CRYPT_VERIFY_MESSAGE_PARA

The CRYPT_VERIFY_MESSAGE_PARA structure is used to verify signed messages.

typedef struct _CRYPT_VERIFY_MESSAGE_PARA {
    DWORD                             cbSize;
    DWORD                             dwMsgAndCertEncodingType;
    HCRYPTPROV                        hCryptProv;
    PFN_CRYPT_GET_SIGNER_CERTIFICATE  pfnGetSignerCertificate;
    void*                             pvGetArg;
} CRYPT_VERIFY_MESSAGE_PARA,         *PCRYPT_VERIFY_MESSAGE_PARA;
 

Members

cbSize

This member must be set to the size of the data structure.

dwMsgAndCertEncodingType

Type of encoding used. Note that both a certificate and message encoding type is required to be specified by combining them with a bitwise OR operation, as shown in the following example:

X509_ASN_ENCODING | PKCS_7_ASN_ENCODING
 

Currently defined encoding types are shown in the following table.

Encoding type	Value
X509_ASN_ENCODING	0x00000001
PKCS_7_ASN_ENCODING	0x00010000

hCryptProv

Specifies a handle to the cryptographic service provider to be used to verify a signed message. The CSP identified by hCryptProv is used to do hashing and signature verification.

Unless there is a strong reason for passing in a specific cryptographic provider in hCryptProv, zero should be passed in. Passing in zero causes the default RSA or DSS provider to be acquired before doing hash, signature verification or recipient encryption operations.

pfnGetSignerCertificate

Pointer to the callback function used to get the signer's certificate context. If NULL, the default callback is used. The default callback tries to get the signer certificate context from the message's certificate store.

An application-defined callback function that gets the signer's certificate can be used in place of the default. It gets passed the certificate ID of the signer (its issuer and serial number) and a handle to its cryptographic signed message's certificate store.

pvGetArg

Argument to pass to the callback function. Typically, this gets and verifies the message signer's certificate.

pfnCryptGetSignerCertificateCallback

The following function is a prototype of an application defined callback:

PCCERT_CONTEXT WINAPI CryptGetSignerCertificateCallback (
    void*        pvGetArg                  // in
    DWORD        dwMsgAndCertEncodingType  // in
    PCERT_INFO   pSignerId                 // in
    HCERTSTORE   hMsgCertStore);           // in
 

If the message doesn't contain any content or signers, then the function is called with pSignerId == NULL.

For a found signer certificate, the function returns a pointer to a read-only CERT_CONTEXT. The returned CERT_CONTEXT is either obtained from a certificate store or was created via CertCreateCertificateContext. For either case, it is freed via CertFreeCertificateContext.

If a certificate for the signer wasn't found, NULL is returned.

Callback Function Parameters

pvGetArg

A pointer to user-defined data passed on to the verification function, as specified in the CRYPT_VERIFY_MESSAGE_PARA structure.

dwMsgAndCertEncodingType

The type of encoding used. Note that both a certificate and message encoding type were specified by combining them with a bitwise OR operation, as shown in the following example:

X509_ASN_ENCODING | PKCS_7_ASN_ENCODING
 

Currently defined encoding types are shown in the following table.

Encoding type	Value
X509_ASN_ENCODING	0x00000001
PKCS_7_ASN_ENCODING	0x00010000

pSignerId

Pointer to a CERT_INFO data structure that contains the issuer and serial number. It may be NULL if there is no content or signers.

hMsgCertStore

Handle to the certificate store containing all the certificates and CRLs in the signed message.

Return Values

A PCCERT_CONTEXT structure if this function succeeded. NULL if this function failed.

See Also

CERT_CONTEXT, CERT_INFO, CryptDecryptAndVerifyMessageSignature, CryptVerifyDetachedMessageSignature, CryptVerifyMessageSignature