|
|
|
|
|
|
|
|
|
Quick Info
Windows NT
| Yes
| Win95
| No
| Win32s
| No
| Import Library
| -
| Header File
| wintrust.h
| Unicode
| No
| Platform Notes
| None
|
|
|
WinTrustSubjectCheckContentInfo
[New - Windows NT]
The
WinTrustSubjectCheckContentInfo function verifies that a specified certificate adequately represents the
contents of the specified subject.
BOOL WinTrustSubjectCheckContentInfo(
LPWIN_TRUST_SIP_SUBJECT lpSubject,
| // pointer to description of the subject
|
LPWIN_CERTIFICATE lpSignedData
| // pointer to a certificate for the subject
|
);
|
|
Parameters
lpSubject
Pointer to a
WIN_TRUST_SIP_SUBJECT structure that describes the subject to compare to the certificate.
lpSignedData
Pointer to a WIN_CERT_TYPE_PKCS_SIGNED_DATA type of
WIN_CERTIFICATE structure. The data in the
bCertificate member of this structure is in the format of a PKCS #7 Signed Data structure.
For details on this data format, see
The Public-Key Cryptography Standards (PKCS), published by RSA Data Security, Inc.
The SIP can use information from the ContentInfo member of this PKCS #7
structure to determine what must be verified about the subject. For example, a
Portable Executable (PE) image may include resource information and debug information
in a digest of the image. If it does, the SIP can find that information in the
ContentInfo member of the corresponding PKCS #7 Signed Data structure. The SIP
should not depend on the contents of the PKCS #7 structure other than the
ContentInfo member.
Return Values
If the information in
lpSignedData adequately represents the subject, the return value is nonzero. Otherwise,
the return value is zero.
Remarks
A trust provider calls the
WinTrustSubjectCheckContentInfo function to verify that the signature in a certificate matches the contents
of a specified subject. The trust provider calls the WinTrust implementation of
this function. WinTrust then calls the
WinTrustSubjectCheckContentInfo implementation of the appropriate Subject Interface Package (SIP). The
appropriate SIP is the one registered to handle the type of subject specified by the
lpSubject parameter.
To verify a signature, the trust provider first calls the
WinTrustSubjectEnumCertificates function to enumerate the types of certificates contained in the subject.
Next, the trust provider calls the
WinTrustSubjectGetCertificate function to get the certificate needed to authenticate the subject.
Typically, this is a certificate that contains a PKCS #7 Signed Data structure from the
subject. Then the trust provider calls
WinTrustSubjectCheckContentInfo to determine whether the ContentInfo member of the PKCS #7 Signed Data
structure matches the subject. If the return value indicates that the SIP has
verified the ContentInfo member, the trust provider must also check the signature of
the PKCS #7 Signed Data structure. To do this, the trust provider must digest
the PKCS structure and compare it to the signature value in that structure.
Each Subject Interface Package (SIP) DLL must implement the
WinTrustSubjectCheckContentInfo function. WinTrust gets a pointer to the SIP's
WinTrustSubjectCheckContentInfo implementation when WinTrust calls the SIP's
WinTrustSipInitialize initialization function.
The SIP implementation of
WinTrustSubjectCheckContentInfo compares the information in the PKCS #7's ContentInfo member to information
that it retrieves from the subject identified by the
lpSubject parameter. To do this, the SIP generates new ContentInfo information from the
subject, which it then compares to the ContentInfo member of the PKCS #7
Signed Data structure. The ContentInfo member contains a message digest of the
subject that is important in verifying the validity of the subject. Note that other
information in the ContentInfo member may not match the subject. For example,
the name of the file is not important because the name can change without
affecting the integrity of the subject.
The LPWINTRUST_SUBJECT_CHECK_CONTENT_INFO type is a pointer to a
WinTrustSubjectCheckContentInfo function.
See Also
WIN_CERTIFICATE,
WIN_TRUST_SIP_SUBJECT,
WinTrustSipInitialize,
WinTrustSubjectEnumCertificates,
WinTrustSubjectGetCertificate
- Software for developers
-
Delphi Components
.Net Components
Software for Android Developers
- More information resources
-
MegaDetailed.Net
Unix Manual Pages
Delphi Examples
- Databases for Amazon shops developers
-
Amazon Categories Database
Browse Nodes Database
