SignerSignEx function

The SignerSignEx function signs the specified file and returns a pointer to the signed data.


This function has no associated header file or import library. To call this function, you must create a user-defined header file and use the LoadLibrary and GetProcAddress functions to dynamically link to Mssign32.dll.



  _In_     DWORD                 dwFlags,
  _In_     SIGNER_SUBJECT_INFO   *pSubjectInfo,
  _In_     SIGNER_CERT           *pSignerCert,
  _In_     SIGNER_SIGNATURE_INFO *pSignatureInfo,
  _In_opt_ SIGNER_PROVIDER_INFO  *pProviderInfo,
  _In_opt_ LPCWSTR               pwszHttpTimeStamp,
  _In_opt_ PCRYPT_ATTRIBUTES     psRequest,
  _In_opt_ LPVOID                pSipData,
  _Out_    SIGNER_CONTEXT        **ppSignerContext


dwFlags [in]

Modifies the behavior of this function.

If the file to be signed is a portable executable (PE) file, this can be zero or a combination of one or more of the following values. These identifiers are defined in Mssip.h.

Value Meaning
Exclude page hashes when creating SIP indirect data for the PE file. This flag takes precedence over the SPC_INC_PE_PAGE_HASHES_FLAG flag.
If neither the SPC_EXC_PE_PAGE_HASHES_FLAG or the SPC_INC_PE_PAGE_HASHES_FLAG flag is specified, the value set with the WintrustSetDefaultIncludePEPageHashes function is used for this setting. The default for this setting is to exclude page hashes when creating SIP indirect data for PE files.
Windows Server 2003 and Windows XP: This value is not supported.
This value is not supported.
This value is not supported.
This value is not supported.
Include page hashes when creating SIP indirect data for the PE file.
Windows Server 2003 and Windows XP: This value is not supported.


pSubjectInfo [in]

A pointer to a SIGNER_SUBJECT_INFO structure that specifies the subject to sign.

pSignerCert [in]

A pointer to a SIGNER_CERT structure that specifies the certificate to use to create the digital signature.

pSignatureInfo [in]

A pointer to a SIGNER_SIGNATURE_INFO structure that contains information about the digital signature.

pProviderInfo [in, optional]

A pointer to a SIGNER_PROVIDER_INFO structure that specifies the cryptographic service provider (CSP) and private key information used to create the digital signature.

If the value of this parameter is NULL, the value of the pSignerCert parameter must specify a certificate that is associated with a CSP.

pwszHttpTimeStamp [in, optional]

The URL of a time stamp server.

psRequest [in, optional]

A pointer to an array of CRYPT_ATTRIBUTE structures that are added to a sign request. This parameter is ignored if the pwszHttpTimeStamp parameter does not contain a valid value that is not NULL.

pSipData [in, optional]

A 32-bit value that is passed as additional data to SIP functions. The format and content of this is defined by the SIP provider.

ppSignerContext [out]

The address of a pointer to the SIGNER_CONTEXT structure that contains the signed BLOB. When you have finished using the SIGNER_CONTEXT structure, free the SIGNER_CONTEXT structure by calling the SignerFreeSignerContext function.

Return value

If the function succeeds, the function returns S_OK.

If the function fails, it returns an HRESULT value that indicates the error. For a list of common error codes, see Common HRESULT Values.


Requirement Value
Minimum supported client
Windows XP [desktop apps only]
Minimum supported server
Windows Server 2003 [desktop apps only]

See also