Rfc3161TimestampToken.VerifySignatureForHash Method
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Overloads
VerifySignatureForHash(ReadOnlySpan<Byte>, HashAlgorithmName, X509Certificate2, X509Certificate2Collection) |
Verifies that the current token is a valid time-stamp token for the provided data hash and algorithm identifier. |
VerifySignatureForHash(ReadOnlySpan<Byte>, Oid, X509Certificate2, X509Certificate2Collection) |
Verifies that the current token is a valid time-stamp token for the provided data hash and algorithm identifier. |
VerifySignatureForHash(ReadOnlySpan<Byte>, HashAlgorithmName, X509Certificate2, X509Certificate2Collection)
- Source:
- Rfc3161TimestampToken.cs
- Source:
- Rfc3161TimestampToken.cs
Verifies that the current token is a valid time-stamp token for the provided data hash and algorithm identifier.
public bool VerifySignatureForHash (ReadOnlySpan<byte> hash, System.Security.Cryptography.HashAlgorithmName hashAlgorithm, out System.Security.Cryptography.X509Certificates.X509Certificate2? signerCertificate, System.Security.Cryptography.X509Certificates.X509Certificate2Collection? extraCandidates = default);
public bool VerifySignatureForHash (ReadOnlySpan<byte> hash, System.Security.Cryptography.HashAlgorithmName hashAlgorithm, out System.Security.Cryptography.X509Certificates.X509Certificate2 signerCertificate, System.Security.Cryptography.X509Certificates.X509Certificate2Collection extraCandidates = default);
member this.VerifySignatureForHash : ReadOnlySpan<byte> * System.Security.Cryptography.HashAlgorithmName * X509Certificate2 * System.Security.Cryptography.X509Certificates.X509Certificate2Collection -> bool
Public Function VerifySignatureForHash (hash As ReadOnlySpan(Of Byte), hashAlgorithm As HashAlgorithmName, ByRef signerCertificate As X509Certificate2, Optional extraCandidates As X509Certificate2Collection = Nothing) As Boolean
Parameters
- hash
- ReadOnlySpan<Byte>
The cryptographic hash to verify against this time-stamp token.
- hashAlgorithm
- HashAlgorithmName
The algorithm which produced hash
.
- signerCertificate
- X509Certificate2
When this method returns, the certificate from the Timestamp Authority (TSA) which signed this token, or null
if a signer certificate cannot be determined. This parameter is treated as uninitialized.
- extraCandidates
- X509Certificate2Collection
An optional collection of certificates to consider as the Timestamp Authority (TSA) certificates, in addition to any certificates that may be included within the token.
Returns
true
if the Timestamp Authority (TSA) certificate was found, the certificate public key validates the token signature, and the token matches the hash for the provided data hash and algorithm; otherwise, false
.
Remarks
This method requires that the Timestamp Authority (TSA) certificate has the required extended key usage value (1.3.6.1.5.5.7.3.8), matches the token's embedded ESSCertID or ESSCertID2 identifier, has a validity range that encompasses the token's timestamp value, and has a public key that successfully validates the token's signature.
After determining the appropriate TSA certificate, this method compares the provided digest and algorithm identifier with the appropriate values from the token.
If both the digest and the algorithm match the token's values, the certificate is reported via the signerCertificate
and the method returns true
.
If the digest does not match, the algorithm does not match, or the TSA certificate could not be determined, the method reports signerCertificate
as null
and returns false
.
See also
- VerifySignatureForData(ReadOnlySpan<Byte>, X509Certificate2, X509Certificate2Collection)
- VerifySignatureForHash(ReadOnlySpan<Byte>, Oid, X509Certificate2, X509Certificate2Collection)
Applies to
VerifySignatureForHash(ReadOnlySpan<Byte>, Oid, X509Certificate2, X509Certificate2Collection)
- Source:
- Rfc3161TimestampToken.cs
- Source:
- Rfc3161TimestampToken.cs
Verifies that the current token is a valid time-stamp token for the provided data hash and algorithm identifier.
public bool VerifySignatureForHash (ReadOnlySpan<byte> hash, System.Security.Cryptography.Oid hashAlgorithmId, out System.Security.Cryptography.X509Certificates.X509Certificate2? signerCertificate, System.Security.Cryptography.X509Certificates.X509Certificate2Collection? extraCandidates = default);
public bool VerifySignatureForHash (ReadOnlySpan<byte> hash, System.Security.Cryptography.Oid hashAlgorithmId, out System.Security.Cryptography.X509Certificates.X509Certificate2 signerCertificate, System.Security.Cryptography.X509Certificates.X509Certificate2Collection extraCandidates = default);
member this.VerifySignatureForHash : ReadOnlySpan<byte> * System.Security.Cryptography.Oid * X509Certificate2 * System.Security.Cryptography.X509Certificates.X509Certificate2Collection -> bool
Public Function VerifySignatureForHash (hash As ReadOnlySpan(Of Byte), hashAlgorithmId As Oid, ByRef signerCertificate As X509Certificate2, Optional extraCandidates As X509Certificate2Collection = Nothing) As Boolean
Parameters
- hash
- ReadOnlySpan<Byte>
The cryptographic hash to verify against this time-stamp token.
- hashAlgorithmId
- Oid
The OID of the hash algorithm.
- signerCertificate
- X509Certificate2
When this method returns, the certificate from the Timestamp Authority (TSA) which signed this token, or null
if a signer certificate cannot be determined. This parameter is treated as uninitialized.
- extraCandidates
- X509Certificate2Collection
An optional collection of certificates to consider as the Timestamp Authority (TSA) certificates, in addition to any certificates that may be included within the token.
Returns
true
if the Timestamp Authority (TSA) certificate was found, the certificate public key validates the token signature, and the token matches the hash for the provided data hash and algorithm; otherwise, false
.
Remarks
This method requires that the TSA certificate has the required extended key usage value (1.3.6.1.5.5.7.3.8), matches the token's embedded ESSCertID or ESSCertID2 identifier, has a validity range that encompasses the token's timestamp value, and has a public key that successfully validates the token's signature.
After determining the appropriate TSA certificate, this method compares the provided digest and algorithm identifier with the appropriate values from the token.
If both the digest and the algorithm match the token's values, the certificate is reported via the signerCertificate
and the method returns true
.
If the digest does not match, the algorithm does not match, or the TSA certificate could not be determined, the method reports signerCertificate
as null
and returns false
.
See also
- VerifySignatureForData(ReadOnlySpan<Byte>, X509Certificate2, X509Certificate2Collection)
- VerifySignatureForHash(ReadOnlySpan<Byte>, HashAlgorithmName, X509Certificate2, X509Certificate2Collection)