IX509SignatureInformation::GetSignatureAlgorithm method (certenroll.h)

The GetSignatureAlgorithm method retrieves the signing algorithm object identifier (OID).

Syntax

HRESULT GetSignatureAlgorithm(
  [in]  VARIANT_BOOL Pkcs7Signature,
  [in]  VARIANT_BOOL SignatureKey,
  [out] IObjectId    **ppValue
);

Parameters

[in] Pkcs7Signature

A VARIANT_BOOL variable that specifies whether the algorithm will be used to sign a PKCS #7 or CMC certificate request.

[in] SignatureKey

A VARIANT_BOOL variable that specifies whether an algorithm that is only used for signing is preferred when an algorithm OID is associated with more than one purpose. For example, XCN_OID_RSA_RSA (1.2.840.113549.1.1.1) can be used for both signing and key exchange.

[out] ppValue

Address of a variable that receives a pointer to an IObjectId interface that represents the algorithm OID.

Return value

If the function succeeds, the function returns S_OK.

If the function fails, it returns an HRESULT value that indicates the error. Possible values include, but are not limited to, those in the following table. For a list of common error codes, see Common HRESULT Values.

Return code/value Description
CERTSRV_E_PROPERTY_EMPTY
The hashing algorithm OID, or the NullSigned property has not been specified but the signing algorithm OID cannot be found.
CRYPT_E_UNKNOWN_ALGO
The combined signature algorithm could not be found.

Remarks

This method searches for a cached signing algorithm that is consistent with the input parameters. If none is found, the method uses the input parameters plus the values assigned to various IX509SignatureInformation properties as indicated by the following list.

  • Pkcs7Signature = true, NullSigned = true

    This case represents a null-signed PKCS #7 certificate request. The method returns the XCN_OID_PKIX_NO_SIGNATURE (1.3.6.1.5.5.7.6.2) OID.

  • Pkcs7Signature = true, NullSigned = false

    This case retrieves a discrete signature algorithm OID for a PKCS #7 request that is not null-signed. The discrete signature requires that the HashAlgorithm and PublicKeyAlgorithm properties be set. In the special case where the public key algorithm is XCN_OID_X957_DSA and the hashing algorithm is not XCN_OID_OIWSEC_sha1, the signature algorithm OID retrieved is XCN_OID_X957_SHA1DSA (1.2.840.10040.4.3).

  • Pkcs7Signature = false, NullSigned = false, AlternateSignatureAlgorithm = true

    This case retrieves a discrete signature algorithm OID for a PKCS #10 request and encodes the hash algorithm OID in the Parameters property. The HashAlgorithm and PublicKeyAlgorithm properties must be set.

  • Pkcs7Signature = false, NullSigned = false, AlternateSignatureAlgorithm = false

    This case retrieves a discrete signature algorithm OID for a PKCS #7 request. The HashAlgorithm and PublicKeyAlgorithm properties must be set.

Requirements

Requirement Value
Minimum supported client Windows Vista [desktop apps only]
Minimum supported server Windows Server 2008 [desktop apps only]
Target Platform Windows
Header certenroll.h
DLL CertEnroll.dll

See also

IX509SignatureInformation