Share via


CryptographicEngine.VerifySignature Method

Definition

Verifies a message signature.

public:
 static bool VerifySignature(CryptographicKey ^ key, IBuffer ^ data, IBuffer ^ signature);
 static bool VerifySignature(CryptographicKey const& key, IBuffer const& data, IBuffer const& signature);
public static bool VerifySignature(CryptographicKey key, IBuffer data, IBuffer signature);
function verifySignature(key, data, signature)
Public Shared Function VerifySignature (key As CryptographicKey, data As IBuffer, signature As IBuffer) As Boolean

Parameters

key
CryptographicKey

Key used for verification. This must be the same key previously used to sign the message.

data
IBuffer

Message to be verified.

signature
IBuffer

Signature previously computed over the message to be verified.

Returns

Boolean

bool

true if the message is verified.

Examples

public void SampleVerifyHMAC(
    IBuffer buffMsg,
    CryptographicKey hmacKey,
    IBuffer buffHMAC)
{
    // The input key must be securely shared between the sender of the HMAC and 
    // the recipient. The recipient uses the CryptographicEngine.VerifySignature() 
    // method as follows to verify that the message has not been altered in transit.
    Boolean IsAuthenticated = CryptographicEngine.VerifySignature(hmacKey, buffMsg, buffHMAC);
    if (!IsAuthenticated)
    {
        throw new Exception("The message cannot be verified.");
    }
}

Remarks

To sign content, the sender typically creates a hash over the message, signs (encrypts) the hash, and then sends both the signature and the unencrypted message. The recipient uses the same key and algorithm to calculate a hash over the message, decrypts the signature, and compares the decrypted signature to the hash value. If they match, the recipient can be fairly certain that the message did, in fact, come from the sender and was not altered during transmission. For more information, see MACs, hashes, and signatures.

Applies to