Community articleUFLVerifySignature function
Added by IBM contributorIBM on August 16, 2011
Rate this article 1 starsRate this article 2 starsRate this article 3 starsRate this article 4 starsRate this article 5 stars

No abstract provided.


This function verifies the correctness of the given digital signature. You supply the root of the form that contains the signature you want to verify. This function checks the following conditions:
  • The signature item contains mimedata.
  • The mimedata contains a hash value and signer certificate.
  • The signer certificate contains the same ID as that recorded in the signature item's signer option.
  • The signer certificate has not expired.
A plain text representation of the form (filtered by the signature item's filter) is constructed and the result is hashed. This hash value must match the hash value stored in the signature.


   r_short UFLVerifySignature(
      formNodeP theForm,
      formNodeP signatureItem,
      r_charP *theCertChain,
      r_short reportAsErrorsFlag,
      r_short *validSigStatusPtr


Table 1. Function parameters
theForm formNodePThe form containing the signature to verify.
signatureItemformNodePThe signature to verify.
theCertChainr_charP*Reserved. Must be NULL.
reportAsErrorsFlagr_shortSet to OK if you want errors about the signatures to be reported using the Error system or NOTOK if you want the error code to be returned through the validSigStatusPtr.
validSigStatusPtr r_short*A pointer to where to store whether the signature was valid. It will be set either to OK if the signature is valid or to an error code if the signature is invalid.


OK on success or NOTOK on failure.
Additionally, the validSigStatusPtr will contain one of the following values, depending on the status of the signature:
Table 2. return codes
UFL_DS_OKThe signature is verified.
UFL_DS_ALGORITHMUNAVAILABLEThe appropriate verification engine for the signature is not available.
UFL_DS_CERTEXPIREDThe certificate has expired.
UFL_DS_CERTNOTFOUNDThe certificate cannot be located.
UFL_DS_CERTNOTTRUSTEDThe certificate is not trusted.
UFL_DS_CERTREVOKEDThe certificate has been revoked.
UFL_DS_CRLINVALIDThe certificate revocation list is invalid.
UFL_DS_F2MATCHSIGNERThe certificate does not match the signer's name.
UFL_DS_HASHCOMPFAILEDThe document has been tampered with.
UFL_DS_ISSUERCERTEXPIREDThe issuer's certificate has expired.
UFL_DS_ISSUERINVALIDThe issuer is invalid for the certificate used to sign.
UFL_DS_ISSUERKEYUSAGE UNACCEPTABLEThe issuer certificate's key usage extension does not match what the key was used for.
UFL_DS_ISSUERNOTCAThe certificate's issuer is not a Certificate Authority.
UFL_DS_ISSUERNOTFOUNDThe issuer's certificate was not located.
UFL_DS_ISSUERSIGFAILEDVerification of the issuer's certificate failed.
UFL_DS_KEYREVOKEDThe key used to create the signature has been revoked.
UFL_DS_KEYUSAGEUNACCEPTABLEThe certificate's key usage extension does not match what the key was used for.
UFL_DS_KRLINVALIDThe Key Revocation List is invalid.
UFL_DS_NOSIGNATUREThere is no signature.
UFL_DS_NOTAUTHENTICATEDThe signer cannot be authenticated.
UFL_DS_POLICYUNACCEPTABLEThe certificate's policy extension does not match the acceptable policies.
UFL_DS_SIGNATUREALTEREDThe signature has been tampered with.
UFL_DS_UNEXPECTEDAn unexpected error occurred.
UFL_DS_UNVERIFIABLEThe signature cannot be verified.


In the following example, UFLDereferenceEx is used to locate a signature node. UFLVerifySignature is then used to determine whether or not the signature is valid. If the signature is not valid, a message is printed.
   r_error checkSignature(formNodeP form)
   formNodeP tempNode;
   r_error error;
   r_charP certChain;
   r_short validFlag;
      if ((tempNode = UFLDereferenceEx(form, NULL, "PAGE1.SIGNATURE", 0,
         fprintf(stderr, "Could not locate SIGNATURE node.\n");
      error = UFLVerifySignature(form, tempNode, &certChain, OK,
      if (error != OK)
         fprintf(stderr, "UFLVerifySignature error %hd.\n", error);
/* Report an additional error if the signature is not valid. */
      if (validFlag == NOTOK)
         fprintf(stderr, "Not all signatures are valid.\n");
/* Free the memory associated with the chain of issuance. */

Parent topic:
FormNodeP functions