1

I'm trying to extract attributes from a certificate on Windows and have been using Wincrypt api's for that.

When I encouter the SUBJECT_ALT_NAME certificate extension (szOID_SUBJECT_ALT_NAME "2.5.29.7") with the "OTHER_NAME" option - I get the CERT_OTHER_NAME struct which I cant find the correct API to decode it a char string.

Thanks!

I can see the value in it's CRYPT_OBJID_BLOB member is ASN1 decoded (UTF8 string) however CertNameToStrW fails to decode it when passing as the blob.

Any appropriate way to decode this structure (without manually decoding it)

YNWA
  • 680
  • 2
  • 9
  • 19
  • 1
    `CERT_OTHER_NAME` containing `pszObjId` which you must pass to `CryptDecodeObjectEx` as second parameter - `PCERT_NAME_VALUE pcnv; if (CryptDecodeObjectEx(X509_ASN_ENCODING, pOtherName->pszObjId, pOtherName->Value.pbData, pOtherName->Value.cbData, CRYPT_DECODE_ALLOC_FLAG|CRYPT_DECODE_NOCOPY_FLAG, 0, &pcnv, &cb))` you got `PCERT_NAME_VALUE` on output – RbMm Mar 23 '23 at 10:38
  • 1
    or use `X509_NAME_VALUE` for `CryptDecodeObjectEx` – RbMm Mar 23 '23 at 11:01
  • Thanks! in the past ive tried to pass pOtherName->pszObjId to CryptDecodeObjectEx() fails when passing. also tried X509_NAME_VALUE and got PCERT_NAME_VALUE , but only now saw that i need to pass it through the RdnToString function as well. – YNWA Mar 23 '23 at 12:33

1 Answers1

0

as @RbMm suggested.

Call CryptDecodeObjectEx() with X509_NAME_VALUE, it returns a CERT_NAME_VALUE that can be passed to CertRDNValueToStrW() to decode:

CertRDNValueToStrW(CertNameValue->dwValueType, &CertNameValue->Value, NULL, 0);

YNWA
  • 680
  • 2
  • 9
  • 19