Re: How to call the SignedData.Verify method

From: Michel Gallant (neutron_at_NOSPAMistar.ca)
Date: 02/12/04

• Next message: Krish Shenoy[MSFT]: "Re: View Certificate Service Database"
• Previous message: Eugene Mayevski: "Re: PR_USER_X509_CERTIFICATE revisited"
• In reply to: Shawn Corey [MSFT]: "Re: How to call the SignedData.Verify method"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 12 Feb 2004 16:15:58 -0500

This is not quite complete. By default, SignedData.Sign includes
the signed content within the signature, but Sign has a parameter for
specifying detached signatures.
However, CAPICOM supports both attached and detached signatures.
Shawn is referring to "attached" PKCS #7 blobs (where the content is embedded
in the PKCS and verification can find it automatically).

For *detached* signatures (like generated by most S/MIME mail clients),
you need to explicitly initialize the SignedData.Content with
the actual content you are verifying the signature (encrypted hash) against.

- Mitch Gallant

"Shawn Corey [MSFT]" <shawncor@online.microsoft.com> wrote in message
news:eDP1N7Z8DHA.2404@TK2MSFTNGP12.phx.gbl...
> For verifying you do not usually have to set the content, it will be set
> after the verify is complete. For verifying signed data just call verify
> something like this oSignedData.Verify data. If the verify can successfully
> decode the data then the content will be filled with the data that was
> signed.
>
> Here is the link to the CAPICOM MSDN docs:
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/Security/capicom_reference.asp
>
> --
> This posting is provided "AS IS" with no warranties, and confers no rights.
> Use of included script samples are subject to the terms specified at
> http://www.microsoft.com/info/cpyright.htm
>
>
> "Sahil" <ffREMOVETHIS2@hotmail.com> wrote in message
> news:eqph8HT8DHA.2392@TK2MSFTNGP11.phx.gbl...
> > Hello all,
> > How do one call the verify method of SignedData Capicom object?
> >
> > if i need to verify pkcs7 file. what exactly do i've to set content
> property
> > to ?
> >
> > thanks
> >
> >
> >
>
>

---

• Next message: Krish Shenoy[MSFT]: "Re: View Certificate Service Database"
• Previous message: Eugene Mayevski: "Re: PR_USER_X509_CERTIFICATE revisited"
• In reply to: Shawn Corey [MSFT]: "Re: How to call the SignedData.Verify method"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: CAPICOM: How to check the validity of certificate when verifiing the signature fails? ... Yes, I passed the detached data to SignedData, before veryfiing. ... the content is changed and certificate is not valid. ... So, if verify fails, I don't know if the cert is valid. ... (microsoft.public.platformsdk.security) Re: About PGP Signing a File. ... I have a question regarding signing a file or binary, ... So any place you need to guarantee file integrity you can ... verify their integrity, for example. ... I've also used digital signatures to monitor changes in critical system ... (Ubuntu) Re: SignedXml CheckSignature() ... A> Can some one verify that .net 2.0 Signatures can not be verified by .net ... With best regards, ... http://www.SecureBlackbox.com - the comprehensive component suite for network security ... (microsoft.public.dotnet.framework) Re: strange software > winsupdater.exe ... And you verify the authenticity of your warm fuzzy how, ... the DLL that verifies signatures could be backdoored as well. ... (Incidents) Re: How to verify a SignedData (CMS, RFC3369) object? ... I changed the vbs sample so that the last parameter from Verify() is 0 ... And now it verifies the Signature!!! ... I now have a file that is the certificate authority ... that signed the cerificate that was included inside the SignedData. ... (microsoft.public.platformsdk.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)