Verifying a CTL
To make it more difficult for an interloper to substitute a bogus CTL for an existing one, the signature on the CTL should be verified each time the CTL is used. If the CTL does not contain a trusted signature, then it should not be used.
To verify a CTL signature
-
Open the certificate store containing the desired CTL.
-
Get a handle to a CTL_CONTEXT for the CTL. This can be done by calling any of the functions that return a handle to the CTL_CONTEXT, such as CertFindCTLInStore.
-
Call CryptMsgGetAndVerifySigner, passing the CTL_CONTEXT retrieved in step 2 in the hCryptMsg argument, a handle to the certificate store containing the certificate of the trusted source for CTLs in the rghSignerStore argument, and the CMSG_TRUSTED_SIGNER_FLAG in the dwFlags argument. If the function call returns TRUE, then the signature was verified, and a pointer to the CTL signer's PCERT_CONTEXT is returned in the ppSigner parameter.