SECURITYINFO  
 

The SECURITYINFO structure contains security related information about the connection, including the protocol, cipher suite and fingerprint.

typedef struct _SECURITYINFO
{
   DWORD        dwSize;
   DWORD        dwProtocol;
   DWORD        dwCipher;
   DWORD        dwCipherStrength;
   DWORD        dwHash;
   DWORD        dwHashStrength;
   DWORD        dwKeyExchange;
   DWORD        dwCertStatus;
   SYSTEMTIME   stCertIssued;
   SYSTEMTIME   stCertExpires;
   LPCTSTR      lpszCertIssuer;
   LPCTSTR      lpszCertSubject;
   LPCTSTR      lpszFingerprint;
} SECURITYINFO, *LPSECURITYINFO;

Members

dwSize
Specifies the size of the data structure. This member must always be initialized to the size of the structure in bytes prior to passing the address of this structure to the function. If this this member is not initialized, an error will be returned indicating that an invalid parameter has been passed to the function.
dwProtocol
A numeric value which specifies the protocol that was selected to establish the secure connection. One of the following values will be returned:
Value Description
SECURITY_PROTOCOL_NONE The connection is not secure. This value indicates a standard connection was established and all other structure members will have a value of zero.
SECURITY_PROTOCOL_SSH2 The Secure Shell 2.0 protocol was selected.
dwCipher
A numeric value which specifies the cipher that was selected when establishing the secure connection. One of the following values will be returned:
Value Description
SECURITY_CIPHER_RC5 The RC5 block cipher was selected. This is a variable key length cipher which supports keys up to 2040 bits, in 8-bit increments.
SECURITY_CIPHER_DES The DES (Data Encryption Standard) block cipher was selected. This is a fixed key length cipher, using 56-bit keys.
SECURITY_CIPHER_DES3 The Triple DES block cipher was selected. This cipher encrypts the data three times using different keys, effectively providing a 168-bit length key.
SECURITY_CIPHER_AES The Advanced Encryption Standard cipher (also known as the Rijndael cipher) is a fixed block size cipher which use a key size of 128, 192 or 256 bits. This cipher is supported on Windows XP SP3 and later versions of the operating system.
dwCipherStrength
A numeric value which specifies the strength (the length of the cipher key in bits) of the cipher that was selected. Typically this value will be 128 or 256. 40-bit and 56-bit key lengths are considered weak encryption, and subject to brute force attacks. 128-bit and 256-bit key lengths are considered to be secure and are the recommended key length for secure communications.
dwHash
A numeric value which specifies the hash algorithm which was selected. One of the following values will be returned:
Value Description
SECURITY_HASH_MD5 The MD5 algorithm was selected. Its use has been deprecated and is no longer considered to be cryptographically secure.
SECURITY_HASH_SHA1 The SHA-1 algorithm was selected. Its use has been deprecated and is no longer considered to be cryptographically secure.
SECURITY_HASH_SHA256 The SHA-256 algorithm was selected.
dwHashStrength
A numeric value which specifies the strength (the length in bits) of the message digest that was selected.
dwKeyExchange
A numeric value which specifies the key exchange algorithm which was selected. One of the following values will be returned:
Value Description
SECURITY_KEYEX_RSA The RSA public key algorithm was selected.
SECURITY_KEYEX_KEA The Key Exchange Algorithm (KEA) was selected. This is an improved version of the Diffie-Hellman public key algorithm.
SECURITY_KEYEX_DH The Diffie-Hellman key exchange algorithm was selected.
SECURITY_KEYEX_ECDH The Elliptic Curve Diffie-Hellman key exchange algorithm was selected. This is a variant of the Diffie-Hellman algorithm which uses elliptic curve cryptography. This key exchange algorithm is only supported on Windows XP SP3 and later versions of the operating system.
dwCertStatus
This member is not used with SSH connections and will have a value of zero.
stCertIssued
This member is not used with SSH connections and will have a value of zero.
stCertExpires
This member is not used with SSH connections and will have a value of zero.
lpszCertIssuer
This member is not used with SSH connections and will have a value of zero.
lpszCertSubject
This member is not used with SSH connections and will have a value of zero.
lpszFingerprint
A pointer to a string which contains a sequence of hexadecimal values that uniquely identify the server.

Remarks

The size of this structure is typically determined using the sizeof operator in C/C++ and most other languages have a similar method for obtaining the size of a data structure or user-defined type. It is important to note the size of this structure will be different on 32-bit and 64-bit platforms due to the difference in the length of the structure members which are pointers.

When evaluating structure members which are string pointers, such as lpszCertIssuer and lpszCertSubject, you should always check to ensure their values are not NULL (zero) before attempting to dereference them. If those values are undefined, it is not guaranteed they will point to zero-length strings.

There are additional protocols and ciphers defined which are not listed above because they are considered insecure and cannot be used when establishing a connection with the server. Although SSH protocol version 1.0 is defined in the header file, it is important to note that it is considered insecure and is no longer supported.

Requirements

Minimum Desktop Platform: Windows 7 Service Pack 1
Minimum Server Platform: Windows Server 2008 R2 Service Pack 1
Header File: cstools11.h
Unicode: Implemented as Unicode and ANSI versions

  
 

Copyright © 2025 Catalyst Development Corporation. All rights reserved.