CPVerifySignature

The CPVerifySignature function is used to verify a digital signature against a hash object.

BOOL CPVerifySignature(
  HCRYPTPROV hProv,      // in
  HCRYPTHASH hHash,      // in
  CONST BYTE *pbSignature,  // in
  DWORD dwSigLen,        // in
  HCRYPTKEY hPubKey,     // in
  LPCWSTR sDescription,  // in
  DWORD dwFlags          // in
);

Parameters

hProv: Handle to a particular key container (or "context") within the CSP. This handle is obtained via a call to CPAcquireContext.
hHash: Handle to the hash object to verify against.
pbSignature: Buffer containing the signature data to be verified.
dwSigLen: Length (in bytes) of the signature data.
hPubKey: Handle to the public key to be used to verify the signature.
sDescription: Applications should no longer be using this parameter and should be set to NULL to prevent security vulnerabilities. However, CSPs may prefer to keep supporting it for backward compatibility in the Microsoft Providers.
dwFlags: Flag values. No flags are currently defined.

Return Values

If the function succeeds, TRUE should be returned; otherwise, return FALSE. When FALSE is returned, the appropriate error code (see the following table) must be set via SetLastError.

Error	Description
NTE_BAD_FLAGS	The dwFlags parameter is non-zero.
NTE_BAD_HASH	The hash object specified by the hHash parameter is invalid.
NTE_BAD_KEY	The hPubKey parameter does not contain a handle to a valid public key.
NTE_BAD_SIGNATURE	The signature failed to verify. This could be because the data itself has changed, the description string did not match, or the wrong public key was specified by hPubKey. This error may also be returned if the hashing or signature algorithms don't match the ones used to create the signature.
NTE_BAD_UID	The CSP context that was specified when the hash object was created cannot now be found.
NTE_NO_MEMORY	The CSP ran out of memory during the operation.

Remarks

The CPVerifySignature function typically performs the following steps internally:

The sDescription description string, if supported, is added to the hash object.
The hash object is "finished," and the hash value extracted.
The hash value is padded out as required by the signature algorithm.
The actual verification operation is performed by using the hPubKey public key. The NTE_BAD_SIGNATURE error code is returned if the signed hash within the pbSignature buffer and the hash value in the hHash hash object do not match.

The application should not be allowed to add more data to the hash object after the verification has been performed. However, the application is still responsible for calling the CPDestroyHash function.

CPVerifySignature

Parameters

Return Values

Remarks

See Also