X509ParseCertificate (FUN) ¶ FUNCTION X509ParseCertificate : RTS_IEC_HANDLE Parse a certificate which is located in the memory (e.g received FROM a communication partner). Once parsed the certificate is stored in a temporary store. Use the function X509CertClose to close the certificate. InOut: Scope Name Type Comment Return X509ParseCertificate RTS_IEC_HANDLE Handle to the parsed certificate. Input pCert POINTER TO RtsByteString Binary encoded certificate. encoding RtsCertEncoding Encoding of the certificate. pResult POINTER TO RTS_IEC_RESULT Result of the operation

CMS ¶ X509CertCmsDecrypt (Function) X509CertCmsVerify (Function)

X509CertCmsDecrypt (FUN) ¶ FUNCTION X509CertCmsDecrypt : RTS_IEC_RESULT Decrypt a CMS container. InOut: Scope Name Type Comment Return X509CertCmsDecrypt RTS_IEC_RESULT ERR_OK if the container was successfully decrypted. ERR_PARAMETER if the given parameters are not consistent. Input hCertStore RTS_IEC_HANDLE Handle to the certificate store. hRecipientCert RTS_IEC_HANDLE Handle to the recipients certificate. A private key of the certificate has to be available. Though the certificate has to be located in the “own” store. pCms POINTER TO RtsByteString Pointer to a byte string storing the CMS container. encoding RtsCertEncoding Encoding of the CMS container. pOutData POINTER TO RtsByteString Pointer to a byte string where to store the extracted data.

X509CertCmsVerify (FUN) ¶ FUNCTION X509CertCmsVerify : RTS_IEC_RESULT Verifies a CMS signature. This function can handle both (detached and attached) signatures. The signers certificate has to be located in the CMS container. Otherwise the verify will fail. The signers certificate is always verified against the trusted certificate store on the PLC. InOut: Scope Name Type Comment Return X509CertCmsVerify RTS_IEC_RESULT ERR_OK if the signature is valid and the signer was trustworthy. ERR_SIGNATURE_MISMATCH if the signature is invalid and / or the signer was not trustworthy. ERR_PARAMETER if the given parameters are not consistent. Input hCertStore RTS_IEC_HANDLE Handle to the certificate store. pCms POINTER TO RtsByteString Pointer to a byte string storing the CMS container. encoding RtsCertEncoding Encoding of the CMS container. pInData POINTER TO RtsByteString Used only if the signature is detached. In this case this byte string has to store the data to be verified pOutData POINTER TO RtsByteString Pointer to a byte string where to store the extracted data.

CertificateStore ¶ X509CertCreateCSR (Function) X509CertCreateSelfSigned (Function) X509CertGetPrivateKey (Function) X509CertStoreAddCert (Function) X509CertStoreClose (Function) X509CertStoreGetFirstCert (Function) X509CertStoreGetNextCert (Function) X509CertStoreGetRegisteredCert (Function) X509CertStoreOpen (Function) X509CertStoreRegister (Function) X509CertStoreRemoveCert (Function) X509CertStoreSearchGetFirst (Function) X509CertStoreSearchGetNext (Function) X509CertStoreUnregister (Function) X509CertVerify (Function) X509CertVerify2 (Function)

X509CertGetPrivateKey (FUN) ¶ FUNCTION X509CertGetPrivateKey : RTS_IEC_RESULT Get the PRIVATE key OF the certificate. THIS is only possible if the private key stored in the certificate store. The format of this key is an implementation detail and has to match the expected format of the asymmetric functions of the CmpCrpyotItf. The key data is opaque for the user of the keys. InOut: Scope Name Type Comment Return X509CertGetPrivateKey RTS_IEC_RESULT Input hCertStore RTS_IEC_HANDLE Handle to the certificate store. hCert RTS_IEC_HANDLE Handle of the certificate of interest. pPrivateKey POINTER TO RtsCryptoKey Pointer to the cryptographic key storing the private key.

X509CertStoreAddCert (FUN) ¶ FUNCTION X509CertStoreAddCert : RTS_IEC_RESULT Add the given certificate to the Certificate store InOut: Scope Name Type Comment Return X509CertStoreAddCert RTS_IEC_RESULT Handle to the imported certificate. Input hCertStore RTS_IEC_HANDLE Handle of to certificate store. hBackend RTS_IEC_HANDLE Handle to the back-end where to store the generated certificate. RTS_INVALID_HANDLE should be used if no back- end is specified. hCert RTS_IEC_HANDLE Handle of the certificate to be imported. trustLevel RtsCertTrustLevel The category where to store the certificate. Note: RtsTrustLevel_Own ist not selectable.

X509CertStoreClose (FUN) ¶ FUNCTION X509CertStoreClose : RTS_IEC_RESULT Close the certificate store. InOut: Scope Name Type Comment Return X509CertStoreClose RTS_IEC_RESULT Input hCertStore RTS_IEC_HANDLE Handle of to certificate store.

X509CertStoreGetFirstCert (FUN) ¶ FUNCTION X509CertStoreGetFirstCert : RTS_IEC_HANDLE Get the first certificate of the certificate store. InOut: Scope Name Type Comment Return X509CertStoreGetFirstCert RTS_IEC_HANDLE Input hCertStore RTS_IEC_HANDLE Handle of to certificate store. hBackend RTS_IEC_HANDLE Pointer to a handle of the back-end where to iterate. RTS_INVALID_HANDLE if all back-ends should be iterated. A valid handle if only a specific back-end should be iterated. trustLevel RtsCertTrustLevel Category of certificates to iterate. pResult POINTER TO RTS_IEC_RESULT Result of the operation.

X509CertStoreGetNextCert (FUN) ¶ FUNCTION X509CertStoreGetNextCert : RTS_IEC_HANDLE Get the next certificate of the certificate store. If all certificates are read the function will return RTS_INVALID_HANDLE. InOut: Scope Name Type Comment Return X509CertStoreGetNextCert RTS_IEC_HANDLE Handle to the next certificate of the given category. Input hCertStore RTS_IEC_HANDLE Handle of to certificate store. hBackend RTS_IEC_HANDLE Pointer to a handle of the back-end where to iterate. RTS_INVALID_HANDLE if all back-ends should be iterated. A valid handle if only a specific back-end should be iterated. hCert RTS_IEC_HANDLE Handle to the last certificate got by X509CertStoreGetFirst or X509CertStoreGetNext pResult POINTER TO RTS_IEC_RESULT Result of the operation.