证书的数字签名和认证

win32 console程序

#include "stdafx.h"
#include <malloc.h>
#include <windows.h>
#include <wincrypt.h>

#define MY_TYPE (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING)

/*
Ö¤ÊéÖ÷ÌâÃû
*/
#define  SIGNER_NAME L"yangsheng"

#define  CERT_STORE_NAME L"MY"
void HandleError(char* s);

int main(int argc, char* argv[])
{
 HCERTSTORE hStoreHandle; file://ϵͳ¾ä±ú
 file://ҪǩÃûµÄÏûÏ¢
 BYTE* pbMessage = (BYTE*)"Need sign message";
 //
 DWORD cbMessage = strlen((char*)pbMessage)+1;
 PCCERT_CONTEXT pSignerCert; file://Ö¸ÏòÇ©ÃûÖ¤ÊéµÄÖ¸Õë

 CRYPT_SIGN_MESSAGE_PARA SigParams;
 DWORD cbSignedMessageBlob;
 BYTE* pbSignedMessageBlob;                                                                                         

 const BYTE* MessageArray[] = {pbMessage};
 DWORD MessageSizeArray[1];
 MessageSizeArray[0] = cbMessage;

 file://start sign .....
 printf("raw message....\n");
 printf("%s\n",pbMessage);

 //
 if(!(hStoreHandle = CertOpenStore(CERT_STORE_PROV_SYSTEM,0,NULL,CERT_SYSTEM_STORE_CURRENT_USER, CERT_STORE_NAME)))
 {
  printf("open cert store failed!");
 }

 file://Get sign cert pointer
 if(pSignerCert = CertFindCertificateInStore(hStoreHandle,MY_TYPE,0,CERT_FIND_SUBJECT_STR,SIGNER_NAME,NULL))
 {
  printf("find a cert ok.....\n");
 }
 else
 {
  printf("cann't look a cert!\n");
 }
 
 file://sign struct initialize
 SigParams.cbSize = sizeof(CRYPT_SIGN_MESSAGE_PARA);
 SigParams.dwMsgEncodingType = MY_TYPE;
 SigParams.pSigningCert = pSignerCert;
 SigParams.HashAlgorithm.pszObjId = szOID_RSA_MD5;
 SigParams.HashAlgorithm.Parameters.cbData = NULL;
 SigParams.cMsgCert = 1;
 SigParams.rgpMsgCert = &pSignerCert;
 SigParams.cAuthAttr = 0;
 SigParams.dwInnerContentType = 0;
 SigParams.cMsgCrl = 0;
 SigParams.cUnauthAttr = 0;
 SigParams.dwFlags = 0;
 SigParams.pvHashAuxInfo = NULL;
 SigParams.rgAuthAttr = NULL;

 //
 if(CryptSignMessage(&SigParams,FALSE,1,MessageArray,MessageSizeArray,NULL,&cbSignedMessageBlob))
 {
  printf("sign after size %d\n",cbSignedMessageBlob);
 }
 
 //
 if(!(pbSignedMessageBlob = (BYTE*)malloc(cbSignedMessageBlob)))
 {
  printf("alloc failed!\n");
 }
 //
 if(CryptSignMessage(&SigParams,FALSE,1,MessageArray,MessageSizeArray,pbSignedMessageBlob,&cbSignedMessageBlob))
 {
  printf("sign successful!!\n");
 }

 /*
  verify sign
 */
 DWORD cbDecodeMessageBlob;
 BYTE* pbDecodeMessageBlob;
 
 CRYPT_VERIFY_MESSAGE_PARA verifyParams;
 
 verifyParams.cbSize = sizeof(CRYPT_VERIFY_MESSAGE_PARA);
 verifyParams.dwMsgAndCertEncodingType = MY_TYPE;
 verifyParams.hCryptProv = 0;
 verifyParams.pfnGetSignerCertificate = NULL;
 verifyParams.pvGetArg = NULL;

 if(CryptVerifyMessageSignature(&verifyParams,0,pbSignedMessageBlob,cbSignedMessageBlob,NULL,&cbDecodeMessageBlob,NULL))
 {
  printf("total buffer%d\n",cbDecodeMessageBlob);
 }

 if(!(pbDecodeMessageBlob = (BYTE*)malloc(cbDecodeMessageBlob)))
 {
  printf("alloc failed!\n");
 }
 if(CryptVerifyMessageSignature(&verifyParams,0,pbSignedMessageBlob,cbSignedMessageBlob,pbDecodeMessageBlob,&cbDecodeMessageBlob,NULL))
 {
  printf("verify message:\n%s\n",(char*)pbDecodeMessageBlob);
 }
 /*
 some release operation........
 */
 if(pbSignedMessageBlob)
  free(pbSignedMessageBlob);

 if(pbDecodeMessageBlob)
  free(pbDecodeMessageBlob);

 if(pSignerCert)
  CertFreeCertificateContext(pSignerCert);

 if(CertCloseStore(hStoreHandle,CERT_CLOSE_STORE_CHECK_FLAG))
 {
  printf("all release...\n");
 }
 else
 {
  printf(".......");
 }
 return 0;
}