Important:
This is retired content. This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.
A version of this page is also available for
4/8/2010

This function verifies the signature of a hash object.

Before calling this function, the CryptCreateHashfunction must be called to get a handle to a hash object. The CryptHashDatafunction or CryptHashSessionKeyfunction is then used to add the data or session keys to the hash object.

After the call to the CryptVerifySignaturefunction has been completed, only the CryptDestroyHashfunction can be called using the hHashhandle.

Syntax

BOOL WINAPI CryptVerifySignature( 
  HCRYPTHASH 
hHash,
  BYTE* 
pbSignature, 
  DWORD 
dwSigLen, 
  HCRYPTKEY 
hPubKey,
  LPCTSTR 
sDescription, 
  DWORD 
dwFlags
);

Parameters

hHash

[in] Handle to the hash object to verify.

pbSignature

[in] Pointer to the signature data to be verified.

dwSigLen

[in] Specifies the number of bytes in the pbSignaturesignature data.

hPubKey

[in] HCRYPTKEYhandle to the public key to use to authenticate the signature. This public key must belong to the key pair that was originally used to create the digital signature.

sDescription

[in] No longer used and must be set to NULL to prevent security vulnerabilities. However, it is still supported for backward compatibility in the Microsoft Base Cryptographic Provider.

dwFlags

[in] Reserved for future used and must be set to zero.

Return Value

TRUE indicates success. FALSE indicates failure. To get extended error information, call the GetLastErrorfunction.

The following table shows the common values for the GetLastErrorfunction. The error values prefaced by NTE are generated by the particular cryptographic service provider (CSP) you are using.

Value Description

ERROR_INVALID_HANDLE

One of the parameters specifies an invalid handle.

ERROR_INVALID_PARAMETER

One of the parameters contains an invalid value. This is most often an illegal pointer.

NTE_BAD_FLAGS

The dwFlagsparameter is nonzero.

NTE_BAD_HASH

The hash object specified by the hHashparameter is invalid.

NTE_BAD_KEY

The hPubKeyparameter does not contain a handle to a valid public key.

NTE_BAD_SIGNATURE

The signature was not verified. This could be because the data itself has changed, the Meaning string did not match, or the wrong public key was specified by hPubKey.

This error can also be returned if the hashing or signature algorithms do not match the ones used to create the signature.

NTE_BAD_UID

The CSP context that was specified when the hash object was created cannot be found.

NTE_NO_MEMORY

The CSP ran out of memory during the operation.

Remarks

Windows Embedded CE does not support the ANSI version of this function.

Example Code

Copy Code
#include <wincrypt.h>
HCRYPTPROV hProv = 0;
#define BUFFER_SIZE 256
BYTE pbBuffer[BUFFER_SIZE];
HCRYPTHASH hHash = 0;
HCRYPTKEY hPubKey = 0;
BYTE *pbSignature = NULL;
DWORD dwSigLen;
LPTSTR szDescription = NULL;
// Get a handle to the default provider using CryptAcquireContext.
// For sample code, see <A
HREF="wce50lrfcryptacquirecontext.htm">CryptAcquireContext</A>.
...
...
// Load 'pbBuffer' with 'BUFFER_SIZE' bytes of test data. This must
// be the same data that was originally signed.
...
// Point 'pbSignature' at the signature created by a previous call
// to CryptSignHash. Set 'dwSigLen' to the number of bytes in the
// signature.
...
// Point 'szDescription' at the text describing the data being 
// signed. This must be the same description text that was
originally
// passed to CryptSignHash.
...
// Get the public key of the user who created the digital signature

// and import it into the CSP by using CryptImportKey. This will
return
// a handle to the public key in 'hPubKey'.
...
// Create a hash object.
if(!CryptCreateHash(hProv, CALG_MD5, 0, 0, &hHash)) {
 printf("Error %x during CryptCreateHash!\n", GetLastError());
 goto done;
}
// Compute the cryptographic hash of the buffer.
if(!CryptHashData(hHash, pbBuffer, BUFFER_SIZE, 0)) {
 printf("Error %x during CryptHashData!\n", GetLastError());
 goto done;
}
// Validate the digital signature.
if(!CryptVerifySignature(hHash, pbSignature, dwSigLen, hPubKey, 
 szDescription, 0)) {
 if(GetLastError() == NTE_BAD_SIGNATURE) {
 printf("Signature not validated!\n");
 } else {
 printf("Error %x during CryptVerifySignature!\n", 
 GetLastError());
 }
} else {
 printf("Signature validated\n");
}
done:
...
// Free the public key.
if(hPubKey != 0) CryptDestroyKey(hPubKey);
// Destroy the hash object.
if(hHash != 0) CryptDestroyHash(hHash);
// Free the provider handle.
if(hProv != 0) CryptReleaseContext(hProv, 0);

Requirements

Header wincrypt.h
Library coredll.lib
Windows Embedded CE Windows CE 2.10 and later
Windows Mobile Windows Mobile Version 5.0 and later

See Also