SpMakeSignature function

The SpMakeSignature function generates a signature based on the specified message and security context.

The SpMakeSignature function is the dispatch function for the MakeSignature function of the Security Support Provider Interface.


NTSTATUS SpMakeSignature(
  _In_    LSA_SEC_HANDLE ContextHandle,
  _In_    ULONG          QualityOfProtection,
  _Inout_ PSecBufferDesc MessageBuffers,
  _In_    ULONG          MessageSequenceNumber


ContextHandle [in]

A handle to the security context to be used to generate the message signature.

QualityOfProtection [in]

Specifies package-specific flags that indicate the quality of protection. A security package can use this parameter to support the selection of cryptographic algorithms.

MessageBuffers [in, out]

Pointer to an array of SecBuffer structures. On input, the structures contain the message to be signed. On output, the SecBuffer structure of type SECBUFFER_TOKEN contains the signature.

MessageSequenceNumber [in]

Sequence number to assign to the message. Sequence numbers are optional and are used as protection against loss and insertion of messages. A value of zero indicates that sequence numbers are not in use.

Return value

If the function succeeds, return STATUS_SUCCESS.

If the function fails, return an NTSTATUS code that indicates the reason it failed. The following lists a common reason for failure and the error code that the function should return.

The counterpart to the SpMakeSignature function is the SpVerifySignature function, used to verify signatures at the receiving end.

SSP/APs must implement the SpMakeSignature function; however, the actual name given to the implementation is up to the developer.

A pointer to the SpMakeSignature function is available in the SECPKG_USER_FUNCTION_TABLE structure received from the SpUserModeInitialize function.


Minimum supported client

Windows XP [desktop apps only]

Minimum supported server

Windows Server 2003 [desktop apps only]



