NCryptVerifySignature with Key storage provider (KSP)
The NCryptVerifySignature function confirms whether a signature
matches a specified hash.
Parameters
-
hKey[in] -
The handle of the key to use to decrypt the signature. You must use the public key portion of the key pair that was used to sign the data with the NCryptSignHash.
pPaddingInfo[in, optional]-
A pointer to a structure containing padding information. The structure type depends on the
dwFlagsvalue. Use this parameter only with asymmetric keys; set to NULL for other key types. pbHashValue[in]-
A pointer to a buffer containing the hash value to sign. Specify the buffer size using
cbHashValue. cbHashValue[in]-
The size of the
pbHashValuebuffer in bytes. pbSignature[out]-
The address of a buffer containing the signed hash of the data. Use NCryptSignHash to create this signature. Specify the buffer size using
cbSignature. cbSignature[in]-
The size of the
pbSignaturebuffer in bytes. Use NCryptSignHash to create the signature. dwFlags[in]-
Flags to modify the function's behavior. The allowed flags depend on your key type. Use one of these values:
Value Meaning NCRYPT_PAD_PKCS1_FLAG
Indicates the signature used PKCS1 padding. Set
pPaddingInfoto point to aBCRYPT_PKCS1_PADDING_INFOstructure.NCRYPT_PAD_PSS_FLAG
Indicates the signature used Probabilistic Signature Scheme (PSS) padding. Set
pPaddingInfoto point to aBCRYPT_PSS_PADDING_INFOstructure.NCRYPT_SILENT_FLAG
This flag has no effect.
Return Value
The function returns a status code to indicate success or failure.
Common return codes include:
| Return code | Description |
|---|---|
|
ERROR_SUCCESS |
The operation completed successfully. |
|
NTE_INVALID_PARAMETER |
One or more parameters are not valid. |
|
NTE_FAIL |
The operation couldn't complete. |
|
NTE_INVALID_HANDLE |
The handle in |
|
NTE_BAD_FLAGS |
The |
|
NTE_BAD_SIGNATURE |
The signature was not verified. |
|
NTE_BAD_KEY_STATE |
The key state is not valid. |
|
NTE_INTERNAL_ERROR |
An internal error happened while verifying the signature. |
