CryptMsgVerifyCountersignatureEncoded

The CryptMsgVerifyCountersignatureEncoded function verifies a countersignature in terms of the SignerInfo data structure (as defined by PKCS # 7); that is, verify that pbSignerInfoCountersignature contains the encrypted hash of the encryptedDigest field of pbSignerInfo.

#include <wincrypt.h>
BOOL WINAPI CryptMsgVerifyCountersignatureEncoded(
  HCRYPTPROV hCryptProv,                 // in
  DWORD dwMsgAndCertEncodingType,        // in
  PBYTE pbSignerInfo,                    // in
  DWORD cbSignerInfo,                    // in
  PBYTE pbSignerInfoCountersignature,    // in
  DWORD cbSignerInfoCountersignature,    // in
  PCERT_INFO pciCountersigner            // in
);

Parameters

hCryptProv
Specifies a handle to the cryptographic provider to use to hash the encryptedDigest field of pbSignerInfo.

Unless there is a strong reason for passing in a specific cryptographic provider in hCryptProv, zero should be passed in. Passing in zero causes the default RSA or DSS provider to be acquired before doing hash, signature verification or recipient encryption operations.

dwMsgAndCertEncodingType
The type of encoding used. Note that both a certificate and message encoding type is required to be specified by combining them with a bitwise OR operation, as shown in the following example: 
CRYPT_ASN_ENCODING | PKCS_7_ASN_ENCODING

Currently defined encoding types are shown in the following table.
Encoding type Value
CRYPT_ASN_ENCODING 0x00000001
PKCS_7_ASN_ENCODING 0x00010000

pbSignerInfo
A pointer to the encoded blob which contains the signer of the contents of a message that is to be countersigned.
cbSignerInfo
The count, in bytes, of the encoded blob for the signer of the contents.
pbSignerInfoCountersignature
A pointer to the encoded blob that contains the countersigner information.
cbSignerInfoCountersignature
The count, in bytes, of the encoded blob for the countersigner of the message.
pciCountersigner
Contains an encoded blob with the issuer and serial number of the counter signer. See "Remarks".

Return Values

If the function fails, the return value is FALSE (zero). If it succeeds, the return value is TRUE (non-zero).

To retrieve extended error information, use the GetLastError function.

The following table lists the error codes most commonly returned by the GetLastError function.

Error code Description
CRYPT_E_AUTH_ATTR_MISSING The message does not contain an expected authenticated attribute.
CRYPT_E_HASH_VALUE The hash value is not correct.
CRYPT_E_ISSUER_SERIALNUMBER The issuer and/or serial number is not valid.
CRYPT_E_OSS_ERROR OSS Certificate encode/decode error code base. Note, to get the OSS error subtract CRYPT_E_OSS_ERROR from the returned error and see asn1code.h for details on the error.
CRYPT_E_UNEXPECTED_ENCODING The message is not encoded as expected.
CRYPT_E_UNKNOWN_ALGO The cryptographic algorithm is unknown.
E_INVALIDARG One or more arguments are invalid.
E_OUTOFMEMORY Ran out of memory.
Propagated errors that may be encountered: An error can be propagated from:
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptImportKey
CryptVerifySignature

Remarks

The issuer and serial number of the counter signer must match with the countersigner information from pbSignerInfoCountersignature. The only fields referenced from pciCountersigner are SerialNumber, Issuer, and SubjectPublicKeyInfo. The SubjectPublicKeyInfo is used to import the public key, which is then used to perform a cryptographic operation on the hash from the pciCountersigner, which is compared with the hash that is computed from the pbSignerInfo.

Example

See Example Code For Countersigning a Message.

QuickInfo

  Windows NT: Requires version 4.0 SP3 or later. Available also in IE 3.02 and later.
  Windows: Requires Windows 98 (or Windows 95 with IE 3.02 or later).
  Windows CE: Unsupported.
  Header: Declared in wincrypt.h.
  Import Library: Use crypt32.lib.

See Also

CryptMsgCountersign, CryptMsgCountersignEncoded