CryptVerifySignature invalid parameter error
fulv...@simail.it
I'm totally stuck upon the error specified in the subject without
understanding the reason why it always returns this error.
What i want to do is to verify an already signed stream of data using
CAPI whitout having the certificate inside the store (CS).
this is basically what i do (i've removed all the obvious and
unnecessary parts to keep code small):
-------------------------------------------------------------------------------------------------------------------
CERT_CONTEXT *cc=CertCreateCertificateContext(X509_ASN_ENCODING |
PKCS_7_ASN_ENCODING, bCer, dwCerSize);
CryptAcquireCertificatePrivateKey(cc, 0, NULL, &hProv, &hKey, NULL);
CryptGetUserKey(hProv,AT_SIGNATURE,&hKey); //Key is correct. i've
dumped it to a file to be sure
CryptCreateHash(hProv, CALG_SHA1, 0, 0, &hHash);
CryptHashData(hHash, bData, dwDataSize, 0); //Hash is correct for
sure.
CryptVerifySignature(hHash, bSign, dwSigSize, hKey, NULL, 0); //
ERROR_INVALID_PARAMETER
--------------------------------------------------------------------------------------------------------------------
i'm sure (because i've checked it out) that everything until
'CryptVerifySignature' is correct and computed in the right way and i
don't make use of 'CryptAcquireContext' because, if i got it right,
it's done via 'CryptAcquireCertificatePrivateKey'. Anyway i've tried
even using 'CryptAcquireContext' without success.
Maybe there is something that i'm missing or got wrong but ALL the
pointers are ok and i've no doubt about it.
I don't really know what else to try and i hope that someone out there
can point me in the right direction.
Thanks in advance.
Fulvio
![Andrew Tucker [MSFT]'s profile photo](https://lh3.googleusercontent.com/a/default-user=s40-c)
Andrew Tucker [MSFT]
> Hi all,
> I'm totally stuck upon the error specified in the subject without
> understanding the reason why it always returns this error.
> What i want to do is to verify an already signed stream of data using
> CAPI whitout having the certificate inside the store (CS).
> this is basically what i do (i've removed all the obvious and
> unnecessary parts to keep code small):
>
> CERT_CONTEXT *cc=CertCreateCertificateContext(X509_ASN_ENCODING |
> PKCS_7_ASN_ENCODING, bCer, dwCerSize);
> CryptAcquireCertificatePrivateKey(cc, 0, NULL, &hProv, &hKey, NULL);
> CryptGetUserKey(hProv,AT_SIGNATURE,&hKey); //Key is correct. i've
> dumped it to a file to be sure
>
> CryptCreateHash(hProv, CALG_SHA1, 0, 0, &hHash);
> CryptHashData(hHash, bData, dwDataSize, 0); //Hash is correct for
> sure.
>
> CryptVerifySignature(hHash, bSign, dwSigSize, hKey, NULL, 0); //
> ERROR_INVALID_PARAMETER
>
> i'm sure (because i've checked it out) that everything until
> 'CryptVerifySignature' is correct and computed in the right way and i
> don't make use of 'CryptAcquireContext' because, if i got it right,
> it's done via 'CryptAcquireCertificatePrivateKey'. Anyway i've tried
> even using 'CryptAcquireContext' without success.
>
> Maybe there is something that i'm missing or got wrong but ALL the
> pointers are ok and i've no doubt about it.
>
> I don't really know what else to try and i hope that someone out there
> can point me in the right direction.
>
> Thanks in advance.
> Fulvi
Is the signature you are passing to CryptVerifySignature coming from
another call to CAPI or some external source? If it is an external
source you may need to byte swap it since CAPI expects all inputs to
be little endian.