I'm trying to update a function that performs a digital signature, I want to switch from SHA1 SHA256 this is the current function:
private byte[] zSignData(Byte[] msg, X509Certificate2 signerCert)
{
ContentInfo contentInfo = new ContentInfo(msg);
SignedCms signedCms = new SignedCms(contentInfo, false);
CmsSigner cmsSigner = new CmsSigner(signerCert);
cmsSigner.DigestAlgorithm = new Oid("1.3.14.3.2.26"); //SHA1
signedCms.ComputeSignature(cmsSigner, false);
return signedCms.Encode();
}
this function work well
To update to SHA256, I changed
cmsSigner.DigestAlgorithm = new Oid("1.3.14.3.2.26"); //SHA1
with
cmsSigner.DigestAlgorithm = new Oid("2.16.840.1.101.3.4.2.1");//SHA256
but at
signedCms.ComputeSignature(cmsSigner, false);
I get the following exception
System.Security.Cryptography.CryptographicException Message=There was an internal error.
Someone has a suggestion?
I work with VS2010 Professional 64 and win7 professional 64
i believe there is a typo bug in CAPIBase:
internal const string szOID_OIWSEC_SHA256 = "2.16.840.1.101.3.4.1";
internal const string szOID_OIWSEC_SHA384 = "2.16.840.1.101.3.4.2";
internal const string szOID_OIWSEC_SHA512 = "2.16.840.1.101.3.4.3";
should be:
internal const string szOID_OIWSEC_SHA256 = "2.16.840.1.101.3.4.2.1";
internal const string szOID_OIWSEC_SHA384 = "2.16.840.1.101.3.4.2.2";
internal const string szOID_OIWSEC_SHA512 = "2.16.840.1.101.3.4.2.3";
more discussion on this is here:
blogs.msdn.com/b/alejacma/archive/2012/08/02/10018922.aspx
Todd, what makes you believe that OID 2.16.840.1.101.3.4.2.1 is not SHA256? What is the correct OID then?
You are specifying the wrong OID -that OID is for NULL signed blobs. For an RSA signed blob, you need to use 1.2.840.113549.1.1.5 sha1RSA.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.