Discuss this help topic in SecureBlackbox Forum

Validate CMS signature

Validating signatures with CMS components (TElSignedCMSMessage and TElCMSSignature) is performed for each signature separately. Each signature can be validated independently from the others included in the same CMS message; the validity of a particular signature does not affect the validity of the others — the same CMS can contain both valid and invalid signatures.

To validate a signature, use its Validate() method. Use one of the following overloads according to your needs:

TSBCMSSignatureValidity Validate();
TSBCMSAdvancedSignatureValidity Validate(TSBCMSValidationOptions options);
TSBCMSAdvancedSignatureValidity Validate(TElX509CertificateValidator validator, TSBCMSValidationOptions options);

The first, parameterless Validate() method validates integrity of the signature and returns one of the following self-explaining enum elements: csvValid, csvInvalid, csvSignerNotFound, or csvGeneralFailure. Note, that this method does not perform any certificate chain validation. You have to perform it separately. No timestamps are validated either.

The second and third methods accept an options object, and return a more detailed validity information in the TSBCMSAdvancedSignatureValidity enum. The third method also allows to pass a TElX509CertificateValidator object in, to perform internal certificate validation.

Example:

TElCMSSignature sig = cms.get_Signatures(0);

if (sig.Validate() == TSBCMSSignatureValidity.csvValid)
{
  MessageBox.Show("The signature is valid");
}

How To articles about Cryptographic Message Syntax (CMS)

Discuss this help topic in SecureBlackbox Forum