IX509CertificateRequestPkcs10::CheckSignature method (certenroll.h)

Article
07/27/2022

The CheckSignature method verifies that the certificate request has been signed and that the signature is valid.

Syntax

HRESULT CheckSignature(
  [in] Pkcs10AllowedSignatureTypes AllowedSignatureTypes
);

Parameters

[in] AllowedSignatureTypes

An Pkcs10AllowedSignatureTypes enumeration value. This can be a bitwise combination of the following values.

Value	Meaning
AllowedKeySignature	Signatures generated by using asymmetric keys are permitted. If this flag is set, the signature is verified against the public key in the PKCS #10 request.
AllowedNullSignature	Null-signed signatures are permitted.

Return value

If the function succeeds, the function returns S_OK.

If the function fails, it returns an HRESULT value that indicates the error. Possible values include, but are not limited to, those in the following table. For a list of common error codes, see Common HRESULT Values.

Return code	Description
CRYPT_E_NO_SIGNER	The certificate request has not been signed.
ERROR_INVALID_STATE	The signature type is not specified by the AllowedSignatureTypes parameter.
NTE_BAD_SIGNATURE	The value specified by the AllowedSignatureTypes parameter is not a member of the Pkcs10AllowedSignatureTypes enumeration type.

Remarks

This method uses the public key to decrypt the signature and compares the signature to a hash of the certificate request.

Requirements

Requirement	Value
Minimum supported client	Windows Vista [desktop apps only]
Minimum supported server	Windows Server 2008 [desktop apps only]
Target Platform	Windows
Header	certenroll.h
DLL	CertEnroll.dll

Share via

IX509CertificateRequestPkcs10::CheckSignature method (certenroll.h)

Syntax

Parameters

Return value

Remarks

Requirements

See also

Feedback

Additional resources