CryptVerifyCertificateSignature function

The CryptVerifyCertificateSignature function verifies the signature of a certificate, certificate revocation list (CRL), or certificate request by using the public key in a CERT_PUBLIC_KEY_INFO structure. The function does not require access to a private key.

Syntax

BOOL CryptVerifyCertificateSignature(
  HCRYPTPROV_LEGACY     hCryptProv,
  DWORD                 dwCertEncodingType,
  const BYTE            *pbEncoded,
  DWORD                 cbEncoded,
  PCERT_PUBLIC_KEY_INFO pPublicKey
);

Parameters

hCryptProv

This parameter is not used and should be set to NULL.

Windows Server 2003 and Windows XP:  A handle to the cryptographic service provider (CSP) used to verify the signature.This parameter's data type is HCRYPTPROV.

NULL is passed unless there is a strong reason for passing in a specific cryptographic provider. Passing in NULL causes the default RSA or DSS provider to be acquired.

dwCertEncodingType

The certificate encoding type that was used to encrypt the subject. The message encoding type identifier, contained in the high WORD of this value, is ignored by this function.

This parameter can be the following currently defined certificate encoding type.

Value Meaning
X509_ASN_ENCODING
1 (0x1)
Specifies X.509 certificate encoding.

pbEncoded

A pointer to an encoded BLOB of CERT_SIGNED_CONTENT_INFO content on which the signature is to be verified.

cbEncoded

The size, in bytes, of the encoded content in pbEncoded.

pPublicKey

A pointer to a CERT_PUBLIC_KEY_INFO structure that contains the public key to use when verifying the signature.

Return Value

Returns nonzero if successful or zero otherwise.

For extended error information, call GetLastError.

Note  Errors from the called functions CryptCreateHash, CryptImportKey, CryptVerifySignature, and CryptHashData may be propagated to this function.
 
On failure, this function will cause the following error codes to be returned from GetLastError.
Return code Description
ERROR_FILE_NOT_FOUND
Invalid certificate encoding type. Currently only X509_ASN_ENCODING is supported.
NTE_BAD_ALGID
The signature algorithm's object identifier (OID) does not map to a known or supported hash algorithm.
NTE_BAD_SIGNATURE
The signature was not valid.
 

If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information about these errors, see ASN.1 Encoding/Decoding Return Values.

Remarks

This function currently calls the CryptVerifyCertificateSignatureEx function to perform the verification.

Requirements

   
Minimum supported client Windows XP [desktop apps only]
Minimum supported server Windows Server 2003 [desktop apps only]
Target Platform Windows
Header wincrypt.h
Library Crypt32.lib
DLL Crypt32.dll

See Also

CryptVerifyCertificateSignatureEx