The CryptHashCertificate function hashes the entire encoded content, including the signature.
#include <wincrypt.h>
BOOL WINAPI CryptHashCertificate(
HCRYPTPROV hCryptProv, // in
ALG_ID Algid, // in
DWORD dwFlags, // in
const BYTE *pbEncoded, // in
DWORD cbEncoded, // in
BYTE *pbComputedHash, // out
DWORD *pcbComputedHash // in, out
);
Unless there is a strong reason for passing in a specific cryptographic provider in hCryptProv, zero should be passed in. Passing in zero causes the default RSA or DSS provider to be acquired before doing hash, signature verification or recipient encryption operations.
This parameter can be NULL to set the size of this information for memory allocation purposes. For more information, see Common In/Out Parameter Conventions.
Note When processing the data returned in the buffer, applications need to use the actual size of the data returned. The actual size may be slightly smaller than the size of the buffer specified on input. (On input, buffer sizes are usually specified large enough to insure that the largest possible output data will fit in the buffer.) On output, the variable pointed to by this parameter is updated to reflect the actual size of the data copied to the buffer.
TRUE if the function succeeded, FALSE if the function failed.
Call GetLastError to see the reason for any failures. Note that errors from the called functions CryptCreateHash, CryptGetHashParam and CryptHashData may be propagated to this function.
// EXAMPLE CODE FOR USING CryptHashCertificate() to
// hash a certificate for which a certificate context has already
// been obtained (pCertContext).
PCCERT_CONTEXT pCertContext; // Initialized elsewhere
// First, get a cryptographic provider.
HCRYPTPROV hCryptProv = NULL; // Handle returned here
BOOL fReturn = FALSE;
fReturn = CryptAcquireContext(
&hCryptProv, // Address for handle to be returned.
NULL, // Use the current user's logon name.
NULL, // Use the default provider.
PROV_RSA_FULL, // Need to do both encrypt & sign.
NULL); // No flags needed.
if(TRUE != fReturn)
printf("Couldn't Get a Cryptographic Provider");
// If the function succeeded, the handle to the cryptographic
// provider resides at hCryptProv.
DWORD maxSHAhashlen = 20; // The max size hash for SHA is 20 bytes.
BYTE * pbComputedHash; // Buffer pointer.
// Allocate the memory for the computed hash.
pbComputedHash = (BYTE *)malloc(maxSHAhashlen );
// Hash the certificate using SHA for the hashing algorithm.
fReturn = CryptHashCertificate(hCryptProv, CALG_SHA, 0,
pCertContext->pbCertEncoded,
pCertContext->cbCertEncoded,
pbComputedHash , &maxSHAhashlen );
// Use the hash as desired…
// Free memory allocated when through.
free(pbComputedHash);
// Note : An alternate way of obtaining the CALG_SHA hash is to
// make a call to CertGetCertificateContextProperty specifying
// CERT_SHA1_HASH_PROP_ID which calculates the hash if it has not
// already been calculated. If it already has been calculated,
// a throughput benefit is realized.
Windows NT: Requires version 4.0 SP3 or later. Available also in IE 3.02 and later.
Windows: Requires Windows 98 (or Windows 95 with IE 3.02 or later).
Windows CE: Unsupported.
Header: Declared in wincrypt.h.
Import Library: Use crypt32.lib.
CryptHashPublicKeyInfo, CryptHashToBeSigned