Creating a Signed Message

In this section, the generic steps to signing data are reviewed. The following illustration depicts the individual tasks that must be accomplished, as shown in the list that follows it.

    To create a signed message

1. Create the data (if necessary) and get a pointer to it.
2. Open a certificate store that contains the signer's certificate.
3. Get the private key from the certificate. There are two properties that must be set on the certificate before using it—one is used to tie a certificate to a particular CSP, and within that CSP, to a particular private key, and the other is used to indicate which hashing algorithm is to be used when a digest operation is called for. These need only be set once.
4. From the certificate property, determine the hash algorithm.
5. Send the data through the hashing function by using the hashing algorithm, thus creating a hash (digest) of the data.
6. Using the private key obtained through the property on the certificate, encrypt the digest, creating the signature.
7. Include the following in the signed message:
   • The signed data
   • The hash algorithm
   • The signature
   • The signer ID (certificate issuer and serial number)
   • The signer's certificate (optional)