CryptoCert Object

The CryptoCert object represents a X.509 digital certificate.

---

Returns a combination of flags indicating whether the certificate can act as a certification authority, an end-entity, or both. The following flags are defined:

&H80 (CERT_CA_SUBJECT_FLAG)
&H40 (CERT_END_ENTITY_SUBJECT_FLAG)

---

Returns the certificate's issuer information in the form of a CryptoName object.

---

Returns the certificate's issuer alternative name. This property was introduced in version 2.10.

---

Returns a CryptoCert object representing this certificate's issuer certificate. It looks for an issuer certificate in the stores MY, CA, ROOT, TRUST, REQUEST, and ADDRESSBOOK, in this order. If no certificate can be found, of this certificate is a self-signed one, this property returns Nothing. You can use this property to reconstruct a certificate's certification path.

---

Returns a combination of flags designating the intended usage of this certificate's key. Currently, the following flags are defined:

&H10 (CERT_DATA_ENCIPHERMENT_KEY_USAGE)
&H80 (CERT_DIGITAL_SIGNATURE_KEY_USAGE)
&H08 (CERT_KEY_AGREEMENT_KEY_USAGE)
&H04 (CERT_KEY_CERT_SIGN_KEY_USAGE)
&H20 (CERT_KEY_ENCIPHERMENT_KEY_USAGE)
&H40 (CERT_NON_REPUDIATION_KEY_USAGE)
&H02 (CERT_OFFLINE_CRL_SIGN_KEY_USAGE)

---

Returns a date which marks the end of this certificate's validity period.

---

Returns a date which marks the beginning of this certificate's validity period.

---

Returns True is this certificate has an associated private key installed on this machine.

---

If this certificate has an associated private key installed on this machine, this property returns the corresponding CryptoContext object. Otherwise it returns Nothing.

---

Returns a blob containing this certificate's public key in a DER-encoded form.

---

Returns a blob containing this certificate's CERT_PUBLIC_KEY_INFO data which contains both the public key itself and its algorithm information. The public key data returned by this property is in a format used by Privacy Enhanced Mail (PEM) and DomainKeys Identified Mail (DKIM.) This property was introduced in version 2.7.

---

Returns the bit size of this certificate's public key.

---

Returns this certificate's serial number in the form of a Hex-encoded string.

---

Returns this certificate's SHA1 hash value in the form of a blob object.

---

Returns this certificate's signature algorithm. Can be one of the following values: calgMD2, calgMD4, calgMD5 or calgSHA.

---

Returns this certificate's signature algorithm Object Identifier string. Can be one of the following values: "1.2.840.113549.2.2" (MD2), "1.2.840.113549.2.4" (MD4), "1.2.840.113549.2.5" (MD5), "1.2.840.113549.1.1.5" (SHA) or "1.2.840.113549.1.1.11" (SHA256).

---

Returns this certificate's store name. This property is only meaningful if this certificate object was obtained using CryptoStore's Certificates collection. Otherwise it returns an empty string.

---

Returns the certificate's subject information in the form of a CryptoName object.

---

Returns the certificate's subject alternative name. This property was introduced in version 2.10.

---

Returns this certificate's version (1, 2, or 3).

---

Exports the certificate to a blob in the DER-encoded X.509 format (.cer). If Base64 is True the output will be in the Base64-encoded form. This method was introduced in version 2.5.

Usage:

Set Blob = Cert.ExportToBlob( False )

---

Exports the certificate to a blob in the PKCS#7 format (.spc). If IncludePath is True all certificates in the certification path will be exported to that blob as well.

Usage:

Set Blob = Cert.ExportToBlobPKCS7( True )

---

Exports the certificate to a file in the DER-encoded X.509 format (.cer). If Base64 is True the file will be in the Base64-encoded form.

Usage:

Cert.ExportToFile "c:\mycert.cer", False

---

Exports the certificate to a file in the PKCS#7 format (.spc). If IncludePath is True all certificates in the certification path will be exported to that file as well.

Usage:

Cert.ExportToFilePKCS7 "c:\mycert.spc", True

Related Section: 7.4 Exporting Certificates to a File.

---

Exports the certificate to a file in the PKCS#12 format (.pfx, or .p12) along with its private key encrypted with a user-defined Password.

Usage:

Cert.ExportToPFX "c:\mycert.pfx", "secret word"

Related Section: 7.4 Exporting Certificates to a File.

---

Set a certificate's private key context to Context. This method may be useful when transferring certificates and their corresponding private keys to a different machine.

Usage:

Cert.SetPrivateKeyContext Context

---

Copies this certificate from a HKEY_CURRENT_USER-based store to the specified HKEY_LOCAL_MACHINE-based store together with its private key. This may be necessary to use a certificate to send signed email using AspEmail in an ASP environment.

A VB sample application that uses this method can be found in the directory \Samples\cert_stores\CertMover of the installation.

Usage:

Cert.TransferToLocalMachine "MY"

Related Tasks: 4.6 Moving Certificates from HKEY_CURRENT_USER to HKEY_LOCAL_STORE.

---

Verifies this certificate's signature against IssuerCert's public key. Returns True if verification succeeds or False otherwise.

Use this method to verify that the certificate is really issued by who it claims it is.

Return Value: a CryptoKey object containing the newly created empty key.

Usage:

If Not Cert.VerifySignature( IssuerCert ) Then ...