Generating DSS Signatures

To sign data, it must first be hashed using the SHA algorithm. Then a DSS signature is generated by calling CryptSignHash. The steps necessary for this are shown in the following procedure.

    To generate a DSS signature

1. Call CryptAcquireContext to get a pointer to the Microsoft DSS Cryptographic Provider.
2. Call CryptCreateHash with the Algid argument set to CALG_SHA to get a pointer to an SHA hash object.
3. Call CryptHashData with the hHash argument set to the pointer retrieved in the previous step. This creates a hash of the data and returns a handle to the hash in the phHash argument of the CryptCreateHash function call.
4. Call CryptSignHash with the hHash argument set to the handle retrieved in the previous step. Either AT_SIGNATURE or CALG_DSS_SIGN may be passed in the dwKeySpec parameter. The signature is returned to the address provided in the pbSignature argument and the length of the signature is returned to the address provided in the pcbSignature argument. A NULL pointer may be passed in the pbSignature argument, and in this case the signature is not generated, but the length of the signature is returned to the address provided in the pcbSignature parameter.