please dont rip this site Prev Next

CryptSignHash info  Overview  Group

The CryptSignHash function is used to sign a piece of data. Because all signature algorithms are asymmetric and thus incredibly slow, CryptoAPI will not let data be signed directly. Instead, you must first hash the data and then use CryptSignHash to sign the hash value.



    DWORD dwKeySpec,

    LPCTSTR sDescription,

    DWORD dwFlags,

    BYTE *pbSignature,

    DWORD *pdwSigLen



[in] A handle to the hash object to be signed.
[in] The key pair to use to sign the hash. The following keys can be specified:

The signature algorithm used is specified when the key pair was originally created.

The only signature algorithm that the Microsoft RSA Base Provider supports is the RSA Public-Key algorithm.

[in] The string describing the data to sign. This description text is added to the hash object before the signature is generated. Whenever the signature is authenticated (with CryptVerifySignature), the exact same description string must be supplied. This ensures that both the signer and the authenticator agree on what is being signed or authenticated.

Some CSPs (not the Microsoft RSA Base Provider) will display this description string to the user. This lets the user confirm what he or she is signing. This protects the user from unscrupulous applications and also reduces misunderstandings.

This parameter can be NULL if no description string is to included in the signature. Usually, this is only the case when the signature is performed using a signature key that is not legally bound to the user. For example, when a signature operation is performed with the key exchange private key as part of a key exchange protocol, no description string is typically specified.

[in] The flag values. This parameter is reserved for future use and should always be zero.
[out] The buffer in which the function places the signature data.

This parameter can be NULL if all you are doing is determining the number of bytes required for the returned signature data.

[in/out] The address of the signature data length. Before calling this function, the caller should set this parameter to the length, in bytes, of the pbSignature buffer. Upon return, this address will contain the number of bytes in the signature data.

If the buffer specified by pbSignature is not large enough to hold the data, the function returns the ERROR_MORE_DATA error code (through GetLastError) and stores the required buffer size, in bytes, into the variable pointed to by pdwSigLen.

If pbSignature is NULL, then no error is returned and the function stores the size of the data, in bytes, in the variable pointed to by pdwSigLen.


Before calling this function, the CryptCreateHash function must be called to get a handle to a hash object. The CryptHashData or CryptHashSessionKey function is then used to add the data or session keys to the hash object.

Once this function has been completed, the only hash function that can be called using the hHash handle is the CryptDestroyHash function.

Return Values

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To retrieve extended error information, use the GetLastError function.

The following table lists the error codes most commonly returned by the GetLastError function. The error codes prefaced by “NTE” are generated by the particular CSP you are using.




One of the parameters specifies an invalid handle.


One of the parameters contains an invalid value. This is most often an illegal pointer.


The hHash handle specifies an algorithm that this CSP does not support.


The dwFlags parameter is nonzero.


The hash object specified by the hHash parameter is invalid.


The CSP context that was specified when the hash object was created cannot be found.


The private key specified by dwKeySpec does not exist.


The CSP ran out of memory during the operation.


#include <wincrypt.h>


#define BUFFER_SIZE 256



BYTE *pbSignature = NULL;

DWORD dwSigLen;

LPTSTR szDescription = TEXT(“Test Data”);


// Get handle to the default provider.

if(!CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, 0)) {

    printf("Error %x during CryptAcquireContext!\n", GetLastError());

    goto done;


// Fill buffer with test data.

for(i = 0 ; i < BUFFER_SIZE ; i++) {

    pbBuffer[i] = (BYTE)i;


// Create hash object.

if(!CryptCreateHash(hProv, CALG_MD5, 0, 0, &hHash)) {

    printf("Error %x during CryptCreateHash!\n", GetLastError());

    goto done;


// Hash buffer.

if(!CryptHashData(hHash, pbBuffer, BUFFER_SIZE, 0)) {

    printf("Error %x during CryptHashData!\n", GetLastError());

    goto done;


// Determine size of signature and allocate memory.

dwSigLen = 0;

if(!CryptSignHash(hHash, AT_SIGNATURE, TEXT(""), 0, NULL, &dwSigLen)) {

    printf("Error %x during CryptSignHash!\n", GetLastError());

    if(GetLastError()!=NTE_BAD_LEN) goto done;


if((pbSignature = malloc(dwSigLen)) == NULL) {

    printf("Out of memory!\n");

    goto done;


// Sign hash object.

if(!CryptSignHash(hHash, AT_SIGNATURE, szDescription, 0, pbSignature, &dwSigLen)) {

    printf("Error %x during CryptSignHash!\n", GetLastError());

    goto done;


// Store or transmit the signature, test buffer, and description string.



// Free memory used to store signature.

if(pbSignature != NULL) free(pbSignature);

// Destroy hash object.

if(hHash != 0) CryptDestroyHash(hHash);

// Release provider handle.

if(hProv != 0) CryptReleaseContext(hProv, 0);


See Also

CryptCreateHash, CryptDestroyHash, CryptHashData, CryptHashSessionKey, CryptVerifySignature 


file: /Techref/os/win/api/win32/func/src/f12_19.htm, 10KB, , updated: 2000/4/7 12:19, local time: 2022/5/26 02:08,

 ©2022 These pages are served without commercial sponsorship. (No popup ads, etc...).Bandwidth abuse increases hosting cost forcing sponsorship or shutdown. This server aggressively defends against automated copying for any reason including offline viewing, duplication, etc... Please respect this requirement and DO NOT RIP THIS SITE. Questions?
Please DO link to this page! Digg it! / MAKE!

<A HREF=""> CryptSignHash Release 2]</A>

After you find an appropriate page, you are invited to your to this massmind site! (posts will be visible only to you before review) Just type a nice message (short messages are blocked as spam) in the box and press the Post button. (HTML welcomed, but not the <A tag: Instead, use the link box to link to another page. A tutorial is available Members can login to post directly, become page editors, and be credited for their posts.

Link? Put it here: 
if you want a response, please enter your email address: 
Attn spammers: All posts are reviewed before being made visible to anyone other than the poster.
Did you find what you needed?

  PICList 2022 contributors:
o List host: MIT, Site host, Top posters @20220526
* Page Editors: James Newton, David Cary, and YOU!
* Roman Black of Black Robotics donates from sales of Linistep stepper controller kits.
* Ashley Roll of Digital Nemesis donates from sales of RCL-1 RS232 to TTL converters.
* Monthly Subscribers: Gregg Rew. on-going support is MOST appreciated!
* Contributors: Richard Seriani, Sr.

Welcome to!