unit diCrPKI;
interface
{
  Delphi/FreePascal interface for CryptoSys PKI
  $Id: diCrPKI.pas $
  $Date: 2023-10-12 07:16:00 $
  $Revision: 22.0.0 $
  ************************** LICENSE *****************************************
  Copyright (C) 2010-23 David Ireland, DI Management Services Pty Limited.
  All rights reserved. <www.di-mgt.com.au> <www.cryptosys.net>
  The code in this module is licensed under the terms of the MIT license.
  @license MIT
  For a copy, see <http://opensource.org/licenses/MIT>
  ****************************************************************************
}
  { GENERAL FUNCTIONS }
  function PKI_Version(nReserved1 : PByte; nReserved2 : PByte) : LongInt; stdcall; external 'diCrPKI.dll';
  function PKI_LicenceType(nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function PKI_CompileTime(szOutput : PAnsiChar; nOutChars : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function PKI_ModuleName(szOutput : PAnsiChar; nOutChars : LongInt; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function PKI_PowerUpTests(nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function PKI_Platform(szOutput : PAnsiChar; nOutChars : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function PKI_ModuleInfo(szOutput : PAnsiChar; nOutChars : LongInt; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  { New in [v21.0] }
  function PKI_FormatErrorMessage(szOutput : PAnsiChar; nOutChars : LongInt; nErrCode : LongInt; szUserMsg : AnsiString) : LongInt; stdcall; external 'diCrPKI.dll';
  { ERROR-RELATED FUNCTIONS }
  function PKI_LastError(szOutput : PAnsiChar; nOutChars : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function PKI_ErrorCode : LongInt; stdcall; external 'diCrPKI.dll';
  function PKI_ErrorLookup(szOutput : PAnsiChar; nOutChars : LongInt; nErrCode : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  { CRYPTOGRAPHIC MESSAGE SYNTAX (CMS) FUNCTIONS }
  function CMS_MakeEnvData(szFileOut : AnsiString; szFileIn : AnsiString; szCertList : AnsiString; szSeed : AnsiString; nSeedLen : LongInt; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CMS_MakeEnvDataFromString(szFileOut : AnsiString; szDataIn : AnsiString; szCertList : AnsiString; szSeed : AnsiString; nSeedLen : LongInt; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CMS_ReadEnvData(szFileOut : AnsiString; szFileIn : AnsiString; szCertFile : AnsiString; szPrivateKey : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CMS_ReadEnvDataToString(szOutput : PAnsiChar; nOutChars : LongInt; szFileIn : AnsiString; szCertFile : AnsiString; szPrivateKey : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CMS_MakeSigData(szFileOut : AnsiString; szFileIn : AnsiString; szCertList : AnsiString; szPrivateKey : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CMS_MakeSigDataFromString(szFileOut : AnsiString; szDataIn : AnsiString; szCertList : AnsiString; szPrivateKey : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CMS_MakeSigDataFromSigValue(szFileOut : AnsiString; lpSigValue : PByte; nSigLen : LongInt; lpData : PByte; nDataLen : LongInt; szCertListOrFile : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CMS_MakeDetachedSig(szFileOut : AnsiString; szHexDigest : AnsiString; szCertList : AnsiString; szPrivateKey : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CMS_ReadSigData(szFileOut : AnsiString; szFileIn : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CMS_ReadSigDataToString(szOutput : PAnsiChar; nOutChars : LongInt; szFileIn : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CMS_GetSigDataDigest(szOutput : PAnsiChar; nOutChars : LongInt; szFileIn : AnsiString; szCertFile : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CMS_VerifySigData(szFileIn : AnsiString; szCertFile : AnsiString; szHexDigest : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CMS_QuerySigData(szOutput : PAnsiChar; nOutChars : LongInt; szFileIn : AnsiString; szQuery : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CMS_QueryEnvData(szOutput : PAnsiChar; nOutChars : LongInt; szFileIn : AnsiString; szQuery : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CMS_MakeComprData(szFileOut : AnsiString; szFileIn : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CMS_ReadComprData(szFileOut : AnsiString; szFileIn : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CMS_ReadEnvDataToBytes(lpOutput : PByte; nOutBytes : LongInt; szFileIn : AnsiString; szCertFile : AnsiString; szPrivateKey : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CMS_ReadSigDataToBytes(lpOutput : PByte; nOutBytes : LongInt; szFileIn : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CMS_MakeEnvDataFromBytes(szFileOut : AnsiString; lpInput : PByte; nInputLen : LongInt; szCertList : AnsiString; szSeed : AnsiString; nSeedLen : LongInt; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CMS_MakeSigDataFromBytes(szFileOut : AnsiString; lpInput : PByte; nInputLen : LongInt; szCertList : AnsiString; szPrivateKey : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  { RSA KEY FUNCTIONS }
  { New in [v12.3] }
  function RSA_MakeKeysXtd(szPubKeyFile : AnsiString; szPriKeyFile : AnsiString; szPassword : AnsiString; nBits : LongInt; nExpFermat : LongInt; szParams : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  { ...supersedes the function: }
  function RSA_MakeKeys(szPubKeyFile : AnsiString; szEpkFile : AnsiString; nBits : LongInt; nExpFermat : LongInt; nTests : LongInt; nCount : LongInt; szPassword : AnsiString; lpSeed : PByte; nSeedLen : LongInt; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  { New in [v12.3] }
  function RSA_SaveEncKey(szFileOut : AnsiString; szIntKeyString : AnsiString; szPassword : AnsiString; szParams : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  { ...supersedes the function: }
  function RSA_SaveEncPrivateKey(szFileOut : AnsiString; szKeyString : AnsiString; nCount : LongInt; szPassword : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function RSA_SavePublicKey(szFileOut : AnsiString; szKeyString : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function RSA_SavePrivateKeyInfo(szFileOut : AnsiString; szKeyString : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function RSA_GetPrivateKeyFromPFX(szFileOut : AnsiString; szPfxFile : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function RSA_GetPublicKeyFromCert(szOutput : PAnsiChar; nOutChars : LongInt; szCertFile : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function RSA_KeyBits(szKeyString : AnsiString) : LongInt; stdcall; external 'diCrPKI.dll';
  function RSA_KeyBytes(szKeyString : AnsiString) : LongInt; stdcall; external 'diCrPKI.dll';
  function RSA_ToXMLString(szOutput : PAnsiChar; nOutChars : LongInt; szKeyString : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function RSA_ToXMLStringEx(szOutput : PAnsiChar; nOutChars : LongInt; szKeyString : AnsiString; szPrefix : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function RSA_FromXMLString(szOutput : PAnsiChar; nOutChars : LongInt; szXmlString : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function RSA_CheckKey(szKeyString : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function RSA_KeyHashCode(szKeyString : AnsiString) : LongInt; stdcall; external 'diCrPKI.dll';
  function RSA_KeyMatch(szPrivateKey : AnsiString; szPublicKey : AnsiString) : LongInt; stdcall; external 'diCrPKI.dll';
  function RSA_ReadPrivateKeyFromPFX(szOutput : PAnsiChar; nOutChars : LongInt; szPfxFile : AnsiString; szPassword : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function RSA_PublicKeyFromPrivate(szOutput : PAnsiChar; nOutChars : LongInt; szKeyString : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function RSA_ReadAnyPrivateKey(szOutput : PAnsiChar; nOutChars : LongInt; szKeyFileOrString : AnsiString; szPassword : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function RSA_ReadAnyPublicKey(szOutput : PAnsiChar; nOutChars : LongInt; szKeyFileOrString : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function RSA_KeyValue(szOutput : PAnsiChar; nOutChars : LongInt; szKeyString : AnsiString; szFieldName : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function RSA_ReadEncPrivateKey(szOutput : PAnsiChar; nOutChars : LongInt; szEpkFile : AnsiString; szPassword : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function RSA_ReadPrivateKeyInfo(szOutput : PAnsiChar; nOutChars : LongInt; szKeyFile : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function RSA_ReadPublicKey(szOutput : PAnsiChar; nOutChars : LongInt; szPubKeyFile : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  { 'RAW' RSA ENCRYPTION/DECRYPTION FUNCTIONS }
  function RSA_RawPublic(lpData : PByte; nDataLen : LongInt; szPublicKey : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function RSA_RawPrivate(lpData : PByte; nDataLen : LongInt; szPrivateKey : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function RSA_EncodeMsg(lpOutput : PByte; nOutBytes : LongInt; lpInput : PByte; nInputLen : LongInt; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function RSA_DecodeMsg(lpOutput : PByte; nOutBytes : LongInt; lpInput : PByte; nInputLen : LongInt; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function RSA_Encrypt(lpOutput : PByte; nOutBytes : LongInt; lpInput : PByte; nInputLen : LongInt; szPublicKeyFile : AnsiString; szParameters : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function RSA_Decrypt(lpOutput : PByte; nOutBytes : LongInt; lpInput : PByte; nInputLen : LongInt; szPrivateKeyFile : AnsiString; szPassword : AnsiString; szParameters : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  { ELLIPTIC CURVE CRYPTOGRAPHY FUNCTIONS }
  function ECC_MakeKeys(szPubKeyFile : AnsiString; szPriKeyFile : AnsiString; szCurveName : AnsiString; szPassword : AnsiString; szParams : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function ECC_ReadKeyByCurve(szOutput : PAnsiChar; nOutChars : LongInt; szHexKey : AnsiString; szCurveName : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function ECC_ReadPrivateKey(szOutput : PAnsiChar; nOutChars : LongInt; szKeyFileOrString : AnsiString; szPassword : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function ECC_ReadPublicKey(szOutput : PAnsiChar; nOutChars : LongInt; szKeyFileOrString : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function ECC_SaveEncKey(szFileOut : AnsiString; szIntKeyString : AnsiString; szPassword : AnsiString; szParams : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function ECC_SaveKey(szFileOut : AnsiString; szIntKeyString : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function ECC_PublicKeyFromPrivate(szOutput : PAnsiChar; nOutChars : LongInt; szIntKeyString : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function ECC_QueryKey(szOutput : PAnsiChar; nOutChars : LongInt; szIntKeyString : AnsiString; szQuery : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function ECC_KeyHashCode(szKeyString : AnsiString) : LongInt; stdcall; external 'diCrPKI.dll';
  function ECC_DHSharedSecret(lpZZ : PByte; nOutBytes : LongInt; szIntPrivateKey : AnsiString; szIntPublicKey : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  { PKCS12 FILE FUNCTIONS }
  function PFX_MakeFile(szFileOut : AnsiString; szCertFile : AnsiString; szEpkFile : AnsiString; szPassword : AnsiString; szFriendlyName : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function PFX_VerifySig(szFileName : AnsiString; szPassword : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  { X509 CERTIFICATE FUNCTIONS }
  function X509_MakeCert(szNewCertFile : AnsiString; szIssuerCertFile : AnsiString; szSubjectPubKeyFile : AnsiString; szIssuerEpkFile : AnsiString; nCertNum : LongInt; nYearsValid : LongInt; szDistName : AnsiString; szExtensions : AnsiString; nKeyUsageFlags : LongInt; szPassword : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function X509_MakeCertSelf(szNewCertFile : AnsiString; szEpkFile : AnsiString; nCertNum : LongInt; nYearsValid : LongInt; szDistName : AnsiString; szExtensions : AnsiString; nKeyUsageFlags : LongInt; szPassword : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function X509_CertRequest(szNewReqFile : AnsiString; szEpkFile : AnsiString; szDistName : AnsiString; szExtensions : AnsiString; szPassword : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function X509_VerifyCert(szCertToVerify : AnsiString; szIssuerCert : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function X509_CertThumb(szCertFile : AnsiString; szOutput : PAnsiChar; nOutChars : LongInt; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function X509_CertIsValidNow(szCertFile : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function X509_CertIssuedOn(szCertFile : AnsiString; szOutput : PAnsiChar; nOutChars : LongInt; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function X509_CertExpiresOn(szCertFile : AnsiString; szOutput : PAnsiChar; nOutChars : LongInt; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function X509_CertSerialNumber(szCertFile : AnsiString; szOutput : PAnsiChar; nOutChars : LongInt; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function X509_HashIssuerAndSN(szCertFile : AnsiString; szOutput : PAnsiChar; nOutChars : LongInt; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function X509_CertIssuerName(szCertFile : AnsiString; szOutput : PAnsiChar; nOutChars : LongInt; szDelim : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function X509_CertSubjectName(szCertFile : AnsiString; szOutput : PAnsiChar; nOutChars : LongInt; szDelim : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function X509_GetCertFromP7Chain(szNewCertFile : AnsiString; szP7cFile : AnsiString; nIndex : LongInt; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function X509_GetCertFromPFX(szNewCertFile : AnsiString; szPfxFile : AnsiString; szPassword : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function X509_KeyUsageFlags(szCertFile : AnsiString) : LongInt; stdcall; external 'diCrPKI.dll';
  function X509_QueryCert(szOutput : PAnsiChar; nOutChars : LongInt; szCertFile : AnsiString; szQuery : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function X509_ReadStringFromFile(szOutput : PAnsiChar; nOutChars : LongInt; szCertFile : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function X509_SaveFileFromString(szNewCertFile : AnsiString; szCertString : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function X509_TextDump(szFileOut : AnsiString; szCertFile : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function X509_ValidatePath(szCertListOrP7File : AnsiString; szTrustedCert : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function X509_TextDumpToString(szOutput : PAnsiChar; nOutChars : LongInt; szCertFile : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function X509_ReadCertStringFromP7Chain(szOutput : PAnsiChar; nOutChars : LongInt; szP7cFile : AnsiString; nIndex : LongInt; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function X509_ReadCertStringFromPFX(szOutput : PAnsiChar; nOutChars : LongInt; szPfxFile : AnsiString; szPassword : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function X509_GetCertCountInP7Chain(szP7cFile : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  { X509 CRL FUNCTIONS }
  function X509_MakeCRL(szCrlFile : AnsiString; szIssuerCert : AnsiString; szIssuerKeyFile : AnsiString; szPassword : AnsiString; szRevokedCertList : AnsiString; szExtensions : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function X509_CheckCertInCRL(szCertFile : AnsiString; szCrlFile : AnsiString; szCRLIssuerCert : AnsiString; szDate : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  { ONLINE CERTIFICATE STATUS PROTOCOL (OCSP) FUNCTIONS }
  function OCSP_MakeRequest(szOutput : PAnsiChar; nOutChars : LongInt; szIssuerCert : AnsiString; szCertFileOrSerialNum : AnsiString; szExtensions : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function OCSP_ReadResponse(szOutput : PAnsiChar; nOutChars : LongInt; szResponseFile : AnsiString; szIssuerCert : AnsiString; szExtensions : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  { TRIPLE DES FUNCTIONS }
  function TDEA_HexMode(szOutput : PAnsiChar; szInput : AnsiString; szKey : AnsiString; fEncrypt : LongInt; szMode : AnsiString; szIV : AnsiString) : LongInt; stdcall; external 'diCrPKI.dll';
  function TDEA_B64Mode(szOutput : PAnsiChar; szInput : AnsiString; szKey : AnsiString; fEncrypt : LongInt; szMode : AnsiString; szIV : AnsiString) : LongInt; stdcall; external 'diCrPKI.dll';
  function TDEA_BytesMode(lpOutput : PByte; lpData : PByte; nDataLen : LongInt; lpKey : PByte; fEncrypt : LongInt; szMode : AnsiString; lpIV : PByte) : LongInt; stdcall; external 'diCrPKI.dll';
  function TDEA_File(szFileOut : AnsiString; szFileIn : AnsiString; lpKey : PByte; fEncrypt : LongInt; szMode : AnsiString; lpIV : PByte) : LongInt; stdcall; external 'diCrPKI.dll';
  { GENERIC BLOCK CIPHER FUNCTIONS }
  function CIPHER_Bytes(fEncrypt : LongInt; lpOutput : PByte; lpData : PByte; nDataLen : LongInt; lpKey : PByte; lpIV : PByte; szAlgAndMode : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CIPHER_File(fEncrypt : LongInt; szFileOut : AnsiString; szFileIn : AnsiString; lpKey : PByte; lpIV : PByte; szAlgAndMode : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CIPHER_Hex(fEncrypt : LongInt; szOutput : PAnsiChar; nOutChars : LongInt; szData : AnsiString; szKey : AnsiString; szIV : AnsiString; szAlgAndMode : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  { Changed in [v20.2]: Renamed ~Bytes2 to ~Bytes }
  function CIPHER_EncryptBytes(lpOutput : PByte; nOutBytes : LongInt; lpInput : PByte; nInputLen : LongInt; lpKey : PByte; nKeyLen : LongInt; lpIV : PByte; nIvLen : LongInt; szAlgModePad : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CIPHER_DecryptBytes(lpOutput : PByte; nOutBytes : LongInt; lpInput : PByte; nInputLen : LongInt; lpKey : PByte; nKeyLen : LongInt; lpIV : PByte; nIvLen : LongInt; szAlgModePad : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CIPHER_EncryptBytes2(lpOutput : PByte; nOutBytes : LongInt; lpInput : PByte; nInputLen : LongInt; lpKey : PByte; nKeyLen : LongInt; lpIV : PByte; nIvLen : LongInt; szAlgModePad : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CIPHER_DecryptBytes2(lpOutput : PByte; nOutBytes : LongInt; lpInput : PByte; nInputLen : LongInt; lpKey : PByte; nKeyLen : LongInt; lpIV : PByte; nIvLen : LongInt; szAlgModePad : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CIPHER_FileEncrypt(szFileOut : AnsiString; szFileIn : AnsiString; lpKey : PByte; nKeyLen : LongInt; lpIV : PByte; nIvLen : LongInt; szAlgModePad : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CIPHER_FileDecrypt(szFileOut : AnsiString; szFileIn : AnsiString; lpKey : PByte; nKeyLen : LongInt; lpIV : PByte; nIvLen : LongInt; szAlgModePad : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CIPHER_EncryptAEAD(lpOutput : PByte; nOutBytes : LongInt; lpInput : PByte; nInputLen : LongInt; lpKey : PByte; nKeyLen : LongInt; lpIV : PByte; nIvLen : LongInt; lpAAD : PByte; nAadLen : LongInt; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CIPHER_DecryptAEAD(lpOutput : PByte; nOutBytes : LongInt; lpInput : PByte; nInputLen : LongInt; lpKey : PByte; nKeyLen : LongInt; lpIV : PByte; nIvLen : LongInt; lpAAD : PByte; nAadLen : LongInt; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CIPHER_KeyWrap(lpOutput : PByte; nOutBytes : LongInt; lpData : PByte; nDataLen : LongInt; lpKek : PByte; nKekLen : LongInt; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CIPHER_KeyUnwrap(lpOutput : PByte; nOutBytes : LongInt; lpData : PByte; nDataLen : LongInt; lpKek : PByte; nKekLen : LongInt; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CIPHER_EncryptHex(szOutput : PAnsiChar; nOutChars : LongInt; szInputHex : AnsiString; szKeyHex : AnsiString; szIvHex : AnsiString; szAlgModePad : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CIPHER_DecryptHex(szOutput : PAnsiChar; nOutChars : LongInt; szInputHex : AnsiString; szKeyHex : AnsiString; szIvHex : AnsiString; szAlgModePad : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  { MESSAGE DIGEST HASH FUNCTIONS }
  function HASH_Bytes(lpOutput : PByte; nOutBytes : LongInt; lpMessage : PByte; nMsgLen : LongInt; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function HASH_File(lpOutput : PByte; nOutBytes : LongInt; szFileName : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function HASH_HexFromBytes(szOutput : PAnsiChar; nOutChars : LongInt; lpMessage : PByte; nMsgLen : LongInt; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function HASH_HexFromFile(szOutput : PAnsiChar; nOutChars : LongInt; szFileName : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function HASH_HexFromHex(szOutput : PAnsiChar; nOutChars : LongInt; szMsgHex : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function HASH_Length(nAlgId : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  { HMAC FUNCTIONS }
  function HMAC_Bytes(lpOutput : PByte; nOutBytes : LongInt; lpMessage : PByte; nMsgLen : LongInt; lpKey : PByte; nKeyLen : LongInt; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function HMAC_HexFromBytes(szOutput : PAnsiChar; nOutChars : LongInt; lpMessage : PByte; nMsgLen : LongInt; lpKey : PByte; nKeyLen : LongInt; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function HMAC_HexFromHex(szOutput : PAnsiChar; nOutChars : LongInt; szMsgHex : AnsiString; szKeyHex : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  { BASE64 AND HEX CONVERSION FUNCTIONS }
  function CNV_B64StrFromBytes(szOutput : PAnsiChar; nOutChars : LongInt; lpInput : PByte; nInputLen : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CNV_BytesFromB64Str(lpOutput : PByte; nOutBytes : LongInt; szInput : AnsiString) : LongInt; stdcall; external 'diCrPKI.dll';
  function CNV_B64Filter(szOutput : PAnsiChar; szInput : AnsiString; nStrLen : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CNV_HexStrFromBytes(szOutput : PAnsiChar; nOutChars : LongInt; lpInput : PByte; nInputLen : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CNV_BytesFromHexStr(lpOutput : PByte; nOutBytes : LongInt; szInput : AnsiString) : LongInt; stdcall; external 'diCrPKI.dll';
  function CNV_HexFilter(szOutput : PAnsiChar; szInput : AnsiString; nStrLen : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  { BASE58 FUNCTIONS }
  function CNV_Base58FromBytes(szOutput : PAnsiChar; nOutChars : LongInt; lpInput : PByte; nInputLen : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CNV_Base58ToBytes(lpOutput : PByte; nOutBytes : LongInt; szInput : AnsiString) : LongInt; stdcall; external 'diCrPKI.dll';
  { UTF-8 CONVERSION/CHECK FUNCTIONS }
  function CNV_UTF8BytesFromLatin1(lpOutput : PByte; nOutBytes : LongInt; szInput : AnsiString) : LongInt; stdcall; external 'diCrPKI.dll';
  function CNV_Latin1FromUTF8Bytes(szOutput : PAnsiChar; nOutChars : LongInt; lpInput : PByte; nBytes : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CNV_CheckUTF8Bytes(lpInput : PByte; nBytes : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CNV_CheckUTF8File(szFileName : AnsiString) : LongInt; stdcall; external 'diCrPKI.dll';
  function CNV_ByteEncoding(lpOutput : PByte; nOutBytes : LongInt; lpInput : PByte; nBytes : LongInt; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  { MISC BYTE UTILITIES }
  function CNV_ReverseBytes(lpOutput : PByte; lpInput : PByte; nBytes : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CNV_NumToBytes(lpOutput : PByte; nOutBytes : LongInt; nNumber : LongInt; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function CNV_NumFromBytes(lpInput : PByte; nBytes : LongInt; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  { PEM/BINARY FILE CONVERSIONS }
  function PEM_FileFromBinFile(szFileOut : AnsiString; szFileIn : AnsiString; szHeader : AnsiString; nLineLen : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function PEM_FileFromBinFileEx(szFileOut : AnsiString; szFileIn : AnsiString; szHeader : AnsiString; nLineLen : LongInt; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function PEM_FileToBinFile(szFileOut : AnsiString; szFileIn : AnsiString) : LongInt; stdcall; external 'diCrPKI.dll';
  { RNG FUNCTIONS }
  function RNG_Bytes(lpOutput : PByte; nOutBytes : LongInt; lpSeed : PByte; nSeedLen : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function RNG_Number(nLower : LongInt; nUpper : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function RNG_BytesWithPrompt(lpOutput : PByte; nOutBytes : LongInt; szPrompt : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function RNG_Initialize(szSeedFile : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function RNG_MakeSeedFile(szSeedFile : AnsiString; szPrompt : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function RNG_UpdateSeedFile(szSeedFile : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function RNG_Test(szFileOut : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function RNG_Guid(szOutput : PAnsiChar; nOutChars : LongInt; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  { PADDING FUNCTIONS }
  function PAD_BytesBlock(lpOutput : PByte; nOutBytes : LongInt; lpInput : PByte; nInputLen : LongInt; nBlkLen : LongInt; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function PAD_UnpadBytes(lpOutput : PByte; nOutBytes : LongInt; lpInput : PByte; nInputLen : LongInt; nBlkLen : LongInt; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function PAD_HexBlock(szOutput : PAnsiChar; nOutChars : LongInt; szInput : AnsiString; nBlkLen : LongInt; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function PAD_UnpadHex(szOutput : PAnsiChar; nOutChars : LongInt; szInput : AnsiString; nBlkLen : LongInt; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  { MISC UTILITIES }
  function WIPE_File(szFileName : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function WIPE_Data(lpData : PByte; nDataLen : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function PWD_Prompt(szPassword : PAnsiChar; nPwdLen : LongInt; szCaption : AnsiString) : LongInt; stdcall; external 'diCrPKI.dll';
  function PWD_PromptEx(szPassword : PAnsiChar; nPwdLen : LongInt; szCaption : AnsiString; szPrompt : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  { PASSWORD-BASED ENCRYPTION PROTOTYPES }
  function PBE_Kdf2(lpOutput : PByte; nOutBytes : LongInt; lpPwd : PByte; nPwdLen : LongInt; lpSalt : PByte; nSaltLen : LongInt; nCount : LongInt; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function PBE_Kdf2Hex(szOutput : PAnsiChar; nOutChars : LongInt; dkBytes : LongInt; szPwd : AnsiString; szSaltHex : AnsiString; nCount : LongInt; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  { New in [v22.0] }
  function PBE_Scrypt(lpDerivedKey : PByte; nKeyLen : LongInt; lpPwd : PByte; nPwdLen : LongInt; lpSalt : PByte; nSaltLen : LongInt; nParamN : LongInt; nParamR : LongInt; nParamP : LongInt; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function PBE_ScryptHex(szOutput : PAnsiChar; nMaxChars : LongInt; dkBytes : LongInt; szPwd : AnsiString; szSaltHex : AnsiString; nParamN : LongInt; nParamR : LongInt; nParamP : LongInt; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  { ASN.1 UTILITIES }
  function ASN1_TextDump(szFileOut : AnsiString; szFileOrPEMString : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function ASN1_Type(szOutput : PAnsiChar; nOutChars : LongInt; szFileOrPEMString : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function ASN1_TextDumpToString(szOutput : PAnsiChar; nOutChars : LongInt; szFileOrPEMString : AnsiString; szDirName : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  { SIGNATURE FUNCTIONS }
  function SIG_SignData(szOutput : PAnsiChar; nOutChars : LongInt; lpData : PByte; nDataLen : LongInt; szKeyFile : AnsiString; szPassword : AnsiString; szAlgName : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function SIG_SignFile(szOutput : PAnsiChar; nOutChars : LongInt; szDataFile : AnsiString; szKeyFile : AnsiString; szPassword : AnsiString; szAlgName : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function SIG_VerifyData(szSignature : AnsiString; lpData : PByte; nDataLen : LongInt; szCertOrKeyFile : AnsiString; szAlgName : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function SIG_VerifyFile(szSignature : AnsiString; szDataFile : AnsiString; szCertOrKeyFile : AnsiString; szAlgName : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  { SMIME FUNCTIONS }
  function SMIME_Wrap(szFileOut : AnsiString; szFileIn : AnsiString; szFeatures : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function SMIME_Extract(szFileOut : AnsiString; szFileIn : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function SMIME_Query(szOutput : PAnsiChar; nOutChars : LongInt; szFileIn : AnsiString; szQuery : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  { COMPRESSION FUNCTIONS }
  function COMPR_Compress(lpOutput : PByte; nOutBytes : LongInt; lpInput : PByte; nInputLen : LongInt; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function COMPR_Uncompress(lpOutput : PByte; nOutBytes : LongInt; lpInput : PByte; nInputLen : LongInt; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  { KEY DERIVATION FUNCTIONS }
  { New in [v20.5] }
  function KDF_Bytes(lpOutput : PByte; nOutBytes : LongInt; lpIKM : PByte; nIkmLen : LongInt; lpInfo : PByte; nInfoLen : LongInt; szParams : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function KDF_ForCms(lpOutput : PByte; nOutBytes : LongInt; lpZZ : PByte; nZzLen : LongInt; lpUkm : PByte; nUkmLen : LongInt; szParams : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  { XOF/PRF FUNCTIONS }
  { New in [v21.0] }
  function XOF_Bytes(lpOutput : PByte; nOutBytes : LongInt; lpMessage : PByte; nMsgLen : LongInt; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function PRF_Bytes(lpOutput : PByte; nOutBytes : LongInt; lpMessage : PByte; nMsgLen : LongInt; lpKey : PByte; nKeyLen : LongInt; szCustom : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  { HPKE RFC9180 FUNCTIONS }
  { New in [v22.0] }
  function HPKE_LabeledExtract(lpOutput : PByte; nOutBytes : LongInt; lpSalt : PByte; nSaltLen : LongInt; szLabel : AnsiString; lpIkm : PByte; nIkmLen : LongInt; szCurveName : AnsiString; szParams : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function HPKE_LabeledExpand(lpOutput : PByte; nOutBytes : LongInt; lpPrk : PByte; nPrkLen : LongInt; szLabel : AnsiString; lpInfo : PByte; nInfoLen : LongInt; szCurveName : AnsiString; szParams : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';
  function HPKE_DerivePrivateKey(szOutput : PAnsiChar; nOutChars : LongInt; lpIkm : PByte; nIkmLen : LongInt; szCurveName : AnsiString; szParams : AnsiString; nOptions : LongInt) : LongInt; stdcall; external 'diCrPKI.dll';

const
  { GENERAL CONSTANTS }
  PKI_DIR_ENCRYPT = 1;
  PKI_DIR_DECRYPT = 0;
  { Synonyms for direction }
  ENCRYPT = 1;
  DECRYPT = 0;
  { Maximum number of bytes in hash digest byte array }
  PKI_MAX_HASH_BYTES = 64;
  PKI_SHA1_BYTES = 20;
  PKI_SHA224_BYTES = 28;
  PKI_SHA256_BYTES = 32;
  PKI_SHA384_BYTES = 48;
  PKI_SHA512_BYTES = 64;
  PKI_MD5_BYTES = 16;
  PKI_MD2_BYTES = 16;
  PKI_RMD160_BYTES = 20;
  PKI_BTC160_BYTES = 20;
  { Maximum number of hex characters in hash digest (excl null) }
  PKI_MAX_HASH_CHARS = (2*PKI_MAX_HASH_BYTES);
  PKI_SHA1_CHARS = (2*PKI_SHA1_BYTES);
  PKI_SHA224_CHARS = (2*PKI_SHA224_BYTES);
  PKI_SHA256_CHARS = (2*PKI_SHA256_BYTES);
  PKI_SHA384_CHARS = (2*PKI_SHA384_BYTES);
  PKI_SHA512_CHARS = (2*PKI_SHA512_BYTES);
  PKI_MD5_CHARS = (2*PKI_MD5_BYTES);
  PKI_MD2_CHARS = (2*PKI_MD2_BYTES);
  PKI_RMD160_CHARS = (2*PKI_RMD160_BYTES);
  PKI_BTC160_CHARS = (2*PKI_BTC160_BYTES);
  { Synonym retained for backwards compatibility }
  PKI_MAX_HASH_LEN = PKI_MAX_HASH_CHARS;
  { Encryption block sizes in bytes }
  PKI_BLK_TDEA_BYTES = 8;
  PKI_BLK_AES_BYTES = 16;
  { Key size in bytes }
  PKI_KEYSIZE_TDEA_BYTES = 24;
  PKI_KEYSIZE_MAX_BYTES = 32;
  { Required size for RNG seed file }
  PKI_RNG_SEED_BYTES = 64;
  { Length of GUID string - added [v12.3] }
  PKI_RNG_GUID_CHARS = 36;
  { Maximum number of characters in a last error message }
  PKI_MAX_LASTERROR_CHARS = 647;
  PKI_MAX_ERROR_CHARS = (PKI_MAX_LASTERROR_CHARS);
  { Maximum number of characters in an error lookup message }
  PKI_MAX_ERRORLOOKUP_CHARS = 127;
  { OPTIONS }
  PKI_DEFAULT = 0;
  { Signature algorithms }
  PKI_SIG_SHA1RSA = $0;
  PKI_SIG_MD5RSA = $1;
  PKI_SIG_MD2RSA = $2;
  PKI_SIG_SHA256RSA = $3;
  PKI_SIG_SHA384RSA = $4;
  PKI_SIG_SHA512RSA = $5;
  PKI_SIG_SHA224RSA = $6;
  { Synonyms added [v12.0] }
  PKI_SIG_RSA_SHA1 = $0;
  PKI_SIG_RSA_SHA224 = $6;
  PKI_SIG_RSA_SHA256 = $3;
  PKI_SIG_RSA_SHA384 = $4;
  PKI_SIG_RSA_SHA512 = $5;
  PKI_SIG_RSA_MD5 = $1;
  { New in [v11.0] }
  PKI_SIG_ECDSA_SHA1 = $10;
  PKI_SIG_ECDSA_SHA224 = $20;
  PKI_SIG_ECDSA_SHA256 = $30;
  PKI_SIG_ECDSA_SHA384 = $40;
  PKI_SIG_ECDSA_SHA512 = $50;
  { New in [v12.0] }
  PKI_SIG_RSA_PSS_SHA1 = $B0;
  PKI_SIG_RSA_PSS_SHA224 = $B6;
  PKI_SIG_RSA_PSS_SHA256 = $B3;
  PKI_SIG_RSA_PSS_SHA384 = $B4;
  PKI_SIG_RSA_PSS_SHA512 = $B5;
  { Safe curves for EdDSA - new in [v20.0] }
  PKI_SIG_ED25519 = $C0;
  PKI_SIG_ED448 = $C1;
  { Salt lengths for RSA-PSS - new in [v12.0] }
  PKI_PSS_SALTLEN_HLEN = $000000;
  PKI_PSS_SALTLEN_MAX = $200000;
  PKI_PSS_SALTLEN_20 = $300000;
  PKI_PSS_SALTLEN_ZERO = $400000;
  { MGF parameters for RSA-OAEP/PSS - new in [v12.0] }
  PKI_MGF_MGF1SHA1 = $800000;
  { PKCS#5 Password-based encryption algorithms }
  PKI_PBE_SHA_3DES = $0;
  { Added in [v11.0] as simpler alternative to PKI_PBE_PBES2 + PKI_BC }
  PKI_PBE_PBKDF2_DESEDE3 = $1010;
  PKI_PBE_PBKDF2_AES128 = $1020;
  PKI_PBE_PBKDF2_AES192 = $1030;
  PKI_PBE_PBKDF2_AES256 = $1040;
  { These next 3 changed in [v11.0] (by adding 0x8000000) }
  PKI_PBE_MD5_DES = $8000001;
  PKI_PBE_MD2_DES = $8000002;
  PKI_PBE_SHA_DES = $8000003;
  { Synonym retained for backwards compatibility }
  PKI_PBES2_3DES = PKI_PBE_PBKDF2_DESEDE3;
  { Older alternative to specify PBES2 PBKDF2 }
  PKI_PBE_PBES2 = $1000;
  { Message digest hash algorithms }
  PKI_HASH_SHA1 = $0;
  PKI_HASH_MD5 = $1;
  PKI_HASH_MD2 = $2;
  PKI_HASH_SHA256 = $3;
  PKI_HASH_SHA384 = $4;
  PKI_HASH_SHA512 = $5;
  PKI_HASH_SHA224 = $6;
  PKI_HASH_RMD160 = $7;
  PKI_HASH_BTC160 = $8;
  PKI_HASH_SHA3_224 = $A;
  PKI_HASH_SHA3_256 = $B;
  PKI_HASH_SHA3_384 = $C;
  PKI_HASH_SHA3_512 = $D;
  PKI_HASH_MODE_TEXT = $10000;
  PKI_HASH_DOUBLE = $20000;
  { HMAC algorithms }
  PKI_HMAC_SHA1 = $0;
  PKI_HMAC_SHA224 = $6;
  PKI_HMAC_SHA256 = $3;
  PKI_HMAC_SHA384 = $4;
  PKI_HMAC_SHA512 = $5;
  PKI_HMAC_SHA3_224 = $A;
  PKI_HMAC_SHA3_256 = $B;
  PKI_HMAC_SHA3_384 = $C;
  PKI_HMAC_SHA3_512 = $D;
  { Options for MAC/XOF/PRF functions }
  PKI_KMAC_128 = $201;
  PKI_KMAC_256 = $202;
  PKI_XOF_SHAKE128 = $203;
  PKI_XOF_SHAKE256 = $204;
  PKI_XOF_MGF1_SHA1 = $210;
  PKI_XOF_MGF1_SHA256 = $213;
  PKI_XOF_MGF1_SHA512 = $215;
  { nFermatExp values for RSA exponent }
  PKI_RSAEXP_EQ_3 = 0;
  PKI_RSAEXP_EQ_5 = 1;
  PKI_RSAEXP_EQ_17 = 2;
  PKI_RSAEXP_EQ_257 = 3;
  PKI_RSAEXP_EQ_65537 = 4;
  { Return values for RSA_CheckKey }
  PKI_VALID_PUBLICKEY = 1;
  PKI_VALID_PRIVATEKEY = 0;
  { Options for ECC Keys - New in [v20.0] }
  PKI_ECC_PRIVATE_KEY = $0;
  PKI_ECC_PUBLIC_KEY = $1;
  { HPKE constants - New in [v22.0] }
  PKI_HPKE_MAX_NH = 64;
  PKI_HPKE_MAX_NSK = 66;
  PKI_HPKE_MAX_NSK_CHARS = (PKI_HPKE_MAX_NSK*2);
  { BIT FLAGS }
  { Key generation and storage }
  PKI_KEYGEN_INDICATE = $1000000;
  PKI_KEY_SECURE_OFF = $2000000;
  PKI_KEY_FORMAT_PEM = $10000;
  PKI_KEY_FORMAT_SSL = $20000;
  PKI_KEY_TYPE_PKCS8 = $40000;
  PKI_KEY_LEGACY = $80000;
  PKI_PFX_STRONG_CERT = $1000000;
  PKI_PFX_PLAIN_CERT = $2000000;
  PKI_PFX_CLONE_KEY = $4000000;
  PKI_PFX_DOUBLE_ENCRYPT = $8000000;
  PKI_PFX_ALT_FORMAT = $100000;
  PKI_PFX_P7CHAIN = $0400;
  PKI_PFX_AES256_SHA256 = $1043;
  PKI_CMS_FORMAT_BASE64 = $10000;
  PKI_CMS_EXCLUDE_CERTS = $0100;
  PKI_CMS_EXCLUDE_DATA = $0200;
  PKI_CMS_CERTS_ONLY = $0400;
  PKI_CMS_INCLUDE_ATTRS = $0800;
  PKI_CMS_ADD_SIGNTIME = $1000;
  PKI_CMS_ADD_SMIMECAP = $2000;
  PKI_CMS_ADD_SIGNINGCERT = $4000;
  PKI_CMS_ADD_ALGPROTECT = $8000;
  PKI_CMS_NO_INFLATE = $1000000;
  PKI_CMS_NO_OUTER = $2000000;
  PKI_CMS_ALT_ALGID = $4000000;
  PKI_CMS_BIGFILE = $8000000;
  PKI_CMS_PSEUDOSIG = $100000;
  PKI_XML_RSAKEYVALUE = $0001;
  PKI_XML_EXCLPRIVATE = $0010;
  PKI_XML_REQPRIVATE = $0020;
  PKI_XML_HEXBINARY = $0100;
  PKI_EME_DEFAULT = $00;
  PKI_EME_PKCSV1_5 = $00;
  PKI_EME_OAEP = $10;
  PKI_EMSIG_DEFAULT = $20;
  PKI_EMSIG_PKCSV1_5 = $20;
  PKI_EMSIG_DIGESTONLY = $1000;
  PKI_EMSIG_DIGINFO = $2000;
  PKI_EMSIG_ISO9796 = $100000;
  { X.509 Option flags }
  PKI_X509_FORMAT_PEM = $10000;
  PKI_X509_FORMAT_BIN = $20000;
  PKI_X509_REQ_KLUDGE = $100000;
  PKI_X509_NO_TIMECHECK = $200000;
  PKI_X509_LATIN1 = $400000;
  PKI_X509_UTF8 = $800000;
  PKI_X509_AUTHKEYID = $1000000;
  PKI_X509_NO_BASIC = $2000000;
  PKI_X509_CA_TRUE = $4000000;
  PKI_X509_VERSION1 = $8000000;
  PKI_X509_LDAP = $1000;
  PKI_X509_DECIMAL = $8000;
  { Flags for X.509 Key Usage }
  PKI_X509_KEYUSAGE_DIGITALSIGNATURE = $0001;
  PKI_X509_KEYUSAGE_NONREPUDIATION = $0002;
  PKI_X509_KEYUSAGE_KEYENCIPHERMENT = $0004;
  PKI_X509_KEYUSAGE_DATAENCIPHERMENT = $0008;
  PKI_X509_KEYUSAGE_KEYAGREEMENT = $0010;
  PKI_X509_KEYUSAGE_KEYCERTSIGN = $0020;
  PKI_X509_KEYUSAGE_CRLSIGN = $0040;
  PKI_X509_KEYUSAGE_ENCIPHERONLY = $0080;
  PKI_X509_KEYUSAGE_DECIPHERONLY = $0100;
  { Specific return values }
  { [v12.0] Changed from +1/-1 to proper error codes }
  PKI_X509_EXPIRED = 16;
  PKI_X509_VERIFY_FAILURE = 22;
  PKI_X509_REVOKED = 42;
  PKI_X509_INVALID = 43;
  PKI_X509_VALID_NOW = 0;
  PKI_X509_VERIFY_SUCCESS = 0;
  { Return values for CNV_CheckUTF }
  PKI_CHRS_NOT_UTF8 = 0;
  PKI_CHRS_ALL_ASCII = 1;
  PKI_CHRS_ANSI8 = 2;
  PKI_CHRS_MULTIBYTE = 3;
  { Options for CNV_ByteEncoding }
  PKI_CNV_UTF8_FROM_LATIN1 = $1;
  PKI_CNV_LATIN1_FROM_UTF8 = $2;
  { Options for CNV_Num[To/From]Bytes }
  PKI_CNV_BIG_ENDIAN = $0;
  PKI_CNV_LITTLE_ENDIAN = $1;
  { Flags and return values for X.509 and CMS query functions }
  PKI_QUERY_GETTYPE = $100000;
  PKI_QUERY_NUMBER = 1;
  PKI_QUERY_STRING = 2;
  { Options for RNG functions }
  PKI_RNG_STRENGTH_112 = $00;
  PKI_RNG_STRENGTH_128 = $01;
  { Block cipher (BC) algorithm options }
  PKI_BC_TDEA = $10;
  PKI_BC_3DES = $10;
  PKI_BC_DESEDE3 = $10;
  PKI_BC_AES128 = $20;
  PKI_BC_AES192 = $30;
  PKI_BC_AES256 = $40;
  { Block cipher mode options }
  PKI_MODE_ECB = $000;
  PKI_MODE_CBC = $100;
  PKI_MODE_OFB = $200;
  PKI_MODE_CFB = $300;
  PKI_MODE_CTR = $400;
  { Added [v12.1] AEAD only }
  PKI_MODE_GCM = $500;
  { Block cipher padding options }
  PKI_PAD_DEFAULT = $0;
  PKI_PAD_NOPAD = $10000;
  PKI_PAD_PKCS5 = $20000;
  PKI_PAD_1ZERO = $30000;
  { Added [v11.1] }
  PKI_PAD_AX923 = $40000;
  PKI_PAD_W3C = $50000;
  { AEAD algorithms - added [v12.1] }
  PKI_AEAD_AES_128_GCM = $520;
  PKI_AEAD_AES_192_GCM = $530;
  PKI_AEAD_AES_256_GCM = $540;
  PKI_AEAD_CHACHA20_POLY1305 = $550;
  PKI_AEAD_TAG_BYTES = 16;
  { Block cipher option flags }
  PKI_IV_PREFIX = $1000;
  { Key wrap algorithms - added [v20.5] }
  PKI_KWRAP_3DES = $100000;
  PKI_KWRAP_AES128 = $200000;
  PKI_KWRAP_AES192 = $300000;
  PKI_KWRAP_AES256 = $400000;
  { Key transport algorithms }
  PKI_KT_RSAES_PKCS = $0000;
  PKI_KT_RSAES_OAEP = $8000;
  { Key derivation functions }
  { Changed [v20.5] }
  PKI_KDF_X963 = $0000;
  PKI_KDF_HKDF = $1000;
  { ASN.1 utilities - added [v10.0] }
  PKI_ASN1_NOCOMMENTS = $100000;
  PKI_ASN1_ADDLEVELS = $800000;
  PKI_ASN1_TYPE_MAXCHARS = 64;
  { SIG functions }
  PKI_SIG_USEDIGEST = $1000;
  PKI_SIG_DETERMINISTIC = $2000;
  PKI_SIG_ASN1DER = $4000;
  { SMIME functions - added [v10.0] }
  PKI_SMIME_ENCODE_BASE64 = $10000;
  PKI_SMIME_ENCODE_BINARY = $20000;
  PKI_SMIME_ADDX = $100000;
  { Encoding options - added [v11.0] }
  PKI_ENCODE_HEX = $30000;
  PKI_ENCODE_BASE64URL = $40000;
  { Wipefile options - added [v12.0] }
  PKI_WIPEFILE_DOD7 = $0;
  PKI_WIPEFILE_SIMPLE = $1;
  { General }
  PKI_GEN_PLATFORM = $40;
  PKI_GEN_LEGACY = $8000000;

implementation
end.