCAL _MACHINE_S TORE = $00 000008;
	7952	CERT_CHAIN _ENABLE_CA CHE_AUTO_U PDATE = $0 0000010;
	7953	CERT_CHAIN _ENABLE_SH ARE_STORE = $0000002 0;
	7954
	7955	type
	7956	PCERT_CHAI N_ENGINE_C ONFIG = ^C ERT_CHAIN_ ENGINE_CON FIG;
	7957
	7958	CERT_CHAIN _ENGINE_CO NFIG = rec ord
	7959	cbSize: DW ORD;
	7960	hRestricte dRoot: HCE RTSTORE;
	7961	hRestricte dTrust: HC ERTSTORE;
	7962	hRestricte dOther: HC ERTSTORE;
	7963	cAdditiona lStore: DW ORD;
	7964	rghAdditio nalStore: HCERTSTORE ;
	7965	dwFlags: D WORD;
	7966	dwUrlRetri evalTimeou t: DWORD; // millise conds
	7967	MaximumCac hedCertifi cates: DWO RD;
	7968	CycleDetec tionModulu s: DWORD;
	7969	end;
	7970
	7971	function C ertCreateC ertificate ChainEngin e(
	7972	pConfig: P CERT_CHAIN _ENGINE_CO NFIG;
	7973	var phChai nEngine: H CERTCHAINE NGINE): BO OL; stdcal l;
	7974
	7975	//
	7976	// Free a certificat e trust en gine
	7977	//
	7978
	7979	function C ertFreeCer tificateCh ainEngine(
	7980	hChainEngi ne: HCERTC HAINENGINE ): BOOL; s tdcall;
	7981
	7982	//
	7983	// Resync the certif icate chai n engine. This resy nc's the s tores back ing
	7984	// the eng ine and up dates the engine cac hes.
	7985	//
	7986
	7987	function C ertResyncC ertificate ChainEngin e(
	7988	hChainEngi ne: HCERTC HAINENGINE ): BOOL; s tdcall;
	7989
	7990	//
	7991	// When an applicati on request s a certif icate chai n, the dat a structur e
	7992	// returne d is in th e form of a CERT_CHA IN_CONTEXT . This co ntains
	7993	// an arra y of CERT_ SIMPLE_CHA IN where e ach simple chain goe s from
	7994	// an end cert to a self signe d cert and the chain context c onnects si mple
	7995	// chains via trust lists. Ea ch simple chain cont ains the c hain of
	7996	// certifi cates, sum mary trust informati on about t he chain a nd trust i nformation
	7997	// about e ach certif icate elem ent in the chain.
	7998	//
	7999
	8000	//
	8001	// Trust s tatus bits
	8002	//
	8003
	8004	type
	8005	PCERT_TRUS T_STATUS = ^CERT_TRU ST_STATUS;
	8006
	8007	CERT_TRUST _STATUS = record
	8008	dwErrorSta tus: DWORD ;
	8009	dwInfoStat us: DWORD;
	8010	end;
	8011
	8012	//
	8013	// The fol lowing are error sta tus bits
	8014	//
	8015
	8016	// These c an be appl ied to cer tificates and chains
	8017
	8018	const
	8019	CERT_TRUST _NO_ERROR = $0000000 0;
	8020	CERT_TRUST _IS_NOT_TI ME_VALID = $00000001 ;
	8021	CERT_TRUST _IS_NOT_TI ME_NESTED = $0000000 2;
	8022	CERT_TRUST _IS_REVOKE D = $00000 004;
	8023	CERT_TRUST _IS_NOT_SI GNATURE_VA LID = $000 00008;
	8024	CERT_TRUST _IS_NOT_VA LID_FOR_US AGE = $000 00010;
	8025	CERT_TRUST _IS_UNTRUS TED_ROOT = $00000020 ;
	8026	CERT_TRUST _REVOCATIO N_STATUS_U NKNOWN = $ 00000040;
	8027	CERT_TRUST _IS_CYCLIC = $000000 80;
	8028
	8029	CERT_TRUST _INVALID_E XTENSION = $00000100 ;
	8030	CERT_TRUST _INVALID_P OLICY_CONS TRAINTS = $00000200;
	8031	CERT_TRUST _INVALID_B ASIC_CONST RAINTS = $ 00000400;
	8032	CERT_TRUST _INVALID_N AME_CONSTR AINTS = $0 0000800;
	8033	CERT_TRUST _HAS_NOT_S UPPORTED_N AME_CONSTR AINT = $00 001000;
	8034	CERT_TRUST _HAS_NOT_D EFINED_NAM E_CONSTRAI NT = $0000 2000;
	8035	CERT_TRUST _HAS_NOT_P ERMITTED_N AME_CONSTR AINT = $00 004000;
	8036	CERT_TRUST _HAS_EXCLU DED_NAME_C ONSTRAINT = $0000800 0;
	8037
	8038	CERT_TRUST _IS_OFFLIN E_REVOCATI ON = $0100 0000;
	8039	CERT_TRUST _NO_ISSUAN CE_CHAIN_P OLICY = $0 2000000;
	8040
	8041
	8042	// These c an be appl ied to cha ins only
	8043
	8044	CERT_TRUST _IS_PARTIA L_CHAIN = $00010000;
	8045	CERT_TRUST _CTL_IS_NO T_TIME_VAL ID = $0002 0000;
	8046	CERT_TRUST _CTL_IS_NO T_SIGNATUR E_VALID = $00040000;
	8047	CERT_TRUST _CTL_IS_NO T_VALID_FO R_USAGE = $00080000;
	8048
	8049	//
	8050	// The fol lowing are info stat us bits
	8051	//
	8052
	8053	// These c an be appl ied to cer tificates only
	8054
	8055	CERT_TRUST _HAS_EXACT _MATCH_ISS UER = $000 00001;
	8056	CERT_TRUST _HAS_KEY_M ATCH_ISSUE R = $00000 002;
	8057	CERT_TRUST _HAS_NAME_ MATCH_ISSU ER = $0000 0004;
	8058	CERT_TRUST _IS_SELF_S IGNED = $0 0000008;
	8059
	8060	// These c an be appl ied to cer tificates and chains
	8061
	8062	CERT_TRUST _HAS_PREFE RRED_ISSUE R = $00000 100;
	8063	CERT_TRUST _HAS_ISSUA NCE_CHAIN_ POLICY = $ 00000200;
	8064	CERT_TRUST _HAS_VALID _NAME_CONS TRAINTS = $00000400;
	8065
	8066	// These c an be appl ied to cha ins only
	8067
	8068	CERT_TRUST _IS_COMPLE X_CHAIN = $00010000;
	8069
	8070
	8071
	8072
	8073	//
	8074	// Each ce rtificate context in a simple chain has a correspo nding chai n element
	8075	// in the simple cha in context
	8076	//
	8077	// dwError Status has CERT_TRUS T_IS_REVOK ED, pRevoc ationInfo set
	8078	// dwError Status has CERT_TRUS T_REVOCATI ON_STATUS_ UNKNOWN, p Revocation Info set
	8079
	8080	//
	8081	// Note th at the pos t processi ng revocat ion suppor ted in the first
	8082	// version only sets cbSize an d dwRevoca tionResult . Everyth ing else
	8083	// is NULL
	8084	//
	8085
	8086	//
	8087	// Revocat ion Inform ation
	8088	//
	8089
	8090	type
	8091	PCERT_REVO CATION_INF O = ^CERT_ REVOCATION _INFO;
	8092
	8093	CERT_REVOC ATION_INFO = record
	8094	cbSize: DW ORD;
	8095	dwRevocati onResult: DWORD;
	8096	pszRevocat ionOid: LP CSTR;
	8097	pvOidSpeci ficInfo: P ointer; // LPVOID
	8098
	8099	// fHasFre shnessTime is only s et if we a re able to retrieve revocation
	8100	// informa tion. For a CRL its CurrentTim e - ThisUp date.
	8101	fHasFreshn essTime: B OOL;
	8102	dwFreshnes sTime: DWO RD; // sec onds
	8103
	8104	// NonNULL for CRL b ase revoca tion check ing
	8105	pCrlInfo: PCERT_REVO CATION_CRL _INFO;
	8106	end;
	8107
	8108
	8109	//
	8110	// Trust L ist Inform ation
	8111	//
	8112
	8113	type
	8114	PCERT_TRUS T_LIST_INF O = ^CERT_ TRUST_LIST _INFO;
	8115
	8116	CERT_TRUST _LIST_INFO = record
	8117	cbSize: DW ORD;
	8118	pCtlEntry: PCTL_ENTR Y;
	8119	pCtlContex t: PCCTL_C ONTEXT;
	8120	end;
	8121
	8122	//
	8123	// Chain E lement
	8124	//
	8125
	8126	type
	8127	PCERT_CHAI N_ELEMENT = ^CERT_CH AIN_ELEMEN T;
	8128
	8129	CERT_CHAIN _ELEMENT = record
	8130	cbSize: DW ORD;
	8131	pCertConte xt: PCCERT _CONTEXT;
	8132	TrustStatu s: CERT_TR UST_STATUS ;
	8133	pRevocatio nInfo: PCE RT_REVOCAT ION_INFO;
	8134
	8135	pIssuanceU sage: PCER T_ENHKEY_U SAGE; // I f NULL, an y
	8136	pApplicati onUsage: P CERT_ENHKE Y_USAGE; / / If NULL, any
	8137
	8138	pwszExtend edErrorInf o: LPCWSTR ; // If NU LL, none
	8139	end;
	8140
	8141
	8142
	8143	//
	8144	// The sim ple chain is an arra y of chain elements and a summ ary trust status
	8145	// for the chain
	8146	//
	8147	// rgpElem ent is a p ointer to the array rgpElement s, that po int to *r wf
	8148	// CERT_CH AIN_ELEMEN T *rw f
	8149	// rgpElem ents[0] is the end c ertificate chain ele ment
	8150	//
	8151	// rgpElem ents[cElem ent-1] is the self-s igned "roo t" certifi cate chain element
	8152	//
	8153	//
	8154
	8155	type
	8156	PCERT_SIMP LE_CHAIN = ^CERT_SIM PLE_CHAIN;
	8157
	8158	CERT_SIMPL E_CHAIN = record
	8159	cbSize: DW ORD;
	8160	TrustStatu s: CERT_TR UST_STATUS ;
	8161	cElement: DWORD;
	8162	rgpElement : PPCERT_C HAIN_ELEME NT; // Thi s is a poi nter to an list *rwf
	8163	// of CERT _CHAIN_ELE MENT point ers *rwf
	8164	pTrustList Info: PCER T_TRUST_LI ST_INFO;
	8165
	8166	// fHasRev ocationFre shnessTime is only s et if we a re able to retrieve
	8167	// revocat ion inform ation for all elemen ts checked for revoc ation.
	8168	// For a C RL its Cur rentTime - ThisUpdat e.
	8169	//
	8170	// dwRevoc ationFresh nessTime i s the larg est time a cross all elements
	8171	// checked .
	8172	fHasRevoca tionFreshn essTime: B OOL;
	8173	dwRevocati onFreshnes sTime: DWO RD; // sec onds
	8174	end;
	8175
	8176
	8177	//
	8178	// And the chain con text conta ins an arr ay of simp le chains and summar y trust
	8179	// status for all th e connecte d simple c hains
	8180	//
	8181	// rgpChai ns[0] is t he end cer tificate s imple chai n
	8182	//
	8183	// rgpChai ns[cChain- 1] is the final (pos sibly trus t list sig ner) chain which
	8184	// ends in a certifi cate which is contai ned in the root stor e
	8185	//
	8186
	8187	type
	8188	PCCERT_CHA IN_CONTEXT = ^CERT_C HAIN_CONTE XT;
	8189
	8190	CERT_CHAIN _CONTEXT = record
	8191	cbSize: DW ORD;
	8192	TrustStatu s: CERT_TR UST_STATUS ;
	8193	cChain: DW ORD;
	8194	// rgpChai n is a poi nter to an array of simple_cha in pointer s *rwf
	8195	rgpChain: PCERT_SIMP LE_CHAIN;
	8196
	8197	// Followi ng is retu rned when CERT_CHAIN _RETURN_LO WER_QUALIT Y_CONTEXTS
	8198	// is set in dwFlags
	8199	cLowerQual ityChainCo ntext: DWO RD;
	8200	rgpLowerQu alityChain Context: P CCERT_CHAI N_CONTEXT;
	8201
	8202	// fHasRev ocationFre shnessTime is only s et if we a re able to retrieve
	8203	// revocat ion inform ation for all elemen ts checked for revoc ation.
	8204	// For a C RL its Cur rentTime - ThisUpdat e.
	8205	//
	8206	// dwRevoc ationFresh nessTime i s the larg est time a cross all elements
	8207	// checked .
	8208	fHasRevoca tionFreshn essTime: B OOL;
	8209	dwRevocati onFreshnes sTime: DWO RD; // sec onds
	8210	end;
	8211
	8212
	8213	//
	8214	// When bu ilding a c hain, the there are various pa rameters u sed for fi nding
	8215	// issuing certifica tes and tr ust lists. They are identifie d in the
	8216	// followi ng structu re
	8217	//
	8218
	8219	// Default usage mat ch type is AND with value zero
	8220	const
	8221	USAGE_MATC H_TYPE_AND = $000000 00;
	8222	USAGE_MATC H_TYPE_OR = $0000000 1;
	8223
	8224	type
	8225	PCERT_USAG E_MATCH = ^CERT_USAG E_MATCH;
	8226
	8227	CERT_USAGE _MATCH = r ecord
	8228	dwType: DW ORD;
	8229	Usage: CER T_ENHKEY_U SAGE;
	8230	end;
	8231
	8232	type
	8233	PCTL_USAGE _MATCH = ^ CTL_USAGE_ MATCH;
	8234
	8235	CTL_USAGE_ MATCH = re cord
	8236	dwType: DW ORD;
	8237	Usage: CTL _USAGE;
	8238	end;
	8239
	8240	type
	8241	PCERT_CHAI N_PARA = ^ CERT_CHAIN _PARA;
	8242
	8243	CERT_CHAIN _PARA = re cord
	8244	cbSize: DW ORD;
	8245	RequestedU sage: CERT _USAGE_MAT CH;
	8246
	8247	{ #ifdef C ERT_CHAIN_ PARA_HAS_E XTRA_FIELD S
	8248
	8249	// Note, i f you #def ine CERT_C HAIN_PARA_ HAS_EXTRA_ FIELDS, th en, you
	8250	// must ze ro all unu sed fields in this d ata struct ure.
	8251	// More fi elds could be added in a futur e release.
	8252
	8253	CERT_USAGE _MATCH Req uestedIssu ancePolicy ;
	8254	DWORD dwU rlRetrieva lTimeout; // mil liseconds
	8255	BOOL fCh eckRevocat ionFreshne ssTime;
	8256	DWORD dwR evocationF reshnessTi me; // sec onds
	8257
	8258	#endif }
	8259	end;
	8260
	8261	//
	8262	// The fol lowing API is used f or retriev ing certif icate chai ns
	8263	//
	8264	// Paramet ers:
	8265	//
	8266	// hChainE ngine - the chai n engine ( namespace and cache) to use, N ULL
	8267	// mean us e the defa ult chain engine
	8268	//
	8269	// pCertCo ntext - the cont ext we are retrievin g the chai n for, it
	8270	// will be the zero index elem ent in the chain
	8271	//
	8272	// pTime - the poin t in time that we wa nt the cha in validat ed
	8273	// for. N ote that t he time do es not aff ect trust list,
	8274	// revocat ion, or ro ot store c hecking. NULL means use
	8275	// the cur rent syste m time
	8276	//
	8277	// hAdditi onalStore - addition al store t o use when looking u p objects
	8278	//
	8279	// pChainP ara - paramete rs for cha in buildin g
	8280	//
	8281	// dwFlags - flags su ch as shou ld revocat ion checki ng be done
	8282	// on the chain?
	8283	//
	8284	// pvReser ved - reserved parameter , must be NULL
	8285	//
	8286	// ppChain Context - chain co ntext retu rned
	8287	//
	8288
	8289	// CERT_CH AIN_CACHE_ END_CERT c an be used here as w ell
	8290	// Revocat ion flags are in the high nibb le
	8291	const
	8292	CERT_CHAIN _REVOCATIO N_CHECK_EN D_CERT = $ 10000000;
	8293	CERT_CHAIN _REVOCATIO N_CHECK_CH AIN = $200 00000;
	8294	CERT_CHAIN _REVOCATIO N_CHECK_CH AIN_EXCLUD E_ROOT = $ 40000000;
	8295	CERT_CHAIN _REVOCATIO N_CHECK_CA CHE_ONLY = $80000000 ;
	8296
	8297	// By defa ult, the d wUrlRetrie valTimeout in pChain Para is th e timeout used
	8298	// for eac h revocati on URL wir e retrieva l. When th e followin g flag is set,
	8299	// dwUrlRe trievalTim eout is th e accumula tive timeo ut across all
	8300	// revocat ion URL wi re retriev als.
	8301	CERT_CHAIN _REVOCATIO N_ACCUMULA TIVE_TIMEO UT = $0800 0000;
	8302
	8303	// First p ass determ ines highe st quality based upo n:
	8304	// - Chain signature valid (hi gest quali ty bit of this set)
	8305	// - Compl ete chain
	8306	// - Trust ed root (lo westest qu ality bit of this se t)
	8307	// By defa ult, secon d pass onl y consider s paths >= highest f irst pass quality
	8308	CERT_CHAIN _DISABLE_P ASS1_QUALI TY_FILTERI NG = $0000 0040;
	8309
	8310	CERT_CHAIN _RETURN_LO WER_QUALIT Y_CONTEXTS = $000000 80;
	8311
	8312	CERT_CHAIN _DISABLE_A UTH_ROOT_A UTO_UPDATE = $000001 00;
	8313
	8314	// When th is flag is set, pTim e will be used as th e timestam p time.
	8315	// pTime w ill be use d to deter mine if th e end cert ificate wa s valid at this
	8316	// time. R evocation checking w ill be rel ative to p Time.
	8317	// In addi tion, curr ent time w ill also b e used
	8318	// to dete rmine if t he certifi cate is st ill time v alid. All remaining
	8319	// CA and root certi ficates wi ll be chec ked using current ti me and not pTime.
	8320	//
	8321	// This fl ag was add ed 4/5/01 in WXP.
	8322	CERT_CHAIN _TIMESTAMP _TIME = $0 0000200;
	8323
	8324	function C ertGetCert ificateCha in(
	8325	hChainEngi ne: HCERTC HAINENGINE ;
	8326	pCertConte xt: PCCERT _CONTEXT;
	8327	pTime: PFI LETIME;
	8328	hAdditiona lStore: HC ERTSTORE;
	8329	pChainPara : PCERT_CH AIN_PARA;
	8330	dwFlags: D WORD;
	8331	pvReserved : Pointer; // LPVOID ;
	8332	var ppChai nContext: PCCERT_CHA IN_CONTEXT ): BOOL; s tdcall;
	8333
	8334	//
	8335	// Free a certificat e chain
	8336	//
	8337
	8338	function C ertFreeCer tificateCh ain(
	8339	pChainCont ext: PCCER T_CHAIN_CO NTEXT): BO OL; stdcal l;
	8340
	8341	//
	8342	// Duplica te (add a reference to) a cert ificate ch ain
	8343	//
	8344
	8345	function C ertDuplica teCertific ateChain(
	8346	pChainCont ext: PCCER T_CHAIN_CO NTEXT): PC CERT_CHAIN _CONTEXT; stdcall;
	8347
	8348	//
	8349	// Specifi c Revocati on Type OI D and stru cture defi nitions
	8350	//
	8351
	8352	//
	8353	// CRL Rev ocation OI D
	8354	//
	8355
	8356	const
	8357	REVOCATION _OID_CRL_R EVOCATION = LPCSTR(' 1');
	8358
	8359	//
	8360	// For the CRL revoc ation OID the pvRevo cationPara is NULL
	8361	//
	8362
	8363	//
	8364	// CRL Rev ocation In fo
	8365	//
	8366
	8367	type
	8368	PCRL_REVOC ATION_INFO = ^CRL_RE VOCATION_I NFO;
	8369
	8370	CRL_REVOCA TION_INFO = record
	8371	pCrlEntry: PCRL_ENTR Y;
	8372	pCrlContex t: PCCRL_C ONTEXT;
	8373	pCrlIssuer Chain: PCC ERT_CHAIN_ CONTEXT;
	8374	end;
	8375
	8376	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	8377	// Find th e first or next cert ificate ch ain contex t in the s tore.
	8378	//
	8379	// The cha in context is found according to the dwF indFlags, dwFindType and
	8380	// its pvF indPara. S ee below f or a list of the fin d types an d its para meters.
	8381	//
	8382	// If the first or n ext chain context is n't found, NULL is r eturned.
	8383	// Otherwi se, a poin ter to a r ead only C ERT_CHAIN_ CONTEXT is returned.
	8384	// CERT_CH AIN_CONTEX T must be freed by c alling Cer tFreeCerti ficateChai n
	8385	// or is f reed when passed as the
	8386	// pPrevCh ainContext on a subs equent cal l. CertDup licateCert ificateCha in
	8387	// can be called to make a dup licate.
	8388	//
	8389	// pPrevCh ainContext MUST BE N ULL on the first
	8390	// call to find the chain cont ext. To fi nd the nex t chain co ntext, the
	8391	// pPrevCh ainContext is set to the CERT_ CHAIN_CONT EXT return ed by a pr evious
	8392	// call.
	8393	//
	8394	// NOTE: a NON-NULL pPrevChain Context is always Ce rtFreeCert ificateCha in'ed by
	8395	// this fu nction, ev en for an error.
	8396	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	8397	function C ertFindCha inInStore(
	8398	HCERTSTORE : HCERTSTO RE;
	8399	dwCertEnco dingType: DWORD;
	8400	dwFindFlag s: DWORD;
	8401	dwFindType : DWORD;
	8402	const pvFi ndPara: Po inter;
	8403	pPrevChain Context: P CCERT_CHAI N_CONTEXT) : BOOL; st dcall;
	8404
	8405	const
	8406	CERT_CHAIN _FIND_BY_I SSUER = 1;
	8407
	8408
	8409	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	8410	// CERT_CH AIN_FIND_B Y_ISSUER
	8411	//
	8412	// Find a certificat e chain ha ving a pri vate key f or the end certifica te and
	8413	// matchin g one of t he given i ssuer name s. A match ing dwKeyS pec and
	8414	// enhance d key usag e can also be specif ied. Addit ionally a callback c an
	8415	// be prov ided for e ven more c aller prov ided filte ring befor e building the
	8416	// chain.
	8417	//
	8418	// By defa ult, only the issuer s in the f irst simpl e chain ar e compared
	8419	// for a n ame match. CERT_CHAI N_FIND_BY_ ISSUER_COM PLEX_CHAIN _FLAG can
	8420	// be set in dwFindF lags to ma tch issuer s in all t he simple chains.
	8421	//
	8422	// CERT_CH AIN_FIND_B Y_ISSUER_N O_KEY_FLAG can be se t in dwFin dFlags to
	8423	// not che ck if the end certif icate has a private key.
	8424	//
	8425	// CERT_CH AIN_FIND_B Y_ISSUER_C OMPARE_KEY _FLAG can be set in dwFindFlag s
	8426	// to comp are the pu blic key i n the end certificat e with the crypto
	8427	// provide r's public key. The dwAcquireP rivateKeyF lags can b e set
	8428	// in CERT _CHAIN_FIN D_BY_ISSUE R_PARA to enable cac hing of th e private key's
	8429	// HKEY re turned by the CSP.
	8430	//
	8431	// If dwCe rtEncoding Type == 0, defaults to X509_AS N_ENCODING for the
	8432	// array o f encoded issuer nam es.
	8433	//
	8434	// By defa ult, the h CertStore passed to CertFindCh ainInStore , is passe d
	8435	// as an a dditional store to C ertGetCert ificateCha in.
	8436	// CERT_CH AIN_FIND_B Y_ISSUER_C ACHE_ONLY_ FLAG can b e set in d wFindFlags
	8437	// to impr ove perfor mance by o nly search ing the ca ched syste m stores
	8438	// (root, my, ca, tr ust) to fi nd the iss uer certif icates. If you are d oing
	8439	// a find in the "my " system s tore, than , this fla g should b e set to
	8440	// improve performan ce.
	8441	//
	8442	// Setting CERT_CHAI N_FIND_BY_ ISSUER_LOC AL_MACHINE _FLAG in d wFindFlags
	8443	// restric ts CertGet Certificat eChain to search the Local Mac hine
	8444	// cached system sto res instea d of the C urrent Use r's.
	8445	//
	8446	// Setting CERT_CHAI N_FIND_BY_ ISSUER_CAC HE_ONLY_UR L_FLAG in dwFindFlag s
	8447	// restric ts CertGet Certificat eChain to only searc h the URL cache
	8448	// and not hit the w ire.
	8449	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	8450
	8451	// Returns FALSE to skip this certificat e. Otherwi se, return s TRUE to
	8452	// build a chain for this cert ificate.
	8453
	8454	// +====== ========== ========== ========== ========== ========== ========== =======
	8455	// Certifi cate Chain Policy Da ta Structu res and AP Is
	8456	// ======= ========== ========== ========== ========== ========== ========== =======
	8457	type
	8458	PCERT_CHAI N_POLICY_P ARA = ^CER T_CHAIN_PO LICY_PARA;
	8459
	8460	CERT_CHAIN _POLICY_PA RA = recor d
	8461	cbSize: DW ORD;
	8462	dwFlags: D WORD;
	8463	pvExtraPol icyPara: P ointer; // pszPolicy OID specif ic
	8464	end;
	8465
	8466	// If both lChainInd ex and lEl ementIndex are set t o -1, the dwError ap plies
	8467	// to the whole chai n context. If only l ElementInd ex is set to -1, the
	8468	// dwError applies t o the lCha inIndex'ed chain. Ot herwise, t he dwError applies
	8469	// to the certificat e element at
	8470	// pChainC ontext->rg pChain[lCh ainIndex]- >rgpElemen t[lElement Index].
	8471
	8472	type
	8473	PCERT_CHAI N_POLICY_S TATUS = ^C ERT_CHAIN_ POLICY_STA TUS;
	8474
	8475	CERT_CHAIN _POLICY_ST ATUS = rec ord
	8476	cbSize: DW ORD;
	8477	dwError: D WORD;
	8478	lChainInde x: LONG;
	8479	lElementIn dex: LONG;
	8480	pvExtraPol icyStatus: Pointer; // pszPoli cyOID spec ific
	8481	end;
	8482
	8483	// Common chain poli cy flags
	8484	const
	8485	CERT_CHAIN _POLICY_IG NORE_NOT_T IME_VALID_ FLAG = $00 000001;
	8486	CERT_CHAIN _POLICY_IG NORE_CTL_N OT_TIME_VA LID_FLAG = $00000002 ;
	8487	CERT_CHAIN _POLICY_IG NORE_NOT_T IME_NESTED _FLAG = $0 0000004;
	8488	CERT_CHAIN _POLICY_IG NORE_INVAL ID_BASIC_C ONSTRAINTS _FLAG = $0 0000008;
	8489
	8490	CERT_CHAIN _POLICY_IG NORE_ALL_N OT_TIME_VA LID_FLAGS = (
	8491	CERT_CHAIN _POLICY_IG NORE_NOT_T IME_VALID_ FLAG or
	8492	CERT_CHAIN _POLICY_IG NORE_CTL_N OT_TIME_VA LID_FLAG o r
	8493	CERT_CHAIN _POLICY_IG NORE_NOT_T IME_NESTED _FLAG);
	8494
	8495	CERT_CHAIN _POLICY_AL LOW_UNKNOW N_CA_FLAG = $0000001 0;
	8496	CERT_CHAIN _POLICY_IG NORE_WRONG _USAGE_FLA G = $00000 020;
	8497	CERT_CHAIN _POLICY_IG NORE_INVAL ID_NAME_FL AG = $0000 0040;
	8498	CERT_CHAIN _POLICY_IG NORE_INVAL ID_POLICY_ FLAG = $00 000080;
	8499
	8500	CERT_CHAIN _POLICY_IG NORE_END_R EV_UNKNOWN _FLAG = $0 0000100;
	8501	CERT_CHAIN _POLICY_IG NORE_CTL_S IGNER_REV_ UNKNOWN_FL AG = $0000 0200;
	8502	CERT_CHAIN _POLICY_IG NORE_CA_RE V_UNKNOWN_ FLAG = $00 000400;
	8503	CERT_CHAIN _POLICY_IG NORE_ROOT_ REV_UNKNOW N_FLAG = $ 00000800;
	8504
	8505	CERT_CHAIN _POLICY_IG NORE_ALL_R EV_UNKNOWN _FLAGS = (
	8506	CERT_CHAIN _POLICY_IG NORE_END_R EV_UNKNOWN _FLAG or
	8507	CERT_CHAIN _POLICY_IG NORE_CTL_S IGNER_REV_ UNKNOWN_FL AG or
	8508	CERT_CHAIN _POLICY_IG NORE_CA_RE V_UNKNOWN_ FLAG or
	8509	CERT_CHAIN _POLICY_IG NORE_ROOT_ REV_UNKNOW N_FLAG);
	8510
	8511	CERT_CHAIN _POLICY_AL LOW_TESTRO OT_FLAG = $00008000;
	8512	CERT_CHAIN _POLICY_TR UST_TESTRO OT_FLAG = $00004000;
	8513
	8514
	8515	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	8516	// Verify that the c ertificate chain sat isfies the specified policy
	8517	// require ments. If we were ab le to veri fy the cha in policy, TRUE is r eturned
	8518	// and the dwError f ield of th e pPolicyS tatus is u pdated. A dwError of 0
	8519	// (ERROR_ SUCCESS, S _OK) indic ates the c hain satis fies the s pecified p olicy.
	8520	//
	8521	// If dwEr ror applie s to the e ntire chai n context, both lCha inIndex an d
	8522	// lElemen tIndex are set to -1 . If dwErr or applies to a simp le chain,
	8523	// lElemen tIndex is set to -1 and lChain Index is s et to the index of t he
	8524	// first o ffending c hain havin g the erro r. If dwEr ror applie s to a
	8525	// certifi cate eleme nt, lChain Index and lElementIn dex are up dated to
	8526	// index t he first o ffending c ertificate having th e error, w here, the
	8527	// the cer tificate e lement is at:
	8528	// pChainC ontext->rg pChain[lCh ainIndex]- >rgpElemen t[lElement Index].
	8529	//
	8530	// The dwF lags in pP olicyPara can be set to change the defau lt policy checking
	8531	// behavio ur. In add ition, pol icy specif ic paramet ers can be passed in
	8532	// the pvE xtraPolicy Para field of pPolic yPara.
	8533	//
	8534	// In addi tion to re turning dw Error, in pPolicySta tus, polic y OID spec ific
	8535	// extra s tatus may be returne d via pvEx traPolicyS tatus.
	8536	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	8537
	8538	function C ertVerifyC ertificate ChainPolic y(
	8539	pszPolicyO ID: LPCSTR ;
	8540	pChainCont ext: PCCER T_CHAIN_CO NTEXT;
	8541	pPolicyPar a: PCERT_C HAIN_POLIC Y_PARA;
	8542	var pPolic yStatus: P CERT_CHAIN _POLICY_ST ATUS): BOO L; stdcall ;
	8543
	8544	// Predefi ned OID Fu nction Nam es
	8545	const
	8546	CRYPT_OID_ VERIFY_CER TIFICATE_C HAIN_POLIC Y_FUNC =
	8547	'CertDllVe rifyCertif icateChain Policy';
	8548
	8549	// CertDll VerifyCert ificateCha inPolicy h as same fu nction sig nature as
	8550	// CertVer ifyCertifi cateChainP olicy.
	8551
	8552	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	8553	// Predefi ned verify chain pol icies
	8554	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	8555	const
	8556	CERT_CHAIN _POLICY_BA SE = LPCST R('1');
	8557	CERT_CHAIN _POLICY_AU THENTICODE = LPCSTR( '2');
	8558	CERT_CHAIN _POLICY_AU THENTICODE _TS = LPCS TR('3');
	8559	CERT_CHAIN _POLICY_SS L = LPCSTR ('4');
	8560	CERT_CHAIN _POLICY_BA SIC_CONSTR AINTS = LP CSTR('5');
	8561	CERT_CHAIN _POLICY_NT _AUTH = LP CSTR('6');
	8562	CERT_CHAIN _POLICY_MI CROSOFT_RO OT = LPCST R('7');
	8563
	8564	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	8565	// CERT_CH AIN_POLICY _BASE
	8566	//
	8567	// Impleme nts the ba se chain p olicy veri fication c hecks. dwF lags can
	8568	// be set in pPolicy Para to al ter the de fault poli cy checkin g behaviou r.
	8569	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	8570
	8571	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	8572	// CERT_CH AIN_POLICY _AUTHENTIC ODE
	8573	//
	8574	// Impleme nts the Au thenticode chain pol icy verifi cation che cks.
	8575	//
	8576	// pvExtra PolicyPara may optio nally be s et to poin t to the f ollowing
	8577	// AUTHENT ICODE_EXTR A_CERT_CHA IN_POLICY_ PARA.
	8578	//
	8579	// pvExtra PolicyStat us may opt ionally be set to po int to the following
	8580	// AUTHENT ICODE_EXTR A_CERT_CHA IN_POLICY_ STATUS.
	8581	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	8582
	8583	// dwRegPo licySettin gs are def ined in wi ntrust.h
	8584	type
	8585	PAUTHENTIC ODE_EXTRA_ CERT_CHAIN _POLICY_PA RA =
	8586	^AUTHENTIC ODE_EXTRA_ CERT_CHAIN _POLICY_PA RA;
	8587
	8588	AUTHENTICO DE_EXTRA_C ERT_CHAIN_ POLICY_PAR A = record
	8589	cbSize: DW ORD;
	8590	dwRegPolic ySettings: DWORD;
	8591	pSignerInf o: PCMSG_S IGNER_INFO ; // optio nal
	8592	end;
	8593
	8594	type
	8595	PAUTHENTIC ODE_EXTRA_ CERT_CHAIN _POLICY_ST ATUS =
	8596	^AUTHENTIC ODE_EXTRA_ CERT_CHAIN _POLICY_ST ATUS;
	8597
	8598	AUTHENTICO DE_EXTRA_C ERT_CHAIN_ POLICY_STA TUS = reco rd
	8599	cbSize: DW ORD;
	8600	fCommercia l: BOOL; / / obtained from sign er stateme nt
	8601	end;
	8602
	8603	// +------ ---------- ---------- ---------- ---------- ---------- ---------- -------
	8604	// CERT_CH AIN_POLICY _AUTHENTIC ODE_TS
	8605	//
	8606	// Impleme nts the Au thenticode Time Stam p chain po licy verif ication ch ecks.
	8607	//
	8608	// pvExtra PolicyPara may optio nally be s et to poin t to the f ollowing
	8609	// AUTHENT ICODE_TS_E XTRA_CERT_ CHAIN_POLI CY_PARA.
	8610	//
	8611	// pvExtra PolicyStat us isn't u sed and mu st be set to NULL.
	8612	// ------- ---------- ---------- ---------- ---------- ---------- ---------- -------
	8613
	8614	// dwRegPo licySettin gs are def ined in wi ntrust.h
	8615	type
	8616	PAUTHENTIC ODE_TS_EXT RA_CERT_CH AIN_POLICY _PARA =
	8617	^AUTHENTIC ODE_TS_EXT RA_CERT_CH AIN_POLICY _PARA;
	8618
	8619	AUTHENTICO DE_TS_EXTR A_CERT_CHA IN_POLICY_ PARA = rec ord
	8620	cbSize: DW ORD;
	8621	dwRegPolic ySettings: DWORD;
	8622	fCommercia l: BOOL;
	8623	end;
	8624
	8625	/// ////// ////////// ////////// ////////// ////////// ////////// //////////
	8626	implementa tion
	8627
	8628	{ Macro in plementati on }
	8629	function G ET_ALG_CLA SS(x: inte ger): inte ger;
	8630	begin
	8631	Result : = (x and ( 7 shl 13)) ;
	8632	end;
	8633
	8634	function G ET_ALG_TYP E(x: integ er): integ er;
	8635	begin
	8636	Result : = (x and ( 15 shl 9)) ;
	8637	end;
	8638
	8639	function G ET_ALG_SID (x: intege r): intege r;
	8640	begin
	8641	Result : = (x and ( 511));
	8642	end;
	8643
	8644	function R CRYPT_SUCC EEDED(rt: BOOL): BOO L;
	8645	begin
	8646	Result : = rt = CRY PT_SUCCEED ;
	8647	end;
	8648
	8649	function R CRYPT_FAIL ED(rt: BOO L): BOOL;
	8650	begin
	8651	Result : = rt = CRY PT_FAILED;
	8652	end;
	8653
	8654	function G ET_CERT_UN ICODE_RDN_ ERR_INDEX( x: integer ): integer ;
	8655	begin
	8656	Result : = ((x shr CERT_UNICO DE_RDN_ERR _INDEX_SHI FT) and CE RT_UNICODE _RDN_ERR_I NDEX_MASK) ;
	8657	end;
	8658
	8659	function G ET_CERT_UN ICODE_ATTR _ERR_INDEX (x: intege r): intege r;
	8660	begin
	8661	Result : = ((x shr CERT_UNICO DE_ATTR_ER R_INDEX_SH IFT) and C ERT_UNICOD E_ATTR_ERR _INDEX_MAS K);
	8662	end;
	8663
	8664	function G ET_CERT_UN ICODE_VALU E_ERR_INDE X(x: integ er): integ er;
	8665	begin
	8666	Result : = (x and C ERT_UNICOD E_VALUE_ER R_INDEX_MA SK);
	8667	end;
	8668
	8669	function G ET_CERT_AL T_NAME_ENT RY_ERR_IND EX(x: DWOR D): DWORD;
	8670	begin
	8671	Result : = ((x shr CERT_ALT_N AME_ENTRY_ ERR_INDEX_ SHIFT) and CERT_ALT_ NAME_ENTRY _ERR_INDEX _MASK);
	8672	end;
	8673
	8674	function G ET_CERT_AL T_NAME_VAL UE_ERR_IND EX(x: DWOR D): DWORD;
	8675	begin
	8676	Result : = (x and C ERT_ALT_NA ME_VALUE_E RR_INDEX_M ASK);
	8677	end;
	8678
	8679	function G ET_CRL_DIS T_POINT_ER R_INDEX(x: DWORD): D WORD;
	8680	begin
	8681	Result : = ((x shr CRL_DIST_P OINT_ERR_I NDEX_SHIFT ) and CRL_ DIST_POINT _ERR_INDEX _MASK);
	8682	end;
	8683
	8684	function I S_CRL_DIST _POINT_ERR _CRL_ISSUE R(x: DWORD ): BOOL;
	8685	begin
	8686	Result : = (0 <> (x and CRL_D IST_POINT_ ERR_CRL_IS SUER_BIT)) ;
	8687	end;
	8688	/// ////// ////////// ////////// ////////// version 2 ////////// ////////// /////
	8689
	8690	function I S_CERT_RDN _CHAR_STRI NG(x: DWOR D): BOOL;
	8691	begin
	8692	Result : = BOOL(x > = CERT_RDN _NUMERIC_S TRING);
	8693	end;
	8694
	8695	function G ET_CERT_EN CODING_TYP E(x: DWORD ): DWORD;
	8696	begin
	8697	Result : = (x and C ERT_ENCODI NG_TYPE_MA SK);
	8698	end;
	8699
	8700	function G ET_CMSG_EN CODING_TYP E(x: DWORD ): DWORD;
	8701	begin
	8702	Result : = (x and C MSG_ENCODI NG_TYPE_MA SK);
	8703	end;
	8704
	8705	function I S_CERT_HAS H_PROP_ID( x: DWORD): BOOL;
	8706	begin
	8707	if (x = CERT_SHA1_ HASH_PROP_ ID) or (x = CERT_MD5 _HASH_PROP _ID) then
	8708	Result := TRUE
	8709	else
	8710	Result := FALSE;
	8711	end;
	8712	{ end Macr o }
	8713
	8714	function C ryptAcquir eContextA; external ADVAPI32 n ame 'Crypt AcquireCon textA';
	8715	{$IFDEF UN ICODE}
	8716	function C ryptAcquir eContext; external A DVAPI32 na me 'CryptA cquireCont extW';
	8717	{$ELSE}
	8718	function C ryptAcquir eContext; external A DVAPI32 na me 'CryptA cquireCont extA';
	8719	{$ENDIF}
	8720	function C ryptAcquir eContextW; external ADVAPI32 n ame 'Crypt AcquireCon textW';
	8721	function C ryptReleas eContext; external A DVAPI32 na me 'CryptR eleaseCont ext';
	8722	function C ryptGenKey ; external ADVAPI32 name 'Cryp tGenKey';
	8723	function C ryptDerive Key; exter nal ADVAPI 32 name 'C ryptDerive Key';
	8724	function C ryptDestro yKey; exte rnal ADVAP I32 name ' CryptDestr oyKey';
	8725	function C ryptSetKey Param; ext ernal ADVA PI32 name 'CryptSetK eyParam';
	8726	function C ryptGetKey Param; ext ernal ADVA PI32 name 'CryptGetK eyParam';
	8727	function C ryptSetHas hParam; ex ternal ADV API32 name 'CryptSet HashParam' ;
	8728	function C ryptGetHas hParam; ex ternal ADV API32 name 'CryptGet HashParam' ;
	8729	function C ryptSetPro vParam; ex ternal ADV API32 name 'CryptSet ProvParam' ;
	8730	function C ryptGetPro vParam; ex ternal ADV API32 name 'CryptGet ProvParam' ;
	8731	function C ryptGenRan dom; exter nal ADVAPI 32 name 'C ryptGenRan dom';
	8732	function C ryptGetUse rKey; exte rnal ADVAP I32 name ' CryptGetUs erKey';
	8733	function C ryptExport Key; exter nal ADVAPI 32 name 'C ryptExport Key';
	8734	function C ryptImport Key; exter nal ADVAPI 32 name 'C ryptImport Key';
	8735	function C ryptEncryp t; externa l ADVAPI32 name 'Cry ptEncrypt' ;
	8736	function C ryptDecryp t; externa l ADVAPI32 name 'Cry ptDecrypt' ;
	8737	function C ryptCreate Hash; exte rnal ADVAP I32 name ' CryptCreat eHash';
	8738	function C ryptHashDa ta; extern al ADVAPI3 2 name 'Cr yptHashDat a';
	8739	function C ryptHashSe ssionKey; external A DVAPI32 na me 'CryptH ashSession Key';
	8740	function C ryptDestro yHash; ext ernal ADVA PI32 name 'CryptDest royHash';
	8741	function C ryptSignHa shA; exter nal ADVAPI 32 name 'C ryptSignHa shA';
	8742	function C ryptSignHa shW; exter nal ADVAPI 32 name 'C ryptSignHa shW';
	8743	function C ryptSignHa shU; exter nal CRYPT3 2 name 'Cr yptSignHas hU';
	8744	{$IFDEF UN ICODE}
	8745	function C ryptSignHa sh; extern al ADVAPI3 2 name 'Cr yptSignHas hW';
	8746	{$ELSE}
	8747	function C ryptSignHa sh; extern al ADVAPI3 2 name 'Cr yptSignHas hA';
	8748	{$ENDIF}
	8749	function C ryptVerify SignatureA ; external ADVAPI32 name 'Cryp tVerifySig natureA';
	8750	function C ryptVerify SignatureW ; external ADVAPI32 name 'Cryp tVerifySig natureW';
	8751	{$IFDEF UN ICODE}
	8752	function C ryptVerify Signature; external ADVAPI32 n ame 'Crypt VerifySign atureW';
	8753	{$ELSE}
	8754	function C ryptVerify Signature; external ADVAPI32 n ame 'Crypt VerifySign atureA';
	8755	{$ENDIF}
	8756	function C ryptSetPro viderW; ex ternal ADV API32 name 'CryptSet ProviderW' ;
	8757	function C ryptSetPro viderA; ex ternal ADV API32 name 'CryptSet ProviderA' ;
	8758	function C ryptSetPro viderU; ex ternal CRY PT32 name 'CryptSetP roviderU';
	8759	{$IFDEF UN ICODE}
	8760	function C ryptSetPro vider; ext ernal ADVA PI32 name 'CryptSetP roviderW';
	8761	{$ELSE}
	8762	function C ryptSetPro vider; ext ernal ADVA PI32 name 'CryptSetP roviderA';
	8763	{$ENDIF}
	8764
	8765	{$IFDEF NT 5}
	8766	function C ryptSetPro viderExA; external A DVAPI32NT5 name 'Cry ptSetProvi derExA'; / / nt5 adva pi32
	8767	function C ryptSetPro viderExW; external A DVAPI32NT5 name 'Cry ptSetProvi derExW';
	8768	{$IFDEF UN ICODE}
	8769	function C ryptSetPro viderEx; e xternal AD VAPI32NT5 name 'Cryp tSetProvid erExW';
	8770	{$ELSE}
	8771	function C ryptSetPro viderEx; e xternal AD VAPI32NT5 name 'Cryp tSetProvid erExA';
	8772	{$ENDIF} / / !UNICODE
	8773
	8774	function C ryptGetDef aultProvid erA; exter nal ADVAPI 32NT5 name 'CryptGet DefaultPro viderA'; / / nt5 adva pi32
	8775	function C ryptGetDef aultProvid erW; exter nal ADVAPI 32NT5 name 'CryptGet DefaultPro viderW';
	8776	{$IFDEF UN ICODE}
	8777	function C ryptGetDef aultProvid er; extern al ADVAPI3 2NT5 name 'CryptGetD efaultProv iderW';
	8778	{$ELSE}
	8779	function C ryptGetDef aultProvid er; extern al ADVAPI3 2NT5 name 'CryptGetD efaultProv iderA';
	8780	{$ENDIF} / / !UNICODE
	8781
	8782	function C ryptEnumPr oviderType sA; extern al ADVAPI3 2NT5 name 'CryptEnum ProviderTy pesA'; // nt5 advapi 32
	8783	function C ryptEnumPr oviderType sW; extern al ADVAPI3 2NT5 name 'CryptEnum ProviderTy pesW';
	8784	{$IFDEF UN ICODE}
	8785	function C ryptEnumPr oviderType s; externa l ADVAPI32 NT5 name ' CryptEnumP roviderTyp esW';
	8786	{$ELSE}
	8787	function C ryptEnumPr oviderType s; externa l ADVAPI32 NT5 name ' CryptEnumP roviderTyp esA';
	8788	{$ENDIF} / / !UNICODE
	8789
	8790	function C ryptEnumPr ovidersA; external A DVAPI32NT5 name 'Cry ptEnumProv idersA'; / / nt5 adva pi32
	8791	function C ryptEnumPr ovidersW; external A DVAPI32NT5 name 'Cry ptEnumProv idersW';
	8792
	8793	{$IFDEF UN ICODE}
	8794	function C ryptEnumPr oviders; e xternal AD VAPI32NT5 name 'Cryp tEnumProvi dersW';
	8795	{$ELSE}
	8796	function C ryptEnumPr oviders; e xternal AD VAPI32NT5 name 'Cryp tEnumProvi dersA';
	8797	{$ENDIF} / / !UNICODE
	8798	function C ryptContex tAddRef; e xternal AD VAPI32NT5 name 'Cryp tContextAd dRef'; // nt5 advapi 32
	8799	function C ryptDuplic ateKey; ex ternal ADV API32NT5 n ame 'Crypt DuplicateK ey'; // nt 5 advapi32
	8800	function C ryptDuplic ateHash; e xternal AD VAPI32NT5 name 'Cryp tDuplicate Hash'; // nt5 advapi 32
	8801	{$ENDIF NT 5}
	8802
	8803	function C ryptEnumPr ovidersU; external C RYPT32 nam e 'CryptEn umProvider sU';
	8804	function C ryptFormat Object; ex ternal CRY PT32 name 'CryptForm atObject';
	8805	function C ryptEncode Object; ex ternal CRY PT32 name 'CryptEnco deObject';
	8806	function C ryptDecode Object; ex ternal CRY PT32 name 'CryptDeco deObject';
	8807	function C ryptInstal lOIDFuncti onAddress; external CRYPT32 na me 'CryptI nstallOIDF unctionAdd ress';
	8808	function C ryptInitOI DFunctionS et; extern al CRYPT32 name 'Cry ptInitOIDF unctionSet ';
	8809	function C ryptGetOID FunctionAd dress; ext ernal CRYP T32 name ' CryptGetOI DFunctionA ddress';
	8810	function C ryptGetDef aultOIDDll List; exte rnal CRYPT 32 name 'C ryptGetDef aultOIDDll List';
	8811	function C ryptGetDef aultOIDFun ctionAddre ss; extern al CRYPT32 name 'Cry ptGetDefau ltOIDFunct ionAddress ';
	8812	function C ryptFreeOI DFunctionA ddress; ex ternal CRY PT32 name 'CryptFree OIDFunctio nAddress';
	8813	function C ryptRegist erOIDFunct ion; exter nal CRYPT3 2 name 'Cr yptRegiste rOIDFuncti on';
	8814	function C ryptUnregi sterOIDFun ction; ext ernal CRYP T32 name ' CryptUnreg isterOIDFu nction';
	8815	function C ryptRegist erDefaultO IDFunction ; external CRYPT32 n ame 'Crypt RegisterDe faultOIDFu nction';
	8816	function C ryptUnregi sterDefaul tOIDFuncti on; extern al CRYPT32 name 'Cry ptUnregist erDefaultO IDFunction ';
	8817	function C ryptSetOID FunctionVa lue; exter nal CRYPT3 2 name 'Cr yptSetOIDF unctionVal ue';
	8818	function C ryptGetOID FunctionVa lue; exter nal CRYPT3 2 name 'Cr yptGetOIDF unctionVal ue';
	8819	function C ryptEnumOI DFunction; external CRYPT32 na me 'CryptE numOIDFunc tion';
	8820	function C ryptFindOI DInfo; ext ernal CRYP T32 name ' CryptFindO IDInfo';
	8821
	8822	function C ryptRegist erOIDInfo; external CRYPT32 na me 'CryptR egisterOID Info';
	8823	function C ryptUnregi sterOIDInf o; externa l CRYPT32 name 'Cryp tUnregiste rOIDInfo';
	8824	function C ryptMsgOpe nToEncode; external CRYPT32 na me 'CryptM sgOpenToEn code';
	8825	function C ryptMsgCal culateEnco dedLength; external CRYPT32 na me 'CryptM sgCalculat eEncodedLe ngth';
	8826	function C ryptMsgOpe nToDecode; external CRYPT32 na me 'CryptM sgOpenToDe code';
	8827	function C ryptMsgClo se; extern al CRYPT32 name 'Cry ptMsgClose ';
	8828	function C ryptMsgUpd ate; exter nal CRYPT3 2 name 'Cr yptMsgUpda te';
	8829	function C ryptMsgCon trol; exte rnal CRYPT 32 name 'C ryptMsgCon trol';
	8830	function C ryptMsgVer ifyCounter signatureE ncoded; ex ternal CRY PT32 name 'CryptMsgV erifyCount ersignatur eEncoded';
	8831	function C ryptMsgCou ntersign; external C RYPT32 nam e 'CryptMs gCountersi gn';
	8832	function C ryptMsgCou ntersignEn coded; ext ernal CRYP T32 name ' CryptMsgCo untersignE ncoded';
	8833	function C ryptMsgGet Param; ext ernal CRYP T32 name ' CryptMsgGe tParam';
	8834	function C ertOpenSto re; extern al CRYPT32 name 'Cer tOpenStore ';
	8835	function C ertDuplica teStore; e xternal CR YPT32 name 'CertDupl icateStore ';
	8836	function C ertSaveSto re; extern al CRYPT32 name 'Cer tSaveStore ';
	8837	function C ertCloseSt ore; exter nal CRYPT3 2 name 'Ce rtCloseSto re';
	8838	function C ertGetSubj ectCertifi cateFromSt ore; exter nal CRYPT3 2 name 'Ce rtGetSubje ctCertific ateFromSto re';
	8839	function C ertEnumCer tificatesI nStore; ex ternal CRY PT32 name 'CertEnumC ertificate sInStore';
	8840	function C ertFindCer tificateIn Store; ext ernal CRYP T32 name ' CertFindCe rtificateI nStore';
	8841	function C ertGetIssu erCertific ateFromSto re; extern al CRYPT32 name 'Cer tGetIssuer Certificat eFromStore ';
	8842	function C ertVerifyS ubjectCert ificateCon text; exte rnal CRYPT 32 name 'C ertVerifyS ubjectCert ificateCon text';
	8843	function C ertDuplica teCertific ateContext ; external CRYPT32 n ame 'CertD uplicateCe rtificateC ontext';
	8844	function C ertCreateC ertificate Context; e xternal CR YPT32 name 'CertCrea teCertific ateContext ';
	8845	function C ertFreeCer tificateCo ntext; ext ernal CRYP T32 name ' CertFreeCe rtificateC ontext';
	8846	function C ertSetCert ificateCon textProper ty; extern al CRYPT32 name 'Cer tSetCertif icateConte xtProperty ';
	8847	function C ertGetCert ificateCon textProper ty; extern al CRYPT32 name 'Cer tGetCertif icateConte xtProperty ';
	8848	function C ertEnumCer tificateCo ntextPrope rties; ext ernal CRYP T32 name ' CertEnumCe rtificateC ontextProp erties';
	8849	function C ertGetCRLF romStore; external C RYPT32 nam e 'CertGet CRLFromSto re';
	8850	function C ertEnumCRL sInStore; external C RYPT32 nam e 'CertEnu mCRLsInSto re';
	8851	function C ertDuplica teCRLConte xt; extern al CRYPT32 name 'Cer tDuplicate CRLContext ';
	8852	function C ertCreateC RLContext; external CRYPT32 na me 'CertCr eateCRLCon text';
	8853	function C ertFreeCRL Context; e xternal CR YPT32 name 'CertFree CRLContext ';
	8854	function C ertSetCRLC ontextProp erty; exte rnal CRYPT 32 name 'C ertSetCRLC ontextProp erty';
	8855	function C ertGetCRLC ontextProp erty; exte rnal CRYPT 32 name 'C ertGetCRLC ontextProp erty';
	8856	function C ertEnumCRL ContextPro perties; e xternal CR YPT32 name 'CertEnum CRLContext Properties ';
	8857	function C ertAddEnco dedCertifi cateToStor e; externa l CRYPT32 name 'Cert AddEncoded Certificat eToStore';
	8858	function C ertAddCert ificateCon textToStor e; externa l CRYPT32 name 'Cert AddCertifi cateContex tToStore';
	8859	function C ertAddSeri alizedElem entToStore ; external CRYPT32 n ame 'CertA ddSerializ edElementT oStore';
	8860	function C ertDeleteC ertificate FromStore; external CRYPT32 na me 'CertDe leteCertif icateFromS tore';
	8861	function C ertAddEnco dedCRLToSt ore; exter nal CRYPT3 2 name 'Ce rtAddEncod edCRLToSto re';
	8862	function C ertAddCRLC ontextToSt ore; exter nal CRYPT3 2 name 'Ce rtAddCRLCo ntextToSto re';
	8863	function C ertDeleteC RLFromStor e; externa l CRYPT32 name 'Cert DeleteCRLF romStore';
	8864	function C ertSeriali zeCertific ateStoreEl ement; ext ernal CRYP T32 name ' CertSerial izeCertifi cateStoreE lement';
	8865	function C ertSeriali zeCRLStore Element; e xternal CR YPT32 name 'CertSeri alizeCRLSt oreElement ';
	8866	function C ertDuplica teCTLConte xt; extern al CRYPT32 name 'Cer tDuplicate CTLContext ';
	8867	function C ertCreateC TLContext; external CRYPT32 na me 'CertCr eateCTLCon text';
	8868	function C ertFreeCTL Context; e xternal CR YPT32 name 'CertFree CTLContext ';
	8869	function C ertSetCTLC ontextProp erty; exte rnal CRYPT 32 name 'C ertSetCTLC ontextProp erty';
	8870	function C ertGetCTLC ontextProp erty; exte rnal CRYPT 32 name 'C ertGetCTLC ontextProp erty';
	8871	function C ertEnumCTL ContextPro perties; e xternal CR YPT32 name 'CertEnum CTLContext Properties ';
	8872	function C ertEnumCTL sInStore; external C RYPT32 nam e 'CertEnu mCTLsInSto re';
	8873	function C ertFindSub jectInCTL; external CRYPT32 na me 'CertFi ndSubjectI nCTL';
	8874	function C ertFindCTL InStore; e xternal CR YPT32 name 'CertFind CTLInStore ';
	8875	function C ertAddEnco dedCTLToSt ore; exter nal CRYPT3 2 name 'Ce rtAddEncod edCTLToSto re';
	8876	function C ertAddCTLC ontextToSt ore; exter nal CRYPT3 2 name 'Ce rtAddCTLCo ntextToSto re';
	8877	function C ertSeriali zeCTLStore Element; e xternal CR YPT32 name 'CertSeri alizeCTLSt oreElement ';
	8878	function C ertDeleteC TLFromStor e; externa l CRYPT32 name 'Cert DeleteCTLF romStore';
	8879	function C ertGetEnha ncedKeyUsa ge; extern al CRYPT32 name 'Cer tGetEnhanc edKeyUsage ';
	8880	function C ertSetEnha ncedKeyUsa ge; extern al CRYPT32 name 'Cer tSetEnhanc edKeyUsage ';
	8881	function C ertAddEnha ncedKeyUsa geIdentifi er; extern al CRYPT32 name 'Cer tAddEnhanc edKeyUsage Identifier ';
	8882	function C ertRemoveE nhancedKey UsageIdent ifier; ext ernal CRYP T32 name ' CertRemove EnhancedKe yUsageIden tifier';
	8883	function C ryptMsgGet AndVerifyS igner; ext ernal CRYP T32 name ' CryptMsgGe tAndVerify Signer';
	8884	function C ryptMsgSig nCTL; exte rnal CRYPT 32 name 'C ryptMsgSig nCTL';
	8885	function C ryptMsgEnc odeAndSign CTL; exter nal CRYPT3 2 name 'Cr yptMsgEnco deAndSignC TL';
	8886	function C ertVerifyC TLUsage; e xternal CR YPT32 name 'CertVeri fyCTLUsage ';
	8887	function C ertVerifyR evocation; external CRYPT32 na me 'CertVe rifyRevoca tion';
	8888	function C ertCompare IntegerBlo b; externa l CRYPT32 name 'Cert CompareInt egerBlob';
	8889	function C ertCompare Certificat e; externa l CRYPT32 name 'Cert CompareCer tificate';
	8890	function C ertCompare Certificat eName; ext ernal CRYP T32 name ' CertCompar eCertifica teName';
	8891	function C ertIsRDNAt trsInCerti ficateName ; external CRYPT32 n ame 'CertI sRDNAttrsI nCertifica teName';
	8892	function C ertCompare PublicKeyI nfo; exter nal CRYPT3 2 name 'Ce rtCompareP ublicKeyIn fo';
	8893	function C ertGetPubl icKeyLengt h; externa l CRYPT32 name 'Cert GetPublicK eyLength';
	8894	function C ryptVerify Certificat eSignature ; external CRYPT32 n ame 'Crypt VerifyCert ificateSig nature';
	8895	function C ryptHashTo BeSigned; external C RYPT32 nam e 'CryptHa shToBeSign ed';
	8896	function C ryptHashCe rtificate; external CRYPT32 na me 'CryptH ashCertifi cate';
	8897	function C ryptSignCe rtificate; external CRYPT32 na me 'CryptS ignCertifi cate';
	8898	function C ryptSignAn dEncodeCer tificate; external C RYPT32 nam e 'CryptSi gnAndEncod eCertifica te';
	8899	function C ertVerifyT imeValidit y; externa l CRYPT32 name 'Cert VerifyTime Validity';
	8900	function C ertVerifyC RLTimeVali dity; exte rnal CRYPT 32 name 'C ertVerifyC RLTimeVali dity';
	8901	function C ertVerifyV alidityNes ting; exte rnal CRYPT 32 name 'C ertVerifyV alidityNes ting';
	8902	function C ertVerifyC RLRevocati on; extern al CRYPT32 name 'Cer tVerifyCRL Revocation ';
	8903	function C ertAlgIdTo OID; exter nal CRYPT3 2 name 'Ce rtAlgIdToO ID';
	8904	function C ertOIDToAl gId; exter nal CRYPT3 2 name 'Ce rtOIDToAlg Id';
	8905	function C ertFindExt ension; ex ternal CRY PT32 name 'CertFindE xtension';
	8906	function C ertFindAtt ribute; ex ternal CRY PT32 name 'CertFindA ttribute';
	8907	function C ertFindRDN Attr; exte rnal CRYPT 32 name 'C ertFindRDN Attr';
	8908	function C ertGetInte ndedKeyUsa ge; extern al CRYPT32 name 'Cer tGetIntend edKeyUsage ';
	8909	function C ryptExport PublicKeyI nfo; exter nal CRYPT3 2 name 'Cr yptExportP ublicKeyIn fo';
	8910	function C ryptExport PublicKeyI nfoEx; ext ernal CRYP T32 name ' CryptExpor tPublicKey InfoEx';
	8911	function C ryptImport PublicKeyI nfo; exter nal CRYPT3 2 name 'Cr yptImportP ublicKeyIn fo';
	8912	function C ryptImport PublicKeyI nfoEx; ext ernal CRYP T32 name ' CryptImpor tPublicKey InfoEx';
	8913	function C ryptHashPu blicKeyInf o; externa l CRYPT32 name 'Cryp tHashPubli cKeyInfo';
	8914	function C ertRDNValu eToStrA; e xternal CR YPT32 name 'CertRDNV alueToStrA ';
	8915	function C ertRDNValu eToStrW; e xternal CR YPT32 name 'CertRDNV alueToStrW ';
	8916	{$IFDEF UN ICODE}
	8917	function C ertRDNValu eToStr; ex ternal CRY PT32 name 'CertRDNVa lueToStrW' ;
	8918	{$ELSE}
	8919	function C ertRDNValu eToStr; ex ternal CRY PT32 name 'CertRDNVa lueToStrA' ;
	8920	{$ENDIF} / / !UNICODE
	8921	function C ertNameToS trA; exter nal CRYPT3 2 name 'Ce rtNameToSt rA';
	8922	function C ertNameToS trW; exter nal CRYPT3 2 name 'Ce rtNameToSt rW';
	8923	{$IFDEF UN ICODE}
	8924	function C ertNameToS tr; extern al CRYPT32 name 'Cer tNameToStr W';
	8925	{$ELSE}
	8926	function C ertNameToS tr; extern al CRYPT32 name 'Cer tNameToStr A';
	8927	{$ENDIF} / / !UNICODE
	8928	function C ertStrToNa meW; exter nal CRYPT3 2 name 'Ce rtStrToNam eW';
	8929	function C ertStrToNa meA; exter nal CRYPT3 2 name 'Ce rtStrToNam eA';
	8930	{$IFDEF UN ICODE}
	8931	function C ertStrToNa me; extern al CRYPT32 name 'Cer tStrToName W';
	8932	{$ELSE}
	8933	function C ertStrToNa me; extern al CRYPT32 name 'Cer tStrToName A';
	8934	{$ENDIF} / / !UNICODE
	8935	function C ryptSignMe ssage; ext ernal CRYP T32 name ' CryptSignM essage';
	8936	// functio n CryptSig nMessageWi thKey; ext ernal CRYP T32 name ' CryptSignM essageWith Key';
	8937	function C ryptVerify MessageSig nature; ex ternal CRY PT32 name 'CryptVeri fyMessageS ignature';
	8938	// functio n CryptVer ifyMessage SignatureW ithKey; ex ternal CRY PT32 name 'CryptVeri fyMessageS ignatureWi thKey';
	8939	function C ryptGetMes sageSigner Count; ext ernal CRYP T32 name ' CryptGetMe ssageSigne rCount';
	8940	function C ryptGetMes sageCertif icates; ex ternal CRY PT32 name 'CryptGetM essageCert ificates';
	8941	function C ryptVerify DetachedMe ssageSigna ture; exte rnal CRYPT 32 name 'C ryptVerify DetachedMe ssageSigna ture';
	8942	function C ryptEncryp tMessage; external C RYPT32 nam e 'CryptEn cryptMessa ge';
	8943	function C ryptDecryp tMessage; external C RYPT32 nam e 'CryptDe cryptMessa ge';
	8944	function C ryptSignAn dEncryptMe ssage; ext ernal CRYP T32 name ' CryptSignA ndEncryptM essage';
	8945	function C ryptDecryp tAndVerify MessageSig nature; ex ternal CRY PT32 name 'CryptDecr yptAndVeri fyMessageS ignature';
	8946	function C ryptDecode Message; e xternal CR YPT32 name 'CryptDec odeMessage ';
	8947	function C ryptHashMe ssage; ext ernal CRYP T32 name ' CryptHashM essage';
	8948	function C ryptVerify MessageHas h; externa l CRYPT32 name 'Cryp tVerifyMes sageHash';
	8949	function C ryptVerify DetachedMe ssageHash; external CRYPT32 na me 'CryptV erifyDetac hedMessage Hash';
	8950	function C ryptSignMe ssageWithK ey; extern al CRYPT32 name 'Cry ptSignMess ageWithKey ';
	8951	function C ryptVerify MessageSig natureWith Key; exter nal CRYPT3 2 name 'Cr yptVerifyM essageSign atureWithK ey';
	8952
	8953	// Provide compiler directice for unicod e and not unicode DR P@04-15-20 13
	8954	// functio n CertGetN ameStringA ; external CRYPT32 n ame 'CertG etNameStri ngA';
	8955	// functio n CertGetN ameStringW ; external CRYPT32 n ame 'CertG etNameStri ngW';
	8956	{$IFDEF UN ICODE}
	8957	function C ertGetName String; ex ternal CRY PT32 name 'CertGetNa meStringW' ;
	8958	{$ELSE}
	8959	function C ertGetName String; ex ternal CRY PT32 name 'CertGetNa meStringA' ;
	8960	{$ENDIF} / / !UNICODE
	8961
	8962	// functio n CertGetN ameString; external CRYPT32 na me 'CertGe tNameStrin gA'; // JLI
	8963
	8964	function C ertOpenSys temStoreA; external CRYPT32 na me 'CertOp enSystemSt oreA';
	8965	function C ertOpenSys temStoreW; external CRYPT32 na me 'CertOp enSystemSt oreW';
	8966	{$IFDEF UN ICODE}
	8967	function C ertOpenSys temStore; external C RYPT32 nam e 'CertOpe nSystemSto reW';
	8968	{$ELSE}
	8969	function C ertOpenSys temStore; external C RYPT32 nam e 'CertOpe nSystemSto reA';
	8970	{$ENDIF} / / !UNICODE
	8971	function C ertAddEnco dedCertifi cateToSyst emStoreA; external C RYPT32 nam e 'CertAdd EncodedCer tificateTo SystemStor eA';
	8972	function C ertAddEnco dedCertifi cateToSyst emStoreW; external C RYPT32 nam e 'CertAdd EncodedCer tificateTo SystemStor eW';
	8973	{$IFDEF UN ICODE}
	8974	function C ertAddEnco dedCertifi cateToSyst emStore; e xternal CR YPT32 name 'CertAddE ncodedCert ificateToS ystemStore W';
	8975	{$ELSE}
	8976	function C ertAddEnco dedCertifi cateToSyst emStore; e xternal CR YPT32 name 'CertAddE ncodedCert ificateToS ystemStore A';
	8977	{$ENDIF} / / !UNICODE
	8978	function F indCertsBy Issuer; ex ternal SOF TPUB name 'FindCerts ByIssuer';
	8979	function C ertCreateC ertificate ChainEngin e; externa l CRYPT32 name 'Cert CreateCert ificateCha inEngine';
	8980	function C ertFreeCer tificateCh ainEngine; external CRYPT32 na me 'CertFr eeCertific ateChainEn gine';
	8981	function C ertResyncC ertificate ChainEngin e; externa l CRYPT32 name 'Cert ResyncCert ificateCha inEngine';
	8982	function C ertGetCert ificateCha in; extern al CRYPT32 name 'Cer tGetCertif icateChain ';
	8983	function C ertFreeCer tificateCh ain; exter nal CRYPT3 2 name 'Ce rtFreeCert ificateCha in';
	8984	function C ertDuplica teCertific ateChain; external C RYPT32 nam e 'CertDup licateCert ificateCha in';
	8985	function C ertFindCha inInStore; external CRYPT32 na me 'CertFi ndChainInS tore';
	8986	function C ertVerifyC ertificate ChainPolic y; externa l CRYPT32 name 'Cert VerifyCert ificateCha inPolicy';
	8987
	8988	end.