Encoding Hashed Data

When creating a hashed message, there can be multiple hash algorithms and multiple hashes. The following illustration depicts the tasks required to encode a hashed message and the tasks are described in the list that follows it.

To create a hashed message

Get a pointer to the data to be hashed.
Determine the hash algorithm to be used.
Put the data through a hashing function using the hash algorithm.
Include the original data to be hashed, the hashing algorithms, and the hashes in the encoded message.

To use low-level message functions to accomplish the tasks just outlined, use the following procedure.

To encode a hashed message using CryptoAPI

Create or retrieve the content.
Get a cryptographic provider.
Initialize the CMSG_HASHED_ENCODE_INFO structure.
Call CryptMsgCalculateEncodedLength to get the size of the encoded message blob. Allocate memory for it.
Call CryptMsgOpenToEncode passing in CMSG_HASHED for dwMsgType, and a pointer to CMSG_HASHED_ENCODE_INFO for pvMsgEncodeInfo. As a result of this call, you get a handle to the opened message.
Call CryptMsgUpdate, passing in the handle retrieved in step 5, and a pointer to the data that is to be hashed and encoded. This function can be called as many times as necessary to complete the encoding process.
Call CryptMsgGetParam, passing in the handle retrieved in step 5, and the appropriate parameter types to access the desired, encoded data. For example, pass in CMSG_CONTENT_PARAM to get a pointer to the entire PKCS #7 message.
If the result of this encoding is to be used as the inner data for another encoded message, such as an enveloped message, the CMSG_BARE_CONTENT_PARAM parameter must be passed. For example code showing this, see Enveloped Message Example 2.
Close the message by calling CryptMsgClose.

The result of this procedure is an encoded message that contains the original data, the hashing algorithms, and the hash of that data. A pointer to the encoded message blob is obtained in step 7.