Decoding Signed Data
The following general process decodes a signed data type.
To decode a signed message
- Get a pointer to the encoded BLOB.
- Call CryptMsgOpenToDecode, passing the necessary arguments.
- Call CryptMsgUpdate once, passing in the handle retrieved in step 2 and a pointer to the data that is to be decoded. This causes the appropriate actions to be taken on the message, depending on the message type.
- Call CryptMsgGetParam, passing in the handle retrieved in step 2 and the appropriate parameter types to access the decoded data. For example, pass in CMSG_CONTENT_PARAM to get a pointer to the decoded content.
The following general process verifies the signature of a decoded, signed message.
To verify the signature of a decoded, signed message
- Call CryptMsgGetParam, passing in the message handle and CMSG_SIGNER_CERT_INFO_PARAM to get the signer's CERT_INFO from the message.
- Call CertOpenStore to open a temporary store that is initialized with the certificates from the message.
- Call CertGetSubjectCertificateFromStore to get the signer's CERT_INFO from the certificates included in the message.
- Call CryptMsgControl, passing in CMSG_CTRL_VERIFY_SIGNATURE to verify the signatures.
- Call CryptMsgClose to close the message.
The result of these procedures is that the signature is verified and a pointer is retrieved to the decoded message content obtained in step 4 of the procedure for decoding a signed message.
For C coding details, see Example C Program: Signing, Encoding, Decoding, and Verifying a Message.