WinTrustSubjectCheckContentInfo
[New
- Windows NT]
The WinTrustSubjectCheckContentInfo
function verifies that a specified certificate adequately represents the
contents of the specified subject.
BOOL
WinTrustSubjectCheckContentInfo(
LPWIN_TRUST_SIP_SUBJECT lpSubject, |
// pointer to description of the subject |
LPWIN_CERTIFICATE lpSignedData |
// pointer to a certificate for the subject |
); |
|
Parameters
lpSubject
Pointer to a WIN_TRUST_SIP_SUBJECT
lpSignedData
Pointer to a
WIN_CERT_TYPE_PKCS_SIGNED_DATA type of WIN_CERTIFICATE
The SIP can
use information from the ContentInfo member of this PKCS #7 structure to
determine what must be verified about the subject. For example, a Portable Executable
(PE) image may include resource information and debug information in a digest
of the image. If it does, the SIP can find that information in the ContentInfo
member of the corresponding PKCS #7 Signed Data structure. The SIP should not
depend on the contents of the PKCS #7 structure other than the ContentInfo
member.
Return Values
If the
information in lpSignedData adequately represents the subject, the
return value is nonzero. Otherwise, the return value is zero.
Remarks
A trust
provider calls the WinTrustSubjectCheckContentInfo function to verify
that the signature in a certificate matches the contents of a specified
subject. The trust provider calls the WinTrust implementation of this function.
WinTrust then calls the WinTrustSubjectCheckContentInfo implementation
of the appropriate Subject Interface Package (SIP). The appropriate SIP is the
one registered to handle the type of subject specified by the lpSubject
parameter.
To verify a
signature, the trust provider first calls the WinTrustSubjectEnumCertificates
Each Subject
Interface Package (SIP) DLL must implement the WinTrustSubjectCheckContentInfo
function. WinTrust gets a pointer to the SIP s WinTrustSubjectCheckContentInfo
implementation when WinTrust calls the SIP s WinTrustSipInitialize
The SIP
implementation of WinTrustSubjectCheckContentInfo compares the
information in the PKCS #7 s ContentInfo member to information that it
retrieves from the subject identified by the lpSubject parameter. To do
this, the SIP generates new ContentInfo information from the subject, which it
then compares to the ContentInfo member of the PKCS #7 Signed Data structure.
The ContentInfo member contains a message digest of the subject that is
important in verifying the validity of the subject. Note that other information
in the ContentInfo member may not match the subject. For example, the name of
the file is not important because the name can change without affecting the
integrity of the subject.
The
LPWINTRUST_SUBJECT_CHECK_CONTENT_INFO type is a pointer to a WinTrustSubjectCheckContentInfo
function.
See Also