Rfc3161TimestampToken.VerifySignatureForData Method

Definition

Namespace:

System.Security.Cryptography.Pkcs

Assembly:

System.Security.Cryptography.Pkcs.dll

Package:

System.Security.Cryptography.Pkcs v9.0.0-preview.3.24172.9

Source:

Rfc3161TimestampToken.cs

Verifies that the current token is a valid time-stamp token for the provided data.

public bool VerifySignatureForData (ReadOnlySpan<byte> data, out System.Security.Cryptography.X509Certificates.X509Certificate2? signerCertificate, System.Security.Cryptography.X509Certificates.X509Certificate2Collection? extraCandidates = default);

member this.VerifySignatureForData : ReadOnlySpan<byte> * X509Certificate2 * System.Security.Cryptography.X509Certificates.X509Certificate2Collection -> bool

Public Function VerifySignatureForData (data As ReadOnlySpan(Of Byte), ByRef signerCertificate As X509Certificate2, Optional extraCandidates As X509Certificate2Collection = Nothing) As Boolean

Parameters

data

ReadOnlySpan<Byte>

The data to verify against this time-stamp token.

signerCertificate

X509Certificate2

When this method returns, the certificate from the Timestamp Authority (TSA) which signed this token, or null if a signer certificate cannot be determined. This parameter is treated as uninitialized.

extraCandidates

X509Certificate2Collection

An optional collection of certificates to consider as the Timestamp Authority (TSA) certificates, in addition to any certificates that may be included within the token.

Returns

Boolean

true if the Timestamp Authority (TSA) certificate was found, the certificate public key validates the token signature, and the token matches the hash for the provided data; otherwise, false.

Remarks

This method requires that the Timestamp Authority (TSA) certificate has the required extended key usage value (1.3.6.1.5.5.7.3.8), matches the token's embedded ESSCertID or ESSCertID2 identifier, has a validity range that encompasses the token's timestamp value, and has a public key that successfully validates the token's signature.

After determining the appropriate TSA certificate, this method computes the digest of data using the algorithm identifier embedded within the token. If that digest matches the token's embedded digest, the certificate is reported via the signerCertificate and the method returns true.

If the digest does not match, or the TSA certificate could not be determined, the method reports signerCertificate as null and returns false.

See also

• VerifySignatureForHash(ReadOnlySpan<Byte>, HashAlgorithmName, X509Certificate2, X509Certificate2Collection)
• VerifySignatureForHash(ReadOnlySpan<Byte>, Oid, X509Certificate2, X509Certificate2Collection)