CryptSignCertificate

The CryptSignCertificate function signs the "to be signed" information in the encoded signed content.

#include <wincrypt.h>
BOOL WINAPI CryptSignCertificate(
  HCRYPTPROV hCryptProv,                            // in
  DWORD dwKeySpec,                                  // in
  DWORD dwCertEncodingType,                         // in
  BYTE *pbEncodedToBeSigned,                        // in, constant
  DWORD cbEncodedToBeSigned,                        // in
  PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm,  // in
  void *pvHashAuxInfo,                              // in/optional
  BYTE *pbSignature,                                // out
  DWORD *pcbSignature                               // in, out
);
 

Parameters

hCryptProv

Specifies the Cryptographic Service Provider to use to do the signature.

dwKeySpec

Identifies the private key to use from the provider's container. For example, AT_KEYEXCHANGE or AT_SIGNATURE.

dwCertEncodingType

The type of encoding used on the certificate. Currently defined certificate encoding types are shown in the following table:

Encoding type	Value
X509_ASN_ENCODING	0x00000001

pbEncodedToBeSigned

The address of the encoded content to be signed.

cbEncodedToBeSigned

The size, in bytes, of the encoded content.

pSignatureAlgorithm

CRYPT_ALGORITHM_IDENTIFIER with a member pszObjId that should be set to one of the following:

szOID_OIWSEC_sha1RSASign
szOID_RSA_MD5RSA

pvHashAuxInfo

Not currently used. Must be NULL.

pbSignature

Pointer to a buffer that receives the signed hash of the content.

This parameter can be NULL to set the size of this information for memory allocation purposes. For more information, see Common In/Out Parameter Conventions.

pcbSignature

Pointer to a DWORD that contains the size, in bytes, of the buffer pointed to by the pbSignature parameter. When the function returns, the variable pointed to by the pcbSignature parameter contains the number of bytes stored in the buffer. This parameter can be NULL only if pbSignature is NULL.

Note  When processing the data returned in the buffer, applications need to use the actual size of the data returned. The actual size may be slightly smaller than the size of the buffer specified on input. (On input, buffer sizes are usually specified large enough to insure that the largest possible output data will fit in the buffer.) On output, the variable pointed to by this parameter is updated to reflect the actual size of the data copied to the buffer.

Return Values

TRUE if the function succeeded, FALSE if the function failed.

Call GetLastError to see the reason for any failures. Note that errors from the called functions CryptCreateHash, CryptSignHash and CryptHashData may be propagated to this function. This function has the following error codes.

Example

// EXAMPLE CODE FOR USING CryptSignCertificate().
// Signs the encoded signed content.
// Assume that pointers to the encoded content
// (pbEncodedToBeSigned) and the signature algorithm
// (pSignatureAlgorithm) have already been defined.

// Set up the variables.
HCRYPTPROV hCryptProv = 0;        // Service Provider handle
DWORD dwKeySpec = AT_KEYEXCHANGE; // Private key
DWORD dwCertEncodingType = X509_ASN_ENCODING;
                                  // Type of encoding
BYTE *pbEncodedToBeSigned;        // Initialized elsewhere
DWORD cbEncodedToBeSigned;        // Size of content (bytes)
PCRYPT_ALGORITHM_IDENTIFIER pSignatureAlgorithm;
                                  // Initialized elsewhere
                                  //   Algorithm object identifiers
void *pvHashAuxInfo = NULL;       // Not used- set to NULL
BYTE *pbSignature = NULL;         // Pointer to the signed hash - set
                                  //   to NULL - memory allocation
                                  //   purposes
DWORD cbSignature;                // Signature size (bytes)
BOOL fResult;                     // Return TRUE if function succeeded
                                  //   FALSE if function failed

// Function called the first time to get the pointer
// to the handle to the public key (pcbSignature).
fResult= CryptSignCertificate(
           hCryptProv,
           dwKeySpec,
           dwCertEncodingType,
           pbEncodedToBeSigned,
           cbEncodedToBeSigned,
           pSignatureAlgorithm,
           NULL,             // NULL - set to NULL
           NULL,             // NULL - to determine the size of
                             //   this informaiton - memory allocation
           &cbSignature);
if (!fResult) {              // FALSE
 cout<< "first call to CryptSignCertificate failed"<< endl;
}
else {
 cout<< "first call to CryptSignCertificate successful"<< endl;
 pbSignature = (BYTE *) malloc (cbSignature);
 cout<< "memory allocated"<< endl;
}

// Function call with the address of the signed hash 
fResult= CryptSignCertificate(
           hCryptProv,         // in - 0 is default RSA or DSS
                               //   provider 
           dwKeySpec,          // in - Key from provider's container
           dwCertEncodingType, // in - X509_ASN_ENCODING
           pbEncodedToBeSigned,// in/constant - Pointer to encoded
                               //   content
           cbEncodedToBeSigned,// in
           pSignatureAlgorithm,// in
           pvHashAuxInfo,      // in/optional
           NULL,
           &cbSignature);      // in/out- Pointer handle to public key

if (!fResult) {                // FALSE
 cout<< "Function failed"<< endl
     << "error code = "<< GetLastError()<< endl;
}
else {                         // TRUE
 cout<< "Function succeeded"<< endl;
}
 

QuickInfo

  Windows NT: Requires version 4.0 SP3 or later. Available also in IE 3.02 and later.
  Windows: Requires Windows 98 (or Windows 95 with IE 3.02 or later).
  Windows CE: Unsupported.
  Header: Declared in wincrypt.h.
  Import Library: Use crypt32.lib.

See Also

CryptSignAndEncodeCertificate