CryptVerifyCertificateSignature function (wincrypt.h)

The CryptVerifyCertificateSignature function verifies the signature of a certificate, certificate revocation list (CRL), or certificate request by using the public key in a CERT_PUBLIC_KEY_INFO structure. The function does not require access to a private key.


BOOL CryptVerifyCertificateSignature(
  [in] HCRYPTPROV_LEGACY     hCryptProv,
  [in] DWORD                 dwCertEncodingType,
  [in] const BYTE            *pbEncoded,
  [in] DWORD                 cbEncoded,


[in] hCryptProv

This parameter is not used and should be set to NULL.

Windows Server 2003 and Windows XP:  A handle to the cryptographic service provider (CSP) used to verify the signature.This parameter's data type is HCRYPTPROV.

NULL is passed unless there is a strong reason for passing in a specific cryptographic provider. Passing in NULL causes the default RSA or DSS provider to be acquired.

[in] dwCertEncodingType

The certificate encoding type that was used to encrypt the subject. The message encoding type identifier, contained in the high WORD of this value, is ignored by this function.

This parameter can be the following currently defined certificate encoding type.

Value Meaning
1 (0x1)
Specifies X.509 certificate encoding.

[in] pbEncoded

A pointer to an encoded BLOB of CERT_SIGNED_CONTENT_INFO content on which the signature is to be verified.

[in] cbEncoded

The size, in bytes, of the encoded content in pbEncoded.

[in] pPublicKey

A pointer to a CERT_PUBLIC_KEY_INFO structure that contains the public key to use when verifying the signature.

Return value

Returns nonzero if successful or zero otherwise.

For extended error information, call GetLastError.

Note  Errors from the called functions CryptCreateHash, CryptImportKey, CryptVerifySignature, and CryptHashData may be propagated to this function.
On failure, this function will cause the following error codes to be returned from GetLastError.
Return code Description
Invalid certificate encoding type. Currently only X509_ASN_ENCODING is supported.
The signature algorithm's object identifier (OID) does not map to a known or supported hash algorithm.
The signature was not valid.

If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information about these errors, see ASN.1 Encoding/Decoding Return Values.


This function currently calls the CryptVerifyCertificateSignatureEx function to perform the verification.


Requirement Value
Minimum supported client Windows XP [desktop apps only]
Minimum supported server Windows Server 2003 [desktop apps only]
Target Platform Windows
Header wincrypt.h
Library Crypt32.lib
DLL Crypt32.dll

See also