||SQL Server Tips by Gama and Naughter
MS CryptoAPI based Signing / Verification
Similar to asymmetric encryption, a public key must first exist to
perform signing. Once the CSP handle is acquired, and similar to the
hashing XP’s, a hash is created of the data to sign using “CryptCreateHash”,
and “CryptHashData”. Then the “CryptSignHash” function is called
which signs the hash. Parameters to this function include the hash
object, a handle to the public key to use to create the signature
and a buffer to container the resultant signature. The resulting
signature is then returned as an output parameter in the XP.
For signature verification, the procedure is quite similar to the
signing step. The received message is hashed using “CryptCreateHash”
and CryptHashData”. Then the “CryptVerifyHash” function is called.
This takes the signature, the computed hash object, the signature
and the public key to use. This function decrypts the signature with
the public key, and compares the result with the computed hash of
the received data. The result of this function is a boolean value
that is returned as an output parameter in the XP.
The above book excerpt is from:
Turbocharge Database Performance with C++ External Procedures
Joseph Gama, P. J. Naughter