||SQL Server Tips by Gama and Naughter
MS CryptoAPI based Signing / Verification
Similar to asymmetric encryption, a public
key must first exist to perform signing. Once the CSP handle is
acquired, and similar to the hashing XP’s, a hash is created of the
data to sign using “CryptCreateHash”, and “CryptHashData”. Then the
“CryptSignHash” function is called which signs the hash. Parameters
to this function include the hash object, a handle to the public key
to use to create the signature and a buffer to container the
resultant signature. The resulting signature is then returned as an
output parameter in the XP.
For signature verification, the procedure is quite similar to the
signing step. The received message is hashed using “CryptCreateHash”
and CryptHashData”. Then the “CryptVerifyHash” function is called.
This takes the signature, the computed hash object, the signature
and the public key to use. This function decrypts the signature with
the public key, and compares the result with the computed hash of
the received data. The result of this function is a boolean value
that is returned as an output parameter in the XP.
The above book excerpt is from:
Turbocharge Database Performance with C++ External Procedures
Joseph Gama, P. J. Naughter