IX509CertificateRequest::put_AlternateSignatureAlgorithm method (certenroll.h)
The AlternateSignatureAlgorithm property specifies and retrieves a Boolean value that indicates whether the signature algorithm object identifier (OID) for a PKCS #10 request or certificate signature is discrete or combined. A PKCS #10 object can be a stand-alone request or it can be contained in a CMC or PKCS #7 request object.
This property is read/write.
Syntax
HRESULT put_AlternateSignatureAlgorithm(
VARIANT_BOOL Value
);
Parameters
Value
Return value
None
Remarks
Discrete algorithms are represented by separate object identifiers (OIDs) for the hashing algorithm and the signing algorithm. Examples include the following values.
Discrete algorithm OID | Description |
---|---|
XCN_OID_NIST_sha256
(2.16.840.1.101.3.4.2.1) |
National Institute of Standards and Technologies (NIST) 256-bit SHA hashing algorithm. |
XCN_OID_OIWSEC_rsaSign
(1.3.14.3.2.11) |
NIST OSE Implementer Workshop Security (OIWSEC) RSA signing algorithm. |
Combined algorithms are represented by a single OID that identifies both the hashing and the signing algorithm. Examples include the following values.
Combined algorithm OID | Description |
---|---|
XCN_OID_RSA_MD2RSA
(1.2.840.113549.1.1.2) |
MD2 hashing algorithm combined with the RSA encryption algorithm from RSA Laboratories. |
XCN_OID_OIWSEC_md5RSA
(1.3.14.3.2.3) |
OIWSEC MD5 hashing algorithm combined with the RSA encryption algorithm. |
If the certificate request contains nested requests and you set the AlternateSignatureAlgorithm property on the top level request, it is automatically propagated to all of the inner requests. You can, however, set the property manually on each of the inner objects.
For a PKCS #7 or a CMC request, this property retrieves a Boolean value for the primary signature on the inner PKCS #10 request. On input, all signer certificates are updated with the specified property value.
For a PKCS #10 request or certificate signature using the RSA public key algorithm, a property value of False (which indicates a combined OID) implies a version 1.5 signature and True (discrete OID) implies a version 2.1 signature.
You must initialize the request object before calling this property. You can call this property before calling the Encode method.
Requirements
Requirement | Value |
---|---|
Minimum supported client | Windows Vista [desktop apps only] |
Minimum supported server | Windows Server 2008 [desktop apps only] |
Target Platform | Windows |
Header | certenroll.h |
DLL | CertEnroll.dll |