Edit

CryptMsgVerifyCountersignatureEncodedEx function (wincrypt.h)

  • Article

The CryptMsgVerifyCountersignatureEncodedEx function verifies that the pbSignerInfoCounterSignature parameter contains the encrypted hash of the encryptedDigest field of the pbSignerInfo parameter structure. The signer can be a CERT_PUBLIC_KEY_INFO structure, a certificate context, or a chain context.

Syntax

BOOL CryptMsgVerifyCountersignatureEncodedEx(
  [in, optional] HCRYPTPROV_LEGACY hCryptProv,
  [in]           DWORD             dwEncodingType,
  [in]           PBYTE             pbSignerInfo,
  [in]           DWORD             cbSignerInfo,
  [in]           PBYTE             pbSignerInfoCountersignature,
  [in]           DWORD             cbSignerInfoCountersignature,
  [in]           DWORD             dwSignerType,
  [in]           void              *pvSigner,
                 DWORD             dwFlags,
                 void              *pvExtra
);

Parameters

[in, optional] hCryptProv

This parameter is not used and should be set to NULL.

Windows Server 2003 and Windows XP:  NULL or the handle of the cryptographic provider to use to hash the encryptedDigest field of pbSignerInfo.This parameter's data type is HCRYPTPROV.

Unless there is a strong reason for passing in a specific cryptographic provider in hCryptProv, pass NULL to cause the default RSA or DSS provider to be used.

[in] dwEncodingType

The encoding type used. Currently, only X509_ASN_ENCODING and PKCS_7_ASN_ENCODING are being used; however, additional encoding types may be added in the future. For either current encoding type, use:

X509_ASN_ENCODING | PKCS_7_ASN_ENCODING.

[in] pbSignerInfo

A pointer to the encoded BLOB that contains the signer of the contents of a message to be countersigned.

[in] cbSignerInfo

The count, in bytes, of the encoded BLOB for the signer of the contents.

[in] pbSignerInfoCountersignature

A pointer to the encoded BLOB containing the countersigner information.

[in] cbSignerInfoCountersignature

The count, in bytes, of the encoded BLOB for the countersigner of the message.

[in] dwSignerType

The structure that contains the signer information. The following table shows the predefined values and the structures indicated.

Value Meaning
CMSG_VERIFY_SIGNER_PUBKEY
 pvSigner is a pointer to a CERT_PUBLIC_KEY_INFO structure.
CMSG_VERIFY_SIGNER_CERT
 pvSigner is a pointer to a CERT_CONTEXT structure.
CMSG_VERIFY_SIGNER_CHAIN
 pvSigner is a pointer to a CERT_CHAIN_CONTEXT structure.

[in] pvSigner

A pointer to a CERT_PUBLIC_KEY_INFO structure, a certificate context, or a chain context depending on the value of dwSignerType.

dwFlags

Flags that modify the function behavior. This can be zero or the following value.

Value Meaning
CMSG_VERIFY_COUNTER_SIGN_ENABLE_STRONG_FLAG
0x00000001
 Performs a strong signature check after successful signature verification. Set the pvExtra parameter to point to a CERT_STRONG_SIGN_PARA structure that contains the parameters needed to check the signature strength..

Windows 8 and Windows Server 2012:  Support for this flag begins.

pvExtra

If you set the dwFlags parameter to CMSG_VERIFY_COUNTER_SIGN_ENABLE_STRONG_FLAG, set this parameter (pvExtra) to point to a CERT_STRONG_SIGN_PARA structure that contains the parameters used to check the signature strength.

Return value

If the function succeeds, the return value is nonzero (TRUE).

If the function fails, the return value is zero (FALSE). For extended error information, call GetLastError.

The following error codes are most commonly returned by the GetLastError function.

Return code Description
CRYPT_E_AUTH_ATTR_MISSING
 The message does not contain an expected authenticated attribute.
CRYPT_E_HASH_VALUE
 The hash value is not correct.
CRYPT_E_UNEXPECTED_ENCODING
 The message is not encoded as expected.
CRYPT_E_UNKNOWN_ALGO
 The cryptographic algorithm is unknown.
E_INVALIDARG
 One or more arguments are not valid.
E_OUTOFMEMORY
 Ran out of memory.
 

Propagated errors from the following functions might be returned.

If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information about these errors, see ASN.1 Encoding/Decoding Return Values.

Remarks

Countersigner verification is done using the PKCS #7 SIGNERINFO structure. The signature must contain the encrypted hash of the encryptedDigest field of pbSignerInfo.

The issuer and serial number of the countersigner must match the countersigner information from pbSignerInfoCountersignature. The only fields referenced from pciCountersigner are SerialNumber, Issuer, and SubjectPublicKeyInfo. The SubjectPublicKeyInfo is used to access the public key that is then used to encrypt the hash from the pciCountersigner so compare it with the hash from the pbSignerInfo.

Examples

For an example that uses this function, see Example C Program: Encoding and Decoding a CounterSigned Message.

Requirements

Requirement Value
Minimum supported client Windows XP [desktop apps | UWP apps]
Minimum supported server Windows Server 2003 [desktop apps | UWP apps]
Target Platform Windows
Header wincrypt.h
Library Crypt32.lib
DLL Crypt32.dll

See also

CryptMsgCountersign

CryptMsgCountersignEncoded

Low-level Message Functions

Simplified Message Functions