Edit

Share via

NCryptSignHash function (ncrypt.h)

  • Article

The NCryptSignHash function creates a signature of a hash value.

Syntax

SECURITY_STATUS NCryptSignHash(
  [in]           NCRYPT_KEY_HANDLE hKey,
  [in, optional] VOID              *pPaddingInfo,
  [in]           PBYTE             pbHashValue,
  [in]           DWORD             cbHashValue,
  [out]          PBYTE             pbSignature,
  [in]           DWORD             cbSignature,
  [out]          DWORD             *pcbResult,
  [in]           DWORD             dwFlags
);

Parameters

[in] hKey

The handle of the key to use to sign the hash.

[in, optional] pPaddingInfo

A pointer to a structure that contains padding information. The actual type of structure this parameter points to depends on the value of the dwFlags parameter. This parameter is only used with asymmetric keys and must be NULL otherwise.

[in] pbHashValue

A pointer to a buffer that contains the hash value to sign. The cbInput parameter contains the size of this buffer.

[in] cbHashValue

The number of bytes in the pbHashValue buffer to sign.

[out] pbSignature

The address of a buffer to receive the signature produced by this function. The cbSignature parameter contains the size of this buffer.

If this parameter is NULL, this function will calculate the size required for the signature and return the size in the location pointed to by the pcbResult parameter.

[in] cbSignature

The size, in bytes, of the pbSignature buffer. This parameter is ignored if the pbSignature parameter is NULL.

[out] pcbResult

A pointer to a DWORD variable that receives the number of bytes copied to the pbSignature buffer.

If pbSignature is NULL, this receives the size, in bytes, required for the signature.

[in] dwFlags

Flags that modify function behavior. The allowed set of flags depends on the type of key specified by the hKey parameter.

If the key is a symmetric key, this parameter is not used and should be set to zero.

If the key is an asymmetric key, this can be one of the following values.

Value Meaning
BCRYPT_PAD_PKCS1
 Use the PKCS1 padding scheme. The pPaddingInfo parameter is a pointer to a BCRYPT_PKCS1_PADDING_INFO structure.
BCRYPT_PAD_PSS
 Use the Probabilistic Signature Scheme (PSS) padding scheme. The pPaddingInfo parameter is a pointer to a BCRYPT_PSS_PADDING_INFO structure.
NCRYPT_SILENT_FLAG
 Requests that the key service provider (KSP) not display any user interface. If the provider must display the UI to operate, the call fails and the KSP should set the NTE_SILENT_CONTEXT error code as the last error.

Return value

Returns a status code that indicates the success or failure of the function.

Possible return codes include, but are not limited to, the following.

Return code Description
ERROR_SUCCESS
 The function was successful.
NTE_BAD_ALGID
 The key represented by the hKey parameter does not support signing.
NTE_BAD_FLAGS
 The dwFlags parameter contains a value that is not valid.
NTE_INVALID_HANDLE
 The hKey parameter is not valid.
NTE_INVALID_PARAMETER
 One or more parameters are not valid.
NTE_NO_MEMORY
 A memory allocation failure occurred.

Remarks

A service must not call this function from its StartService Function. If a service calls this function from its StartService function, a deadlock can occur, and the service may stop responding.

Requirements

Requirement Value
Minimum supported client Windows Vista [desktop apps | UWP apps]
Minimum supported server Windows Server 2008 [desktop apps | UWP apps]
Target Platform Windows
Header ncrypt.h
Library Ncrypt.lib
DLL Ncrypt.dll