CryptSignAndEncryptMessage

The CryptSignAndEncryptMessage function creates a hash of the specified content, signs the hash, encrypts the content and the signed hash, and then encodes the encrypted content and signed hash (encrypted message). The result is the same as if you first signed and then encrypted separately.

#include <wincrypt.h>
BOOL WINAPI CryptSignAndEncryptMessage(
  PCRYPT_SIGN_MESSAGE_PARA pSignPara,       // in
  PCRYPT_ENCRYPT_MESSAGE_PARA pEncryptPara, // in
  DWORD cRecipientCert,                     // in
  PCCERT_CONTEXT rgpRecipientCert[ ],       // in
  const BYTE *pbToBeSignedAndEncrypted,     // in
  DWORD cbToBeSignedAndEncrypted,           // in
  BYTE *pbSignedAndEncryptedBlob,           // out
  DWORD *pcbSignedAndEncryptedBlob          // in/out
);

Parameters

pSignPara
Pointer to the signature parameters. For details, see Simplified Message Data Structures.
pEncryptPara
Pointer to the encryption parameters. For details, see Simplified Message Data Structures.
cRecipientCert
Number of array elements in rgpRecipientCert[].
rgpRecipientCert[]
Array of pointers to the certificate contexts of the intended recipients of the message.
pbToBeSignedAndEncrypted
Pointer to the content that is to be signed and encrypted.
cbToBeSignedAndEncrypted
Size, in bytes, of the content located at *pbToBeSignedAndEncrypted.
pbSignedAndEncryptedBlob
Pointer to a buffer that receives the encrypted and encoded message.

This parameter can be NULL to set the size of this information for memory allocation purposes. For more information, see Common In/Out Parameter Conventions.

pcbSignedAndEncryptedBlob
Pointer to a variable that specifies the size, in bytes, of the buffer pointed to by the pbSignedAndEncryptedBlob parameter. When the function returns, this variable contains the size, in bytes, of the signed and encrypted message copied to *pbSignedAndEncryptedBlob.

Note that when processing the data returned in the buffer, applications need to use the actual size of the data returned. The actual size may be slightly smaller than the size of the buffer specified on input. (On input, buffer sizes are usually specified large enough to insure that the largest possible output data will fit in the buffer.) On output, the variable pointed to by this parameter is updated to reflect the actual size of the data copied to the buffer.

Return Values

TRUE if the function succeeded. FALSE if the function failed.

Call GetLastError to see the reason for any failures. Note that errors from the called functions CryptSignMessage and CryptEncryptMessage may be propagated to this function.

This function has the following error codes.

Error code Description
ERROR_MORE_DATA If the buffer specified by the pbSignedAndEncryptedBlob parameter is not large enough to hold the returned data, the function sets the ERROR_MORE_DATA code, and stores the required buffer size, in bytes, into the variable pointed to by pcbSignedAndEncryptedBlob.

Example

// EXAMPLE CODE FOR USING CryptSignAndEncryptMessage() to sign and 
// encrypt a single message.

// Assume that the application already knows the addresses of the
// recipient certification array (rgpRecipientCert[]), the number of elements
// in rgcRecipientCert[] (cRecipientCert), the message to be signed and
// encrypted (pbToBeSignedAndEncrypted), and the size of the message 
// (cbToBeSignedAndEnctypted).

// Set up the variables.
CRYPT_SIGN_MESSAGE_PARA     SignPara;       //Struct initialized
                                            //   elsewhere
CRYPT_ENCRYPT_MESSAGE_PARA  EncryptPara;    //Struct initialized
                                            //   elsewhere
DWORD            cRecipientCert = 1;        // Initialized elsewhere
PCCERT_CONTEXT   rgpRecipientCert[1];       // Initialized elsewhere
const BYTE*      pbToBeSignedAndEncrypted;  // Initialized 
                                            //   elsewhere
DWORD            cbToBeSignedAndEncrypted;  // Initialized 
                                            //   elsewhere
DWORD            cbSignedAndEncryptedBlob;

// Call CryptSignAndEncryptMessage to get the size of the signed and 
// encrypted message. 
BOOL             fReturn =  FALSE;

fReturn = CryptSignAndEncryptMessage(&SignPara, &EncryptPara, 
          cRecipientCert, rgpRecipientCert, 
          pbToBeSignedAndEncrypted, cbToBeSignedAndEncrypted, 
          NULL, &cbSignedAndEncryptedBlob);
if(fReturn != TRUE)
    ;// Function call failed.  Handle the error.

// If the call succeeded, the size of the signed and encrypted message,
// in bytes, now resides in cbSignedAndEncryptedBlob.

// Malloc memory for the size of the signed and encrypted message.
BYTE* pbSignedAndEncryptedBlob;

pbSignedAndEncryptedBlob = (BYTE*)malloc(cbSignedAndEncryptedBlob);
if(pbSignedAndEncryptedBlob == NULL)
    ;// Handle the memory allocation error.

// Call CryptSignAndEncryptMessage to return the signed and encrypted 
// message.
fReturn = CryptSignAndEncryptMessage(&SignPara, &EncryptPara, 
          cRecipientCert, rgpRecipientCert, 
          pbToBeSignedAndEncrypted, cbToBeSignedAndEncrypted, 
          pbSignedAndEncryptedBlob, &cbSignedAndEncryptedBlob);
if(fReturn != TRUE)
    ;// Function call failed.  Handle the error.

// If the function succeeded, the signed and encrypted message is now
// at the location pointed to by pbSignedAndEncryptedBlob.

// Process the message.
...

// Free memory.
free (pbSignedAndEncryptedBlob);

QuickInfo

  Windows NT: Requires version 4.0 SP3 or later. Available also in IE 3.02 and later.
  Windows: Requires Windows 98 (or Windows 95 with IE 3.02 or later).
  Windows CE: Unsupported.
  Header: Declared in wincrypt.h.
  Import Library: Use crypt32.lib.

See Also

CryptSignMessage