Sign method

Description

The Sign method digitally signs data from memory and returns a digital signature. It can digitally sign data in a single call, or it can be called multiple times to digitally sign data in a streaming fashion.

Upon successful completion, this method will place the resulting digital signature in the Signature property.

The Sign method uses the SHA-1 hash function to produce a 160-bit hash value which is then encrypted with the RSA encryption algorithm using the Private Key specified in the PrivateKey property. Extra processing is applied to increase security, as indicated in the "remarks" section below.

Parameters

Parameter	Description
vaSource	The data to sign. All OLE automation variant types are supported, including string and byte array variants.
bEndOfData	This parameter indicates to the library whether or not there is more data to sign. If you only have a single block of data to sign, set this parameter to True. The library will then immediately produce and return a digital signature for the data provided in the vaSource parameter. If you can only provide a portion of the data to sign in the vaSource parameter and will provide more data later in a subsequent call to the Sign method, set this parameter to False. When the final portion of the data to Sign has been provided, set the bEndOfData parameter to True. The method will then place the digital signature for all the data provided into the Signature property.

Parameter

Description

vaSource

The data to sign. All OLE automation variant types are supported, including string and byte array variants.

bEndOfData

This parameter indicates to the library whether or not there is more data to sign.

If you only have a single block of data to sign, set this parameter to True. The library will then immediately produce and return a digital signature for the data provided in the vaSource parameter.

If you can only provide a portion of the data to sign in the vaSource parameter and will provide more data later in a subsequent call to the Sign method, set this parameter to False. When the final portion of the data to Sign has been provided, set the bEndOfData parameter to True. The method will then place the digital signature for all the data provided into the Signature property.

Return value

None

Associated properties

The PrivateKey property must contain a Private Key. The strength of the key pair that the Private Key belongs to must be at least 362-bits (which is a weak key).

Remarks

When calling the Sign method with the bEndOfData parameter specified as False, you cannot call any other Xceed Encryption control method (of the same instance of the control) until you have completed processing a stream of data by calling the Sign method with the bEndOfData parameter specified as True, or an error occurs, or the Reset method is called.

The digital signature process is slightly more complicated than described in the introduction above. The Xceed Encryption Library uses the RSA OAEP method to sign data. This algorithm has various improvements and it also takes extra steps in order to make it secure to use the same key pair for encryption and for digital signing. However, we still strongly recommend that the key pair be different.

Declaration (DXceedEncryption)	Copy Code
`HRESULT Sign( [in] VARIANT* vaSource, [in] VARIANT_BOOL bEndOfData )`

Declaration (IXceedEncryption)	Copy Code
`HRESULT Sign( [size_is][in] BYTE* pcSource, [in] DWORD dwSourceSize, [in] BOOL bEndOfData )`