[prev in list] [next in list] [prev in thread] [next in thread]
List: ms-cryptoapi
Subject: Re: CryptSignMessage and CryptVerifyMessageSignature
From: John Boyer <jboyer () MAILHOST ! UWI ! COM>
Date: 1998-04-17 16:11:02
[Download RAW message or body]
Use CryptVerifyDetachedMessageSignature() if you called CryptSignMessage()
with fDetachedSignature TRUE.
Detached is useful if your document format already allows for the
containment of the digital signature. In other words, the verification
process has to give the message without the added digital signature or the
hash won't work out. This is not a big deal, and it is usually better to do
detached signatures if you have the possibility of multiple people signing
off on the same document (since you won't duplicate the document in each
signature).
As for why your non-detached message isn't coming out right, I wouldn't know
without more information. For one thing, run a debugger to make sure you
have put the correct message size into the DWORD whose address you pass as
the last parameter. Secondly, check the value of the DWORD after the call
to see if the value changed for some reason.
John Boyer
Software Development Manager
UWI.Com -- The Internet Forms Company
jboyer@uwi.com
(250) 479 8334 ext. 143
-----Original Message-----
From: Angela Diceglie <diceglie@OLIVETTIRICERCA.IT>
To: CryptoAPI@DISCUSS.MICROSOFT.COM <CryptoAPI@DISCUSS.MICROSOFT.COM>
Date: Friday, April 17, 1998 8:14 AM
Subject: CryptSignMessage and CryptVerifyMessageSignature
>I have three questions:
>
> * What is the difference to use CryptSignMessage with second
> parameter (fDetachedSignature) TRUE o FALSE?
>
> * I used CryptSignMessage function as follow:
>
> fReturn = CryptSignMessage(
> &SigParams, // Signature parameters
> FALSE, // not detached
> 1, // Number of messages
> MessageArray, // Messages to be signed
> MessageSizeArray, // Size of messages
> pbSignedMessageBlob, // Buffer for signed msg
> &cbSignedMessageBlob); // Size of buffer
>
> with second parameter FALSE, then both MessageArray and the signed
>hash are encoded.
>Then I call the function CryptVerifyMessageSignature to verify the sign
>as follow
>
>fReturn = CryptVerifyMessageSignature(
> &VerifyParams, // Verify parameters
> 0, // Signer index
> signature, // Pointer to signed blob
> sign_len, // Size of signed blob
> pbDecoded, // Buffer for decoded msg
> &pcbDecoded, // Size of buffer
> &SignerCert); // Pointer to signer cert
>
>fReturn is TRUE, but the pbDecoded have only a part the message decoded.
>
>Why?
>
>
>The last question is about using fDetachedSignature TRUE and verifying
>the signature as follows:
>fReturn = CryptVerifyMessageSignature(
> &VerifyParams, // Verify parameters
> 0, // Signer index
> signature, // Pointer to signed blob
> sign_len, // Size of signed blob
> NULL, // Buffer for decoded msg
> NULL, // Size of buffer
> &SignerCert); // Pointer to signer cert
>
>fReturn is FALSE, and the Get Last error returns NTE_BAD_SIGNATURE.
>Why?
>
>----------------------------------------------------------------
>Users Guide http://www.microsoft.com/sitebuilder/resource/mailfaq.asp
>contains important info including how to unsubscribe. Save time, search
>the archives at http://microsoft.ease.lsoft.com/archives/index.html
>
----------------------------------------------------------------
Users Guide http://www.microsoft.com/sitebuilder/resource/mailfaq.asp
contains important info including how to unsubscribe. Save time, search
the archives at http://microsoft.ease.lsoft.com/archives/index.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic