CryptoSys PKI Pro Manual

CMS_VerifySigData

Verifies the signature and content of a signed-data CMS object file.

VBA/VB6 Syntax

Public Declare Function CMS_VerifySigData Lib "diCrPKI.dll" (ByVal strFileIn As String, ByVal strCertFile As String, ByVal strHexDigest As String, ByVal nOptions As Long) As Long

nRet = CMS_VerifySigData(strFileIn, strCertFile, strHexDigest, nOptions) As Long

C/C++ Syntax

long __stdcall CMS_VerifySigData(const char *szFileIn, const char *szCertFile, const char *szHexDigest, long nOptions);

Parameters

szFileIn
[in] specifying the name of the signed-data CMS object file (binary or base64-encoded) or the data as a base64 or PEM string.
szCertFile
[in] (optional) specifying an X.509 certificate file to be used to identify the signer. Specify an empty string "" to use the certificate(s) in the input file.
szHexDigest
[in] (optional) specifying a message digest encoded in hexadecimal format. Use this to verify a "detached-signature" input file. Specify an empty string "" to verify the eContent data in the SignedData file.
nOptions
[in] option flags:
PKI_DEFAULT (0) for default options.
PKI_CMS_BIGFILE to speed up the processing of large files (binary input only).

Returns (VBA/C)

If successful, the return value is zero; otherwise it returns a negative error code.

VBA Wrapper Syntax

Public Function cmsVerifySigData (szFileIn As String, Optional szCertFile As String = "", Optional szHexDigest As String = "", Optional nOptions As Long = 0) As Long

.NET Equivalent

Cms.VerifySigData Method

C++ (STL) Equivalent

static bool dipki::Cms::VerifySigData (const std::string &inputFile, const std::string &certFile="", const std::string &hexDigest="", bool bigFile=false)

Python Equivalent

static Cms.verify_sigdata(sigdatafile, certfile="", hexdigest="", bigfile=False)

Remarks

This function verifies that the content was indeed signed by the purported signer. Note that it returns zero to indicate success, not true. If a certificate is specified in szCertFile then the public key from that certificate will be used and a matching signerInfo will be searched for in the SignedData file. Otherwise the first matching pair of certificate and signerInfo found in the SignedData file will be used. If the signed content (eContent) is included in the SignedData object (this is the usual case), then specify an empty string ("") for szHexDigest. For a "detached-signature" file where the signed content has been passed to the user by other means, compute a separate message digest of the data and pass it to the function in the szHexDigest parameter. This function handles SignedData objects both with and without signedAttributes.

[New in v12.4] If an ESS Signing Certificate attribute is found, then the purported signing certificate will be checked against the value of this attribute as per ESS [RFC5035] and CAdES [CADES]. It is a SIGNATURE_ERROR (22) if these do not match.

[New in v12.4] If an Algorithm Protection Attribute is found, then further verification checks will be made to prevent algorithm substitution attacks as per [RFC6211]. It is a SIGNATURE_ERROR (22) if these checks fail.

Example

Dim nRet As Long
Dim strInputFile As String
strInputFile = "BasicSignByAlice.bin"
nRet = CMS_VerifySigData(strInputFile, "", "", 0)
Debug.Print "CMS_VerifySigData returns " & nRet & " (expecting 0)"

See Also

CMS_GetSigDataDigest

[Contents] [Index]

[PREV: CMS_ReadSigDataToString...]   [Contents]   [Index]   
   [NEXT: CNV_B64Filter...]
Copyright © 2004-24 D.I. Management Services Pty Ltd. All rights reserved. Generated 2024-09-23T07:52:09Z.