The Verify method determines whether the signatures on signed data in the SignedData object are valid. To verify a signature, the encrypted hash of the contents is decrypted by using the signer's public key from the signer's certificate. The decrypted hash is compared to a new hash of the data content. A signature is valid if the hashes match. In addition, this method also builds a certificate chain to determine the validity of the certificate that provides the public key used to decrypt the hash.
- SignedMessage [in]
A string that contains the signed message to be verified.
- bDetached [in, optional]
If True, the data to be signed is detached; that is, the content that is signed is not included as part of the signed object. To verify the signature on detached content, an application must have a copy of the original content. Detached content is often used to decrease the size of a signed object to be sent across the web, if the recipient of the signed message has an original copy of the signed data. The default value is False.
- VerifyFlag [in, optional]
A value of the CAPICOM_SIGNED_DATA_VERIFY_FLAG enumeration that indicates the verification policy. The default value is CAPICOM_VERIFY_SIGNATURE_AND_CERTIFICATE. Using this value, both the validity of the certificate and the validity of the signature are checked. This parameter may be set to verify the signature and not the certificate. This parameter can be one of the following values.
Only the signature is checked.
Both the signature and the validity of the certificate used to create the signature are checked.
This method returns a string that contains the encoded, signed data.
If this method fails, an error will be thrown. The Err object will contain additional information about the error.
CAPICOM 2.0 or later on Windows Server 2003 and Windows XP