Using the CryptSignMessage Function and Associated Structures

A single function, CryptSignMessage, is provided to accomplish all of the tasks listed in the previous section. However, initialization of structures and other data is necessary first. The following illustration shows the relationship between those function parameters that point to structures or arrays and their initialized data. The illustration shows only the function parameters and structure members that are derived from other structures or functions. The rest of the parameters are straightforward initializations.

    To sign data by using CryptSignMessage
  1. Get a pointer to the data that is to be signed.
  2. Assign the pointer to the data to index zero of a "data to be signed" array.
  3. Get a handle to the cryptographic provider.
  4. Open a certificate store that contains the signer's certificate.
  5. Get an address to the signer's certificate.
  6. Assign the address of the certificate to index zero of the MsgCert array.
  7. Assign the addresses of any other certificates to be included with the message to the MsgCert array.
  8. Initialize the CRYPT_ALGORITHM_IDENTIFIER structure, initializing the pszObjId member to the desired hash algorithm, and the other members as appropriate.
  9. Initialize the CRYPT_SIGN_MESSAGE_PARA structure, initializing the pSigningCert member to the address of the signer's certificate and the MsgCert array member to the address of the signer's and other's certificates, the HashAlgorithm member to the address of the CRYPT_ALGORITHM_IDENTIFIER structure, and the other members as appropriate.
  10. Call the CryptSignMessage function, passing the CRYPT_SIGN_MESSAGE_PARA structure for the pSignPara parameter, the address of the "data to be signed" array for the rgpbToBeSigned parameter, an address for the pbSignedBlob output parameter, and values for the other parameters as appropriate.