Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

how to get the CA signature from Certificates

1 view
Skip to first unread message

usr....@gmail.com

unread,
Apr 24, 2008, 6:46:46 AM4/24/08
to
Hi All,

My client have passed the Certificates to me, then I use
CertCreateCertificateContext function get a PCCERT_CONTEXT. My
question is How do i get the CA signature of this Certificates?
I need to use the CA public-key to check this CA signature, I have get
the public-key from the CA root Certificate. Thanks!

Mounir IDRASSI

unread,
Apr 24, 2008, 8:40:00 AM4/24/08
to
Hi,

If you want to verify the signature of a certificate using the public key of
the CA, I advise you to use the function CryptVerifyCertificateSignature. It
only needs the encoded bytes of the certificate and a structure containing
the CA public key.
Here is the link to its documentation :
http://msdn2.microsoft.com/en-us/library/aa380912(VS.85).aspx .

Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

Sylvain SF

unread,
Apr 24, 2008, 6:08:30 PM4/24/08
to
Mounir IDRASSI wrote on 24/04/2008 14:40:
>
> If you want to verify the signature of a certificate using the public key ...

Mounir, could you please check the last post of "M_P" in the thread
"smart card and crypt API CryptSignHash throws ...".

it looks like, the axalto CSP fails to process signature with his
scenarion. could you advice an a different way to test signature
computation using another API set -- I'm not fluent enough with
CSP to be sure of how to manage such tests.

cheers,
Sylvain.

usr....@gmail.com

unread,
Apr 25, 2008, 1:37:51 AM4/25/08
to
> > the public-key from the CA root Certificate. Thanks!- 隐藏被引用文字 -
>
> - 显示引用的文字 -

Thanks, but my question is how to get the CA signature of the
Certificates.

Mounir IDRASSI

unread,
Apr 25, 2008, 5:20:05 AM4/25/08
to
Hi,

Actually, getting the certificate signature is easy : it's stored in the
last bytes of the certificate encoding. So, for instance, if the bit length
of the CA RSA key pair is 1024, then the last 128 bytes of the certificate
are its CA signature.

Sorry if in my first post I didn't answer your question directly.

--
Mounir IDRASSI
IDRIX
http://www.idrix.fr


"usr....@gmail.com" wrote:

> On , Mounir IDRASSI <mooni...@newsgroups.nospam> wrote:
> > Hi,
> >
> > If you want to verify the signature of a certificate using the public key of
> > the CA, I advise you to use the function CryptVerifyCertificateSignature. It
> > only needs the encoded bytes of the certificate and a structure containing
> > the CA public key.
> > Here is the link to its documentation :http://msdn2.microsoft.com/en-us/library/aa380912(VS.85).aspx.
> >
> > Cheers,
> > --
> > Mounir IDRASSI
> > IDRIXhttp://www.idrix.fr
> >
> >
> >
> > "usr.r...@gmail.com" wrote:
> > > Hi All,
> >
> > > My client have passed the Certificates to me, then I use
> > > CertCreateCertificateContext function get a PCCERT_CONTEXT. My
> > > question is How do i get the CA signature of this Certificates?
> > > I need to use the CA public-key to check this CA signature, I have get
> > > the public-key from the CA root Certificate. Thanks!-
>

0 new messages