CryptVerifyMessageSignature

The CryptVerifyMessageSignature function verifies the signature on a signed message.

#include <wincrypt.h>
BOOL WINAPI CryptVerifyMessageSignature(
  PCRYPT_VERIFY_MESSAGE_PARA pVerifyPara, // in
  DWORD dwSignerIndex,                    // in
  const BYTE *pbSignedBlob,               // in
  DWORD cbSignedBlob,                     // in
  BYTE *pbDecoded,                        // out, optional
  DWORD *pcbDecoded,                      // in/out, optional
  PCCERT_CONTEXT *ppSignerCert            // out, optional
);

Parameters

pVerifyPara
Pointer to the verify parameters. For details, see Simplified Message Data Structures.
dwSignerIndex
This is an index to the desired signature. There can be more than one signature. CryptVerifyMessageSignature can be called repeatedly, incrementing dwSignerIndex each time. Set this parameter to zero for the first signer, or if there is only one signer. If the function returns FALSE, and GetLastError returns CRYPT_E_NO_SIGNER, the previous call got the last signer of the message.
pbSignedBlob
Pointer to the signed message.
cbSignedBlob
Size, in bytes, of the signed message.
pbDecoded
Optional parameter. Pointer to a buffer that receives the decoded message.

This parameter can be NULL if the decoded message is not needed for additional processing, or to set the size of the message for memory allocation purposes. For more information, see Common In/Out Parameter Conventions.

pcbDecoded
Optional parameter. Pointer to a variable that specifies the size, in bytes, of the buffer pointed to by the pbComputedHash parameter. When the function returns, this variable contains the size, in bytes, of the decoded message copied to pbDecoded. The decoded message will not be returned if this parameter is NULL.

Note that when processing the data returned in the buffer, applications need to use the actual size of the data returned. The actual size may be slightly smaller than the size of the buffer specified on input. (On input, buffer sizes are usually specified large enough to insure that the largest possible output data will fit in the buffer.) On output, the variable pointed to by this parameter is updated to reflect the actual size of the data copied to the buffer.

ppSignerCert
Optional parameter, it is a pointer to the certificate context pointer of the signer. This parameter can be NULL, indicating that the caller isn't interested in getting the CERT_CONTEXT of the signer.

Return Values

TRUE if the function succeeded and the signature was verified. FALSE if the function failed to verify the signature. Call GetLastError to see the reason for the failure.

Call GetLastError to see the reason for any failures. Note that errors from the called functions CryptCreateHash, CryptHashData, CryptVerifySignature, and CryptImportKey may be propagated to this function. This function has the following error codes:

Error code Description
ERROR_MORE_DATA If the buffer specified by the pbDecoded parameter is not large enough to hold the returned data, the function sets the ERROR_MORE_DATA code, and stores the required buffer size, in bytes, into the variable pointed to by pcbDecoded.
E_INVALIDARG Invalid message and certificate encoding types. Currently only PKCS_7_ASN_ENCODING and X509_ASN_ENCODING_TYPE are supported. Invalid cbSize in *pVerifyPara.
CRYPT_E_OSS_ERROR Message ASN.1 decoding error. Note, to get the OSS error subtract CRYPT_E_OSS_ERROR from the returned error and see asn1code.h for details on the error.
CRYPT_E_UNEXPECTED_
MSG_TYPE 		Not a signed cryptographic message.
CRYPT_E_NO_SIGNER The message doesn't have any signers or a signer for the specified dwSignerIndex.
NTE_BAD_ALGID The message was hashed and signed using an algorithm we don't know about or support.
NTE_BAD_SIGNATURE The message's signature was not verified.

Remarks

For a verified signer and message, **ppSignerCert is updated with the CERT_CONTEXT of the signer. It must be freed by calling CertFreeCertificateContext. Otherwise, *ppSignerCert is set to NULL.

For a message containing only certificates and CRLs, pcbDecoded should be set to NULL.

Example

See Example Code Using CryptVerifyMessageSignature.

QuickInfo

  Windows NT: Requires version 4.0 SP3 or later. Available also in IE 3.02 and later.
  Windows: Requires Windows 98 (or Windows 95 with IE 3.02 or later).
  Windows CE: Unsupported.
  Header: Declared in wincrypt.h.
  Import Library: Use crypt32.lib.

See Also

CryptVerifyDetachedMessageSignature