Platform SDK: Cryptography |
The CPSignHash function signs a hash object.
BOOL CPSignHash( HCRYPTPROV hProv, // in HCRYPTHASH hHash, // in DWORD dwKeySpec, // in LPCWSTR sDescription, // in DWORD dwFlags, // in BYTE *pbSignature, // out DWORD *pdwSigLen // in, out );
Value | Meaning |
---|---|
AT_KEYEXCHANGE | The key exchange public/private key pair is to be used. |
AT_SIGNATURE | The digital signature public/private key pair is to be used. |
The use of this parameter is not recommended because of security vulnerabilities. It is recommended that it always be interpreted as set to NULL. Some CSPs might prefer to keep supporting it for backward compatibility with the Microsoft Cryptographic Service Providers.
The Microsoft cryptographic providers support this flag in Windows 2000. This support is not included with Windows 98 or Internet Explorer 5.0 or later.
It is not an error if this parameter is NULL. If pbData is NULL, no parameter data is copied. Instead, the required buffer size (in bytes) is returned in pdwSigLen and a second call to the function with the correct number of bytes allocated for the pbData buffer is expected. For a detailed discussion and examples, see Retrieving Data of Unknown Length.
If memory allocated for the pbSignature buffer is not large enough to hold the signature, the ERROR_MORE_DATA error code is returned by the SetLastError function. The required buffer size is returned in pdwDataLen.
If this function fails with any error code other than ERROR_MORE_DATA, zero is returned in this parameter.
If the function succeeds, the return value is TRUE.
If the function fails, the return value is FALSE, and the appropriate error code from the following table must be set using SetLastError.
Error | Description |
---|---|
ERROR_MORE_DATA | The pbData buffer is not large enough to hold the requested data. |
NTE_BAD_ALGID | The hHash handle specifies a hash algorithm that this function does not support. |
NTE_BAD_FLAGS | The dwFlags parameter is non-zero. |
NTE_BAD_HASH | The hash object specified by the hHash parameter is invalid. |
NTE_BAD_UID | The CSP context that was specified when the hash object was created cannot now be found. |
NTE_NO_KEY | The private key specified by dwKeySpec does not exist. |
NTE_NO_MEMORY | The CSP ran out of memory during the operation. |
Depending on the key pair to be used, many CSPs ask the user directly before performing the signature operation. When this is the case, the sDescription string, if supported, is displayed to the user so that he or she knows what is being signed.
CPSignHash typically performs the following steps internally:
The CPSignHash function completes the hash. After calling CPSignHash, no more data can be added to the hash. Additional calls to CPHashData or CPHashSessionKey fail. However, additional calls to CPDeriveKey, CPGetHashParam, CPSignHash, and CPVerifySignature succeed and use the finished hash object.
Windows NT/2000: Requires Windows NT 4.0 or later.
Windows 95/98: Requires Windows 95 OSR2 or later (or Windows 95 with Internet Explorer 3.02 or later).
Header: Declared in Wincrypt.h.