CryptVerifyCertificateSignature fails with NTE_BAD_SIGNATURE

From: Robert Oeffner (
Date: 10/13/05

Date: Thu, 13 Oct 2005 21:27:11 GMT

I run a slightly modified example from the MSDN,;en-us;323809, where I have
included a call to CryptVerifyCertificateSignature. The file I use for input
contains a valid signature.
Does anyone know why in the code snippet CryptVerifyCertificateSignature
fails with NTE_BAD_SIGNATURE? The original example works just fine. All I
want is to check whether a signed file has been tampered with but the
cryptoAPI is frustratingly poorly documented.



        // Search for the signer certificate in the temporary
        // certificate store.
        CertInfo.Issuer = pSignerInfo->Issuer;
        CertInfo.SerialNumber = pSignerInfo->SerialNumber;

        pCertContext = CertFindCertificateInStore(hStore,
        if (!pCertContext)
            _tprintf(_T("CertFindCertificateInStore failed with %x\n"),

        // Print Signer certificate information.
        _tprintf(_T("Signer Certificate:\n\n"));

 if (!CryptVerifyCertificateSignature(NULL, X509_ASN_ENCODING |
  (BYTE*)pCertContext->pbCertEncoded, pCertContext->cbCertEncoded,
  DWORD err= GetLastError();