.Net 4.0 C＃加载SHA256密钥时SignatureAlgorithm更改为SHA1

Question

I'm struggling with this now a whole week and hope someone could help me out.

I need to sign xml using SHA256 and xmldsig. For this I use the SignedXML Class. When looking into this class I see it uses the SignatureAlgorithm value of the loaded key to determine what Hashing type to use.

No matter how I load the key(via cert store of via loading cert file) it will show SHA1 as SignatureAlgorithm. When I look up the details of my Certificate in the MMC cert store, it shows SHA256 as SignatureAlgorithm.

I tried both openssl and makecert to generate a SHA256 cert key, but both will load as SHA1 in .Net And so signedXml.ComputeSignature(); will use SHA1 as a SignatureMethod

.Net 4.0 should support SHA256 right?

Answer 1

Found out that I was probably using the wrong class.

Instead of Microsoft.Web.Services.Security.SignedXml of should use System.Security.Cryptography.Xml.SignedXml. The latter doesn't use the SignatureAlgorithm of the used key to determine what Algorithm to use. Now I can set the Algorithm myself with 'SignedXml.SignedInfo.SignatureMethod' and use a SHA1 key.

Answer 2

You have to declare a KeyedHashAlgorithm object and pass a string corresponding to SHA256 (documentation here ).

The corresponding string for SHA256 is HMACSHA256

Then pass this object to the ComputeSignature method.

The code should be as follows:
KeyedHashAlgorithm kha = KeyedHashAlgorithm.Create("HMACSHA256"); signedXml.ComputeSignature(kha);