EN
이 콘텐츠는 한국어로 제공되지 않아 영어 버전으로 표시됩니다.

SignerSignEx2 function

The SignerSignEx2 function signs and time stamps the specified file, allowing multiple nested signatures.

Note  This function has no associated header file or import library. To call this function, you must create a user-defined header file and use the LoadLibrary and GetProcAddress functions to dynamically link to Mssign32.dll.

Syntax


HRESULT WINAPI SignerSignEx2(
  _In_        DWORD dwFlags,
  _In_        SIGNER_SUBJECT_INFO *pSubjectInfo,
  _In_        SIGNER_CERT *pSignerCert,
  _In_        SIGNER_SIGNATURE_INFO *pSignatureInfo,
  _In_opt_    SIGNER_PROVIDER_INFO *pProviderInfo,
  _In_opt_    DWORD dwTimestampFlags,
  _In_opt_    PCSTR pszTimestampAlgorithmOid,
  _In_opt_    PCWSTR pwszHttpTimeStamp,
  _In_opt_    PCRYPT_ATTRIBUTES psRequest,
  _In_opt_    PVOID pSipData,
  _Out_       SIGNER_CONTEXT **ppSignerContext,
  _In_opt_    PCERT_STRONG_SIGN_PARA pCryptoPolicy,
  _Reserved_  PVOID pReserved
);

Parameters

dwFlags [in]

Modifies the behavior of this function.

If the file to be signed is a portable executable (PE) file, this can be zero or a combination of one or more of the following values.

ValueMeaning
SPC_EXC_PE_PAGE_HASHES_FLAG
0x10

Exclude page hashes when creating SIP indirect data for the PE file. This flag takes precedence over the SPC_INC_PE_PAGE_HASHES_FLAG flag.

If neither the SPC_EXC_PE_PAGE_HASHES_FLAG or the SPC_INC_PE_PAGE_HASHES_FLAG flag is specified, the value set with the WintrustSetDefaultIncludePEPageHashes function is used for this setting. The default for this setting is to exclude page hashes when creating SIP indirect data for PE files.

This value is defined in the Mssip.h header file.

Windows Server 2003 and Windows XP:  This value is not supported.

SPC_INC_PE_IMPORT_ADDR_TABLE_FLAG
0x20

This value is not supported.

SPC_INC_PE_DEBUG_INFO_FLAG
0x40

This value is not supported.

SPC_INC_PE_RESOURCES_FLAG
0x80

This value is not supported.

SPC_INC_PE_PAGE_HASHES_FLAG
0x100

Include page hashes when creating SIP indirect data for the PE file.

Windows Server 2003 and Windows XP:  This value is not supported.

This value is defined in the Mssip.h header file.

SIG_APPEND
0x1000

The signature will be nested. If you set this flag before any signature has been added, the generated signature will be added as the outer signature. If you do not set this flag, the generated signature replaces the outer signature, deleting all inner signatures.

 

pSubjectInfo [in]

Pointer to a SIGNER_SUBJECT_INFO structure that specifies the subject to sign.

pSignerCert [in]

Pointer to a SIGNER_CERT structure that specifies the certificate to use to create the digital signature.

pSignatureInfo [in]

A pointer to a SIGNER_SIGNATURE_INFO structure that contains information about the digital signature.

pProviderInfo [in, optional]

Pointer to a SIGNER_PROVIDER_INFO structure that specifies the cryptographic service provider (CSP) and private key information used to create the digital signature.

If the value of this parameter is NULL, the pSignerCert parameter must specify a certificate that is associated with a CSP.

dwTimestampFlags [in, optional]

Flags that will be passed to SignerTimeStampEx3 if the pwszHttpTimeStamp parameter is not NULL. This can be one of the following values.

ValueMeaning
SIGNER_TIMESTAMP_AUTHENTICODE

Default value. Specifies an Authenticode timestamp.

SIGNER_TIMESTAMP_RFC3161

Specifies an RFC 3161 timestamp.

 

This parameter is ignored if the pwszHttpTimeStamp parameter is NULL.

pszTimestampAlgorithmOid [in, optional]

Object identifier of the algorithm to be used for creating an RFC 3161 timestamp. This parameter is ignored for Authenticode time stamps.

pwszHttpTimeStamp [in, optional]

URL of the time stamp server.

psRequest [in, optional]

Pointer to an array of CRYPT_ATTRIBUTE structures that are added to a sign request. This parameter is ignored if the pwszHttpTimeStamp parameter does not contain a valid value or is NULL.

pSipData [in, optional]

A 32-bit value that is passed as additional data to SIP functions. The format and content of this is defined by the SIP provider.

ppSignerContext [out]

The address of a pointer to the SIGNER_CONTEXT structure that contains the signed BLOB. When you have finished using the SIGNER_CONTEXT structure, free the SIGNER_CONTEXT structure by calling the SignerFreeSignerContext function.

pCryptoPolicy [in, optional]

If present, a pointer to a CERT_STRONG_SIGN_PARA structure that contains the parameters used to check for strong signatures. If either a certificate or its chain does not pass, the file is not altered in any way. If a URL is passed in to specify a Time Stamping Authority (TSA), this policy is also applied to the time stamp.

pReserved

Reserved. This value must be NULL.

Return value

If the function succeeds, the function returns S_OK.

If the function fails, it returns an HRESULT value that indicates the error. Possible error codes returned by this function include, but are not limited to, the following. For a list of common error codes, see Common HRESULT Values.

Return codeDescription
E_INVALIDARG

If you set the dwTimestampFlags parameter to SIGNER_TIMESTAMP_AUTHENTICODE, you cannot set the dwFlags parameter to SIG_APPEND.

 

Requirements

Minimum supported client

Windows 8 [desktop apps only]

Minimum supported server

Windows Server 2012 [desktop apps only]

DLL

Mssign32.dll

See also

SignerSign
SignerSignEx
SignerFreeSignerContext

 

 

커뮤니티 추가 항목

추가
표시:
© 2014 Microsoft