...
To verify PKCS7 signature
There are ready-made tools available for most programming languages that can be used to verify PKCS7 signatures. Below is a small code example in C# that hopefully makes it clearer:
| Code Block |
|---|
private bool validateSignPKCS7(string toValidate)
{
byte[] fromCMSString = null;
SignedCms cms = null;
try
{
fromCMSString = Convert.FromBase64String(toValidate);
cms = new SignedCms();
cms.Decode(fromCMSString);
cms.CheckSignature(true);
}
catch (Exception u)
{
return false;
}
return true;
} |
The PKCS7 signature should contain the certificate of the person who is authenticating/signing. That certificate needs to be verified.