please dont rip this site Prev Next

WinTrustSubjectCheckContentInfo info

The WinTrustSubjectCheckContentInfo function verifies that a specified certificate adequately represents the contents of the specified subject.

BOOL WinTrustSubjectCheckContentInfo(

    LPWIN_TRUST_SIP_SUBJECT  lpSubject,

// pointer to description of the subject

    LPWIN_CERTIFICATE lpSignedData

// pointer to a certificate for the subject

   );

Parameters

lpSubject
Pointer to a WIN_TRUST_SIP_SUBJECT structure that describes the subject to compare to the certificate.
lpSignedData
Pointer to a WIN_CERT_TYPE_PKCS_SIGNED_DATA type of WIN_CERTIFICATE structure. The data in the bCertificate member of this structure is in the format of a PKCS #7 Signed Data structure. For details on this data format, see The Public-Key Cryptography Standards (PKCS), published by RSA Data Security, Inc.

The SIP can use information from the ContentInfo member of this PKCS #7 structure to determine what must be verified about the subject. For example, a Portable Executable (PE) image may include resource information and debug information in a digest of the image. If it does, the SIP can find that information in the ContentInfo member of the corresponding PKCS #7 Signed Data structure. The SIP should not depend on the contents of the PKCS #7 structure other than the ContentInfo member.

Return Values

If the information in lpSignedData adequately represents the subject, the return value is nonzero. Otherwise, the return value is zero.

Remarks

A trust provider calls the WinTrustSubjectCheckContentInfo function to verify that the signature in a certificate matches the contents of a specified subject. The trust provider calls the WinTrust implementation of this function. WinTrust then calls the WinTrustSubjectCheckContentInfo implementation of the appropriate Subject Interface Package (SIP). The appropriate SIP is the one registered to handle the type of subject specified by the lpSubject parameter.

To verify a signature, the trust provider first calls the WinTrustSubjectEnumCertificates function to enumerate the types of certificates contained in the subject. Next, the trust provider calls the WinTrustSubjectGetCertificate function to get the certificate needed to authenticate the subject. Typically, this is a certificate that contains a PKCS #7 Signed Data structure from the subject. Then the trust provider calls WinTrustSubjectCheckContentInfo to determine whether the ContentInfo member of the PKCS #7 Signed Data structure matches the subject. If the return value indicates that the SIP has verified the ContentInfo member, the trust provider must also check the signature of the PKCS #7 Signed Data structure. To do this, the trust provider must digest the PKCS structure and compare it to the signature value in that structure.

Each Subject Interface Package (SIP) DLL must implement the WinTrustSubjectCheckContentInfo function. WinTrust gets a pointer to the SIP’s WinTrustSubjectCheckContentInfo implementation when WinTrust calls the SIP’s WinTrustSipInitialize initialization function.

The SIP implementation of WinTrustSubjectCheckContentInfo compares the information in the PKCS #7’s ContentInfo member to information that it retrieves from the subject identified by the lpSubject parameter. To do this, the SIP generates new ContentInfo information from the subject, which it then compares to the ContentInfo member of the PKCS #7 Signed Data structure. The ContentInfo member contains a message digest of the subject that is important in verifying the validity of the subject. Note that other information in the ContentInfo member may not match the subject. For example, the name of the file is not important because the name can change without affecting the integrity of the subject.

The LPWINTRUST_SUBJECT_CHECK_CONTENT_INFO type is a pointer to a WinTrustSubjectCheckContentInfo function.

See Also

WIN_CERTIFICATE, WIN_TRUST_SIP_SUBJECT, WinTrustSipInitialize, WinTrustSubjectEnumCertificates, WinTrustSubjectGetCertificate


file: /Techref/os/win/api/win32/func/src/f91_27.htm, 5KB, , updated: 2000/4/7 11:13, local time: 2024/11/5 04:07,
TOP NEW HELP FIND: 
3.231.219.178:LOG IN
©2024 PLEASE DON'T RIP! THIS SITE CLOSES OCT 28, 2024 SO LONG AND THANKS FOR ALL THE FISH!

 ©2024 These pages are served without commercial sponsorship. (No popup ads, etc...).Bandwidth abuse increases hosting cost forcing sponsorship or shutdown. This server aggressively defends against automated copying for any reason including offline viewing, duplication, etc... Please respect this requirement and DO NOT RIP THIS SITE. Questions?
Please DO link to this page! Digg it! / MAKE!

<A HREF="http://www.piclist.com/techref/os/win/api/win32/func/src/f91_27.htm"> WinTrustSubjectCheckContentInfo</A>

After you find an appropriate page, you are invited to your to this massmind site! (posts will be visible only to you before review) Just type a nice message (short messages are blocked as spam) in the box and press the Post button. (HTML welcomed, but not the <A tag: Instead, use the link box to link to another page. A tutorial is available Members can login to post directly, become page editors, and be credited for their posts.


Link? Put it here: 
if you want a response, please enter your email address: 
Attn spammers: All posts are reviewed before being made visible to anyone other than the poster.
Did you find what you needed?

  PICList 2024 contributors:
o List host: MIT, Site host massmind.org, Top posters @none found
- Page Editors: James Newton, David Cary, and YOU!
* Roman Black of Black Robotics donates from sales of Linistep stepper controller kits.
* Ashley Roll of Digital Nemesis donates from sales of RCL-1 RS232 to TTL converters.
* Monthly Subscribers: Gregg Rew. on-going support is MOST appreciated!
* Contributors: Richard Seriani, Sr.
 

Welcome to www.piclist.com!

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

  .