Decoding Signed Data

The following general process decodes a signed data type.

Aa381957.wedge(en-us,VS.85).gifTo decode a signed message

  1. Get a pointer to the encoded BLOB.
  2. Call CryptMsgOpenToDecode, passing the necessary arguments.
  3. Call CryptMsgUpdate once, passing in the handle retrieved in step 2 and a pointer to the data that is to be decoded. This causes the appropriate actions to be taken on the message, depending on the message type.
  4. Call CryptMsgGetParam, passing in the handle retrieved in step 2 and the appropriate parameter types to access the decoded data. For example, pass in CMSG_CONTENT_PARAM to get a pointer to the decoded content.

The following general process verifies the signature of a decoded, signed message.

Aa381957.wedge(en-us,VS.85).gifTo verify the signature of a decoded, signed message

  1. Call CryptMsgGetParam, passing in the message handle and CMSG_SIGNER_CERT_INFO_PARAM to get the signer's CERT_INFO from the message.
  2. Call CertOpenStore to open a temporary store that is initialized with the certificates from the message.
  3. Call CertGetSubjectCertificateFromStore to get the signer's CERT_INFO from the certificates included in the message.
  4. Call CryptMsgControl, passing in CMSG_CTRL_VERIFY_SIGNATURE to verify the signatures.
  5. Call CryptMsgClose to close the message.

The result of these procedures is that the signature is verified and a pointer is retrieved to the decoded message content obtained in step 4 of the procedure for decoding a signed message.

For C coding details, see Example C Program: Signing, Encoding, Decoding, and Verifying a Message.

 

 

Show: