NCryptVerifySignature

NCryptVerifySignature function

The NCryptVerifySignature function verifies that the specified signature matches the specified hash.

Syntax


SECURITY_STATUS WINAPI NCryptVerifySignature(
  _In_     NCRYPT_KEY_HANDLE hKey,
  _In_opt_ VOID              *pPaddingInfo,
  _In_     PBYTE             pbHashValue,
  _In_     DWORD             cbHashValue,
  _In_     PBYTE             pbSignature,
  _In_     DWORD             cbSignature,
  _In_     DWORD             dwFlags
);

Parameters

hKey [in]

The handle of the key to use to decrypt the signature. This must be an identical key or the public key portion of the key pair used to sign the data with the NCryptSignHash function.

pPaddingInfo [in, optional]

A pointer to a structure that contains padding information. The actual type of structure this parameter points to depends on the value of the dwFlags parameter. This parameter is only used with asymmetric keys and must be NULL otherwise.

pbHashValue [in]

The address of a buffer that contains the hash of the data. The cbHash parameter contains the size of this buffer.

cbHashValue [in]

The size, in bytes, of the pbHash buffer.

pbSignature [in]

The address of a buffer that contains the signed hash of the data. The NCryptSignHash function is used to create the signature. The cbSignature parameter contains the size of this buffer.

cbSignature [in]

The size, in bytes, of the pbSignature buffer. The NCryptSignHash function is used to create the signature.

dwFlags [in]

Flags that modify function behavior. The allowed set of flags depends on the type of key specified by the hKey parameter.

If the key is a symmetric key, this parameter is not used and should be zero.

If the key is an asymmetric key, this can be one of the following values.

ValueMeaning
NCRYPT_PAD_PKCS1_FLAG

The PKCS1 padding scheme was used when the signature was created. The pPaddingInfo parameter is a pointer to a BCRYPT_PKCS1_PADDING_INFO structure.

NCRYPT_PAD_PSS_FLAG

The Probabilistic Signature Scheme (PSS) padding scheme was used when the signature was created. The pPaddingInfo parameter is a pointer to a BCRYPT_PSS_PADDING_INFO structure.

NCRYPT_SILENT_FLAG

Requests that the key service provider (KSP) not display any user interface. If the provider must display the UI to operate, the call fails and the KSP should set the NTE_SILENT_CONTEXT error code as the last error.

 

Return value

Returns a status code that indicates the success or failure of the function.

Possible return codes include, but are not limited to, the following.

Return codeDescription
ERROR_SUCCESS

The function was successful.

NTE_BAD_SIGNATURE

The signature was not verified.

NTE_INVALID_HANDLE

The hKey parameter is not valid.

NTE_NO_MEMORY

A memory allocation failure occurred.

NTE_NOT_SUPPORTED

The algorithm provider used to create the key handle specified by the hKey parameter is not a signing algorithm.

 

Remarks

A service must not call this function from its StartService Function. If a service calls this function from its StartService function, a deadlock can occur, and the service may stop responding.

Requirements

Minimum supported client

Windows Vista [desktop apps | Windows Store apps]

Minimum supported server

Windows Server 2008 [desktop apps | Windows Store apps]

Header

Ncrypt.h

Library

Ncrypt.lib

DLL

Ncrypt.dll

See also

NCryptSignHash

 

 

Show:
© 2016 Microsoft