Decoding Signed Data

The following procedure will allow you to decode a signed data type.

    To decode a signed message

1. Get a pointer to the encoded blob.
2. Call CryptMsgOpenToDecode, passing the necessary arguments.
3. Call CryptMsgUpdate once, passing in the handle retrieved in step 2, and a pointer to the data that is to be decoded. This causes the appropriate actions to be taken on the message, depending on the message type.
4. Call CryptMsgGetParam, passing in the handle retrieved in step 2, and the appropriate parameter types to access the decoded data. For example, pass in CMSG_CONTENT_PARAM to get a pointer to the decoded content.

The following procedure allows you to verify the signature of a decoded, signed message.

    To verify the signature of a decoded, signed message

1. Call CryptMsgGetParam, passing in the message handle and CMSG_SIGNER_CERT_INFO_PARAM to get the signer's CERT_INFO from the message.
2. Call CertOpenStore, to open a temporary store that is initialized with the certificates from the message.
3. Call CertGetSubjectCertificateFromStore to get the signer's CERT_INFO from the certificates included in the message.
4. Call CryptMsgControl, passing in CMSG_CTRL_VERIFY_SIGNATURE to verify the signatures.
5. Call CryptMsgClose to close the message.

The result of these procedures is that the signature was verified and a pointer was retrieved to the decoded message content obtained in step 4 of the procedure for decoding a signed message.