|Applies To||RSA BSAFE Cert-C|
|Issue||Reading a PKCS #7 signed data, determine whether the signature on the message was valid or the signer's cert was valid.|
When I call C_ReadSignedDataMsg with the CMS flag of CMSF_NONE is the function supposed to return E_NOT_FOUND if it cannot validate the signature?
Or does it put the "untrusted signer" in the list object and return a zero status?
What error should it return if it cannot validate the signature?
|Resolution||It will return E_NOT_FOUND if it can't locate the signer's cert in either the message itself, or in the database SERVICE, or in any registered database providers.|
It puts it in the "untrusted signer" category if it's found the cert, verified the signature on the message, but could not construct a chain from the signer's cert to a trusted cert.
If it can't validate the signature on the PKCS #7 message, it should return 0x725 (E_VERIFY_ASN_SIGNATURE).
|Legacy Article ID||a4878|