CryptVerifyTimeStampSignature function

The CryptVerifyTimeStampSignature function validates the time stamp signature on a specified array of bytes.


BOOL WINAPI CryptVerifyTimeStampSignature(
  _In_      const BYTE                     pbTSContentInfo,
                  DWORD                    cbTSContentInfo,
  _In_opt_  const DWORD                    pbData,
                  DWORD                    cbData,
  _In_opt_        HCERTSTORE               hAdditionalStore,
  _Out_           PCRYPT_TIMESTAMP_CONTEXT ppTsContext,
  _Out_opt_       PCCERT_CONTEXT           *ppTsSigner,
  _Out_opt_       HCERTSTORE               *phStore


pbTSContentInfo [in]

A pointer to a buffer that contains time stamp content.


The size, in bytes, of the buffer pointed to by the pbTSContentInfo parameter.

pbData [in, optional]

A pointer to an array of bytes on which to validate the time stamp signature.


The size, in bytes, of the array pointed to by the pbData parameter.

hAdditionalStore [in, optional]

The handle of an additional store to search for supporting Time Stamping Authority (TSA) signing certificates and certificate trust lists (CTLs). This parameter can be NULL if no additional store is to be searched.

ppTsContext [out]

A pointer to a PCRYPT_TIMESTAMP_CONTEXT structure. When you have finished using the context, you must free it by calling the CryptMemFree function.

ppTsSigner [out, optional]

A pointer to a PCERT_CONTEXT that receives the certificate of the signer. When you have finished using this structure, you must free it by passing this pointer to the CertFreeCertificateContext function.

Set this parameter to NULL if the TSA signer's certificate is not needed.

phStore [out, optional]

A pointer to a handle that receives the certificate store opened on CMS to search for supporting certificates.

This parameter can be NULL if the TSA supporting certificates are not needed. When you have finished using this handle, you must release it by passing it to the CertCloseStore function.

Return value

If the function succeeds, the function returns TRUE. For extended error information, call the GetLastError function.


The caller should validate the pszTSAPolicyId member of the CRYPT_TIMESTAMP_INFO structure when it is returned by the CryptRetrieveTimeStamp function. If a TSA policy was specified in the request and the ftTime member contains a valid value, the caller should build a certificate context chain with which to populate the ppTsSigner parameter and validate the trust.


Minimum supported client

Windows 7 [desktop apps | UWP apps]

Minimum supported server

Windows Server 2008 R2 [desktop apps | UWP apps]





See also