See https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptsignmessage
C++
BOOL CryptSignMessage(
PCRYPT_SIGN_MESSAGE_PARA pSignPara,
BOOL fDetachedSignature,
DWORD cToBeSigned,
const BYTE * [] rgpbToBeSigned,
DWORD [] rgcbToBeSigned,
BYTE *pbSignedBlob,
DWORD *pcbSignedBlob
);
Parameters
pSignPara
A pointer to
CRYPT_SIGN_MESSAGE_PARA structure containing the signature parameters.
fDetachedSignature
TRUE if this is to be a detached signature. Otherwise,
FALSE. If this parameter is set to
TRUE, only the signed hash is encoded in
pbSignedBlob. Otherwise, both
rgpbToBeSigned and the signed hash are encoded.
cToBeSigned
Count of the number of array elements in
rgpbToBeSigned and
rgcbToBeSigned. This parameter must be set to one unless
fDetachedSignature is set to
TRUE.
rgpbToBeSigned
Array of pointers to buffers that contain the contents to be signed.
rgcbToBeSigned
Array of sizes, in bytes, of the content buffers pointed to in
rgpbToBeSigned.
pbSignedBlob
A pointer to a buffer to receive the encoded signed hash, if
fDetachedSignature is
TRUE, or to both the encoded content and signed hash if
fDetachedSignature is
FALSE.
This parameter can be
NULL to set the size of this information for memory allocation purposes. For more information, see
Retrieving Data of Unknown Length.
pcbSignedBlob
A pointer to a
DWORD specifying the size, in bytes, of the
pbSignedBlob buffer. When the function returns, this variable contains the size, in bytes, of the signed and encoded message.
Note When processing the data returned,
applications must use the actual size of the data returned. The actual
size can be slightly smaller than the size of the buffer specified on
input. (On input, buffer sizes are usually specified large enough to
ensure that the largest possible output data will fit in the buffer.) On
output, the variable pointed to by this parameter is updated to reflect
the actual size of the data copied to the buffer.
Return value
If the function succeeds, the return value is nonzero (
TRUE).
If the function fails, the return value is zero (
FALSE).
For extended error information, call
GetLastError.
The following lists the error codes most commonly returned by the
GetLastError function.
If the function fails,
GetLastError may return an
Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information about these errors, see
ASN.1 Encoding/Decoding Return Values.