Community articleVerifySignature function
Added by IBM contributorIBM on May 2, 2012
Rate this article 1 starsRate this article 2 starsRate this article 3 starsRate this article 4 starsRate this article 5 stars

No abstract provided.


This function verifies the correctness of the given digital signature. You supply the root of the form that contains the signature you want to verify. This function checks the following conditions:
  • The signature item contains mimedata.
  • The mimedata contains a hash value and signer certificate.
  • The signer certificate contains the same ID as that recorded in the signature item's signer option.
  • The signer certificate has not expired.
A plain text representation of the form (filtered by the signature item's filter) is constructed and the result is hashed. This hash value must match the hash value stored in the signature.


   Function VerifySignature(
      signatureItem As IFormNodeP, 
      theCertChain As String, 
      reportAsErrorsFlag As Boolean
     ) As Integer


Table 1. Function parameters
signatureItemIFormNodePThe signature to verify.
theCertChainStringReserved. Must be null.
reportAsErrorsFlagBooleanSet to True if you want errors about the signatures to be reported by throwing an exception or False if you want the error code to be returned through the return value.


A Long having one of the following values, depending on the status of the signature:
Table 2. return codes
UFL_DS_OKThe signature is verified.
UFL_DS_ALGORITHMUNAVAILABLEThe appropriate verification engine for the signature is not available.
UFL_DS_CERTEXPIREDThe certificate has expired.
UFL_DS_CERTNOTFOUNDThe certificate cannot be located.
UFL_DS_CERTNOTTRUSTEDThe certificate is not trusted.
UFL_DS_CERTREVOKEDThe certificate has been revoked.
UFL_DS_CRLINVALIDThe certificate revocation list is invalid.
UFL_DS_F2MATCHSIGNERThe certificate does not match the signer's name.
UFL_DS_HASHCOMPFAILEDThe document has been tampered with.
UFL_DS_ISSUERCERTEXPIREDThe issuer's certificate has expired.
UFL_DS_ISSUERINVALIDThe issuer is invalid for the certificate used to sign.
UFL_DS_ISSUERKEYUSAGE UNACCEPTABLEThe issuer certificate's key usage extension does not match what the key was used for.
UFL_DS_ISSUERNOTCAThe certificate's issuer is not a Certificate Authority.
UFL_DS_ISSUERNOTFOUNDThe issuer's certificate was not located.
UFL_DS_ISSUERSIGFAILEDVerification of the issuer's certificate failed.
UFL_DS_KEYREVOKEDThe key used to create the signature has been revoked.
UFL_DS_KEYUSAGEUNACCEPTABLEThe certificate's key usage extension does not match what the key was used for.
UFL_DS_KRLINVALIDThe Key Revocation List is invalid.
UFL_DS_NOSIGNATUREThere is no signature.
UFL_DS_NOTAUTHENTICATEDThe signer cannot be authenticated.
UFL_DS_POLICYUNACCEPTABLEThe certificate's policy extension does not match the acceptable policies.
UFL_DS_SIGNATUREALTEREDThe signature has been tampered with.
UFL_DS_UNEXPECTEDAn unexpected error occurred.
UFL_DS_UNVERIFIABLEThe signature cannot be verified.

If the signature is not valid and the reportAsErrorsFlag is True, an exception is thrown. On error, the function throws an exception.


The following function checks to see the signature in the form is valid. First, the function uses DereferenceEx to locate the signature button. It then uses GetLiteralByRefEx to get the name of the signature item, and uses another DereferenceEx to locate that item. Next, it uses VerifySignature to determine whether the signature is valid. If so, it return the string "Valid". If not, it uses DeleteSignature to delete the signature and returns the string "Invalid".
   Function CheckSignature(Form)
      Dim TempNode, SigNode  ' objects
      Dim SigStatus  ' Integer
      Dim SigItemRef  ' Strings
      Set TempNode = Form
      ' Get the SignatureButton node
      Set TempNode = TempNode.DereferenceEx(vbNullString, _
         "PAGE1.SignatureButton", 0, UFL_ITEM_REFERENCE, Nothing)
      ' Get a reference to the signature item from the signature option
      SigItemRef = TempNode.GetLiteralByRefEx(vbNullString, "signature", _
         0, vbNullString, Nothing)
      ' Get the signature item node
      Set SigNode = TempNode.DereferenceEx(vbNullString, SigItemRef, 0, _
         UFL_ITEM_REFERENCE, Nothing)
      ' Verify the signature
      SigStatus = Form.VerifySignature(SigNode, vbNullString, False)
      ' If the signature is not verified, then delete the signature and set
      ' the return code to "Invalid".  Otherwise, set the return code to
      ' "Valid".
      If (Not(SigStatus = UFL_DS_OK)) Then
         TempNode.DeleteSignature SigNode
         CheckSignature = "Invalid"
         CheckSignature = "Valid"
      End If
   End Function

Parent topic:
FormNodeP functions