IX509CertificateRequestPkcs10::CheckSignature method

The CheckSignature method verifies that the certificate request has been signed and that the signature is valid.

Syntax


HRESULT CheckSignature(
  [in] Pkcs10AllowedSignatureTypes AllowedSignatureTypes
);

Parameters

AllowedSignatureTypes [in]

An Pkcs10AllowedSignatureTypes enumeration value. This can be a bitwise combination of the following values.

ValueMeaning
AllowedKeySignature

Signatures generated by using asymmetric keys are permitted. If this flag is set, the signature is verified against the public key in the PKCS #10 request.

AllowedNullSignature

Null-signed signatures are permitted.

 

Return value

If the function succeeds, the function returns S_OK.

If the function fails, it returns an HRESULT value that indicates the error. Possible values include, but are not limited to, those in the following table. For a list of common error codes, see Common HRESULT Values.

Return codeDescription
CRYPT_E_NO_SIGNER

The certificate request has not been signed.

ERROR_INVALID_STATE

The signature type is not specified by the AllowedSignatureTypes parameter.

NTE_BAD_SIGNATURE

The value specified by the AllowedSignatureTypes parameter is not a member of the Pkcs10AllowedSignatureTypes enumeration type.

 

Remarks

This method uses the public key to decrypt the signature and compares the signature to a hash of the certificate request.

Requirements

Minimum supported client

Windows Vista [desktop apps only]

Minimum supported server

Windows Server 2008 [desktop apps only]

Header

CertEnroll.h

DLL

CertEnroll.dll

See also

IX509CertificateRequestPkcs10

 

 

Community Additions

ADD
Show: