CryptVerifyCertificateSignature fails with NTE_BAD_SIGNATURE

From: Robert Oeffner (robertNoJunk_at_oeffner.spam_me_not.net)
Date: 10/13/05


Date: Thu, 13 Oct 2005 21:27:11 GMT

Hi,
I run a slightly modified example from the MSDN,
http://support.microsoft.com/default.aspx?scid=kb;en-us;323809, where I have
included a call to CryptVerifyCertificateSignature. The file I use for input
contains a valid signature.
Does anyone know why in the code snippet CryptVerifyCertificateSignature
fails with NTE_BAD_SIGNATURE? The original example works just fine. All I
want is to check whether a signed file has been tampered with but the
cryptoAPI is frustratingly poorly documented.

Thanks,

Rob

        // Search for the signer certificate in the temporary
        // certificate store.
        CertInfo.Issuer = pSignerInfo->Issuer;
        CertInfo.SerialNumber = pSignerInfo->SerialNumber;

        pCertContext = CertFindCertificateInStore(hStore,
                                                  ENCODING,
                                                  0,
                                                  CERT_FIND_SUBJECT_CERT,
                                                  (PVOID)&CertInfo,
                                                  NULL);
        if (!pCertContext)
        {
            _tprintf(_T("CertFindCertificateInStore failed with %x\n"),
                GetLastError());
            __leave;
        }

        // Print Signer certificate information.
        _tprintf(_T("Signer Certificate:\n\n"));
        PrintCertificateInfo(pCertContext);
        _tprintf(_T("\n"));

 if (!CryptVerifyCertificateSignature(NULL, X509_ASN_ENCODING |
PKCS_7_ASN_ENCODING,
  (BYTE*)pCertContext->pbCertEncoded, pCertContext->cbCertEncoded,
  &pCertContext->pCertInfo->SubjectPublicKeyInfo))
 {
  DWORD err= GetLastError();
 }

--