The CryptVerifyMessageSignature function verifies the signature on a signed message.
#include <wincrypt.h>
BOOL WINAPI CryptVerifyMessageSignature(
PCRYPT_VERIFY_MESSAGE_PARA pVerifyPara, // in
DWORD dwSignerIndex, // in
const BYTE *pbSignedBlob, // in
DWORD cbSignedBlob, // in
BYTE *pbDecoded, // out, optional
DWORD *pcbDecoded, // in/out, optional
PCCERT_CONTEXT *ppSignerCert // out, optional
);
This parameter can be NULL if the decoded message is not needed for additional processing, or to set the size of the message for memory allocation purposes. For more information, see Common In/Out Parameter Conventions.
Note that when processing the data returned in the buffer, applications need to use the actual size of the data returned. The actual size may be slightly smaller than the size of the buffer specified on input. (On input, buffer sizes are usually specified large enough to insure that the largest possible output data will fit in the buffer.) On output, the variable pointed to by this parameter is updated to reflect the actual size of the data copied to the buffer.
TRUE if the function succeeded and the signature was verified. FALSE if the function failed to verify the signature. Call GetLastError to see the reason for the failure.
Call GetLastError to see the reason for any failures. Note that errors from the called functions CryptCreateHash, CryptHashData, CryptVerifySignature, and CryptImportKey may be propagated to this function. This function has the following error codes:
Error code | Description |
---|---|
ERROR_MORE_DATA | If the buffer specified by the pbDecoded parameter is not large enough to hold the returned data, the function sets the ERROR_MORE_DATA code, and stores the required buffer size, in bytes, into the variable pointed to by pcbDecoded. |
E_INVALIDARG | Invalid message and certificate encoding types. Currently only PKCS_7_ASN_ENCODING and X509_ASN_ENCODING_TYPE are supported. Invalid cbSize in *pVerifyPara. |
CRYPT_E_OSS_ERROR | Message ASN.1 decoding error. Note, to get the OSS error subtract CRYPT_E_OSS_ERROR from the returned error and see asn1code.h for details on the error. |
CRYPT_E_UNEXPECTED_ MSG_TYPE |
Not a signed cryptographic message. |
CRYPT_E_NO_SIGNER | The message doesn't have any signers or a signer for the specified dwSignerIndex. |
NTE_BAD_ALGID | The message was hashed and signed using an algorithm we don't know about or support. |
NTE_BAD_SIGNATURE | The message's signature was not verified. |
For a verified signer and message, **ppSignerCert is updated with the CERT_CONTEXT of the signer. It must be freed by calling CertFreeCertificateContext. Otherwise, *ppSignerCert is set to NULL.
For a message containing only certificates and CRLs, pcbDecoded should be set to NULL.
See Example Code Using CryptVerifyMessageSignature.
Windows NT: Requires version 4.0 SP3 or later. Available also in IE 3.02 and later.
Windows: Requires Windows 98 (or Windows 95 with IE 3.02 or later).
Windows CE: Unsupported.
Header: Declared in wincrypt.h.
Import Library: Use crypt32.lib.
CryptVerifyDetachedMessageSignature