SignedCms.CheckSignature Method (X509Certificate2Collection, Boolean)

 
System_CAPS_noteNote

The .NET API Reference documentation has a new home. Visit the .NET API Browser on docs.microsoft.com to see the new experience.

The CheckSignature(X509Certificate2Collection, Boolean) method verifies the digital signatures on the signed CMS/PKCS #7 message by using the specified collection of certificates and, optionally, validates the signers' certificates.

Namespace:   System.Security.Cryptography.Pkcs
Assembly:  System.Security (in System.Security.dll)

public void CheckSignature(
	X509Certificate2Collection extraStore,
	bool verifySignatureOnly
)

Parameters

extraStore
Type: System.Security.Cryptography.X509Certificates.X509Certificate2Collection

An X509Certificate2Collection object that can be used to validate the certificate chain. If no additional certificates are to be used to validate the certificate chain, use CheckSignature(Boolean) instead of CheckSignature(X509Certificate2Collection, Boolean).

verifySignatureOnly
Type: System.Boolean

A Boolean value that specifies whether only the digital signatures are verified without the signers' certificates being validated.

If verifySignatureOnly is true, only the digital signatures are verified. If it is false, the digital signatures are verified, the signers' certificates are validated, and the purposes of the certificates are validated. The purposes of a certificate are considered valid if the certificate has no key usage or if the key usage supports digital signatures or nonrepudiation.

Exception Condition
ArgumentNullException

A null reference was passed to a method that does not accept it as a valid argument.

CryptographicException

A cryptographic operation could not be completed.

InvalidOperationException

A method call was invalid for the object's current state.

This method verifies all signatures, including countersignatures, on the CMS/PKCS #7 message. If there are signed attributes included with the message, these attributes are also verified. If the option is chosen to validate certificates, the entire included portion of the certificate chain is validated.

This method throws an exception if the verification of a digital signature fails or any validation requirements are not met.

The following example shows the placement of CheckSignature(X509Certificate2Collection, Boolean) among the steps necessary to verify the signatures on a SignedCms message. In this example, the message content is not detached, so the message content is included in the SignedCms message.

// Create a new, nondetached SignedCms message.
SignedCms signedCms = new SignedCms();

// encodedMessage is the encoded message received from 
// the sender.
signedCms.Decode(encodedMessage);

// Verify the signature without validating the 
// certificate.
signedCms.CheckSignature(true);

The following example shows the placement of CheckSignature(X509Certificate2Collection, Boolean) among the steps necessary to verify the signatures on a SignedCms message. In this example, the message content is detached, so the message content must be verified independently of the SignedCms message.

// Create a ContentInfo object from the inner content obtained 
// independently from encodedMessage.
ContentInfo contentInfo = new ContentInfo(innerContent);

// Create a new, detached SignedCms message.
SignedCms signedCms = new SignedCms(contentInfo, true);

// encodedMessage is the encoded message received from 
// the sender.
signedCms.Decode(encodedMessage);

// Verify the signature without validating the 
// certificate.
signedCms.CheckSignature(true);

.NET Framework
Available since 2.0
Return to top
Show: