ASP.NET cryptography SHA-1 to SHA-2

Question

Currently, I have source code that is calling external web services that is using SHA-1 cryptography and i'm currently calling these external WS by the following

using System.Security.Cryptography.X509Certificates;
X509Certificate2 x509Certificate2 = new X509Certificate2("client.p12", "password"); 

and each time calling the WS I have to pass the variable as per below:

 WebserviceName.Timeout = 20000000;
 WebserviceName.PreAuthenticate = true;
 WebserviceName.ClientCertificates.Add(x509Certificate2);

Now, I was wondering if .NET framework 4.0 supports SHA-2.

Please advise if X509Certificate2 could be used for SHA-2 and/or any other resource that I could use for this upgrade.

Thank you.

Answer 1

X.509 certificates themselves do not specify which algorithm is to be used for signature generation / verification. An RSA public key can be used for any RSA based algorithm.

Certificates can however be signed with an algorithm that uses SHA-1 (usually PKCS#1 v1.5 signatures; PSS signatures usually use SHA-2 but both are compatible with SHA-1 and SHA-2). So you must make sure that your certificate itself isn't considered invalid if SHA-1 is not considered secure enough anymore.

SHA-2 has been supported by .NET for a long time (the SHA256 is even in 1.1), but it never hurts to test your configuration.