Signing and Verifying Messages

  • Article

A version of this page is also available for

Windows Embedded CE 6.0 R3

4/8/2010

To sign data, a hash object must first be created using the CryptCreateHash function. This object accumulates the data to be signed. Next, the data is added to the hash object with the CryptHashData function.

After the last block of data is added to the hash, the CryptSignHash function is used to sign the hash. A description of the data can also be added to the hash object at this point. Once the digital signature data has been obtained, the hash object should be destroyed by using the CryptDestroyHash function.

Hashes can be signed with either the signature private key or the key exchange private key. The signature key should be used when the user who owns the signature key is signing some of his or her data. The key exchange key should be used when signing data that does not directly belong to the user. The classic example of this is when the exchange key is used to sign session keys during a key exchange protocol.

To verify a signature, applications must first create a hash object, using CryptCreateHash. This object accumulates the data to be verified. The data is then added to the hash object with CryptHashData.

After the last block of data is added to the hash, the CryptVerifySignature function is used to verify the signature. The signature data, a handle to the hash object, and the description string must all be supplied to CryptVerifySignature. A handle to the key pair that was used to sign the data must also be specified.

Once the signature has been verified, or has failed the verification, the hash object should be destroyed by using CryptDestroyHash.

To obtain the hash value, a hash object must first be created using CryptCreateHash. This object accumulates the data to be verified. The data is then added to the hash object with CryptHashData.

After the last block of data is added to the hash, the CryptGetHashParam function is used to obtain the hash value.

Once the hash value has been obtained, the hash object should be destroyed the CryptDestroyHash.

Because CryptoAPI handles the actual method of doing the signature, applications do not need to be aware of how the signature is applied.

See Also

Concepts

Microsoft Cryptographic System

Other Resources

Cryptography
Certificates