|
DgsTimeStampVerify
The DgsTimeStampVerify function is given a PKCS 7 record the was created
using DgsTimeStampRequest. This
function verfies the digital signature and optionally recalculates the hash of the data
object and compares with the time stamp hash. Requires MicroSoft CryptoAPI.
BOOL DgsTimeStampVerify(
LPSTR contentType, // in
BYTE *content, // in
DWORD cContent, // in
DWORD dwIndex, // in
BYTE *pbTimeStampBlob, // in
DWORD *pcbTimeStampBlob, // in
HCERTSTORE hCertStore, // in
LPSTR time // out
);
Parameters
- contentType
- OID of the content type. Determines what data was originally time stamped.
Four options:
- 1. Content type of signature time stamp token
1.2.840.113549.1.9.16.2.14 specifies that content is a PKCS 7 signed message
and pbTimeStampBlob is a PKCS 7 encoded time stamp token (as returned from
function DgsTimeStampRequest). When using this option
the dwIndex is set to indicate which signature in content that is
associated with the pbTimeStampBlob.
- 2. Content type DATA specifies that content is
the data that was hashed to create the time stamp token. pbTimeStampBlob
is a PKCS 7 encoded time stamp token (as return from function DgsTimeStampRequest).
The content type can be specified as "NO DIGEST" to indicate that the content
is the result of the pre-executing the message digest function. When using this
option the dwIndex has no effect.
- 3. Content type is a PKCS 7 signed message
1.2.840.11359.1.7.2. The time stamp token is contained within the signed message as
an Unsigned Attribute of SignerInfo. When using this option dwIndex is set
to indicate which signature in content is to be verified. When using
this option the pbTimeStampBlob is NULL and has no effect. (Current
release does not suppor this option)
- 4. Content type is NULL means only the time stamp is to be
verified. If NULL then the processing to compare the document hash to the hash
inside the time stamp is not performed.
- content
- The contents that was time stamped. This parmeter is ignored if contentType
is NULL.
- cContent
- The size of the buffer that contains content.
- dwIndex
- Index to the SignerInfo signature that was time stamped.
Current release supports only 0, the first signature in the set.
- pbTimeStampBlob
- The encoded time stamp token is a PKCS 7 message.
- pcbTimeStampBlob
- Pointer to a DWORD specifying the size, in bytes, of the pbTimeStampBlob
buffer.
- hCertStore
- The certificate store used to retrieve the DigiStamp public keys that were used
in the time stamp process.
- time
- The time (GMT) that was included in the time stamp. Returned a separate
data item for convenience. If not NULL then the memory size provided must be 20 and will be returned with a null terminator.
Return Values
If the function succeeds, the return value is nonzero (TRUE).
If the function fails, the return value is zero (FALSE).
This function calls toolkit function DgsTsGetParam.
Error messages from these functions can also be returned.
| Error code |
Description |
| DGS_CONTENT_TYPE |
Unsupported content type. |
| DGS_ESSCERTID |
The ESSCertID was not available |
| DGS_MSG_TYPE |
The pbTimeStampBlob can not have multiple
signatures |
| DGS_SIG_HASH |
Hash of the signature could not be calculated. |
| DGS_HASH_NOT_EQUAL |
The hash of the data object is not equal to hash in time
stamp |
| DGS_PUBLIC_NA |
The public key was not in the key store. |
|
|
28 January, 2005
|
