Rfc3161TimestampToken.VerifySignatureForSignerInfo Method
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Verifies that the current token is a valid time-stamp token for the provided SignerInfo.
public bool VerifySignatureForSignerInfo (System.Security.Cryptography.Pkcs.SignerInfo signerInfo, out System.Security.Cryptography.X509Certificates.X509Certificate2? signerCertificate, System.Security.Cryptography.X509Certificates.X509Certificate2Collection? extraCandidates = default);public bool VerifySignatureForSignerInfo (System.Security.Cryptography.Pkcs.SignerInfo signerInfo, out System.Security.Cryptography.X509Certificates.X509Certificate2 signerCertificate, System.Security.Cryptography.X509Certificates.X509Certificate2Collection extraCandidates = default);member this.VerifySignatureForSignerInfo : System.Security.Cryptography.Pkcs.SignerInfo * X509Certificate2 * System.Security.Cryptography.X509Certificates.X509Certificate2Collection -> boolPublic Function VerifySignatureForSignerInfo (signerInfo As SignerInfo, ByRef signerCertificate As X509Certificate2, Optional extraCandidates As X509Certificate2Collection = Nothing) As BooleanParameters
- signerInfo
- SignerInfo
The CMS signer information to verify the timestamp was built for.
- signerCertificate
- X509Certificate2
When this method returns, the certificate from the Timestamp Authority (TSA) that signed this token, or null if a signer certificate cannot be determined. This parameter is treated as uninitialized.
- extraCandidates
- X509Certificate2Collection
An optional collection of certificates to consider as the Timestamp Authority (TSA) certificates, in addition to any certificates that may be included within the token.
Returns
true if the Timestamp Authority (TSA) certificate was found, the certificate public key validates the token signature, and the token matches the signature for signerInfo; otherwise, false.
Exceptions
signerInfo is null.
Remarks
This method verifies that the time-stamp token is valid for a Cryptographic Message Syntax (CMS) SignerInfo, according to IETF RFC 3161 Appendix A (Signature Time-stamp attribute using CMS).
This method requires that the TSA certificate has the required extended key usage value (1.3.6.1.5.5.7.3.8), matches the token's embedded ESSCertID or ESSCertID2 identifier, has a validity range that encompasses the token's timestamp value, and has a public key that successfully validates the token's signature.
After determining the appropriate TSA certificate, this method determines if the signature value from the provided signerInfo matches the digest and algorithm identifier from the token.
If the signerInfo signature matches the token's digest and algorithm identifier, the certificate is reported via the signerCertificate and the method returns true.
If the signerInfo signature does not match, or the TSA certificate could not be determined, the method reports signerCertificate as null and returns false.
This method does not take the UnsignedAttributes of the signerInfo under consideration,
nor does it determine if the signerInfo signature is appropriate for the data that signature purports to have signed.
