IX509CertificateRequestCmc2::CheckSignature method (certenroll.h)

The CheckSignature method verifies that the certificate request has been signed and that the signature is valid.

Syntax

HRESULT CheckSignature(
  Pkcs10AllowedSignatureTypes AllowedSignatureTypes
);

Parameters

AllowedSignatureTypes

A value from the Pkcs10AllowedSignatureTypes enumeration. This can be a bitwise combination of the following values.

Value Meaning
AllowedKeySignature
Signatures generated by using asymmetric keys are permitted. If this flag is set, the signature is verified against the public key in the inner PKCS #10 request. This is the default flag.
AllowedNullSignature
Null-signed signatures are permitted.

Return value

If the function succeeds, the function returns S_OK.

If the function fails, it returns an HRESULT value that indicates the error. Possible values include, but are not limited to, those in the following table. For a list of common error codes, see Common HRESULT Values.

Return code Description
CRYPT_E_NO_SIGNER
The certificate request has not been signed.
ERROR_INVALID_STATE
The signature type is not specified by the AllowedSignatureTypes parameter.
NTE_BAD_SIGNATURE
The value specified by the AllowedSignatureTypes parameter is not a member of the Pkcs10AllowedSignatureTypes enumeration type.

Remarks

This method uses the public key to decrypt the signature and compares the signature to a hash of the certificate request.

Requirements

   
Minimum supported client Windows 7 [desktop apps only]
Minimum supported server Windows Server 2008 R2 [desktop apps only]
Target Platform Windows
Header certenroll.h

See also

IX509CertificateRequestCmc2