stackoom
  简体   繁体   中英

Digital sign From SHA1 to SHA256

 原文  2011-04-18 15:04:49       c#/ sign

Question

I'm trying to update a function that performs a digital signature, I want to switch from SHA1 SHA256 this is the current function: 

private byte[] zSignData(Byte[] msg, X509Certificate2 signerCert)
{
    ContentInfo contentInfo = new ContentInfo(msg);
    SignedCms signedCms = new SignedCms(contentInfo, false);
    CmsSigner cmsSigner = new CmsSigner(signerCert);

    cmsSigner.DigestAlgorithm = new Oid("1.3.14.3.2.26"); //SHA1

    signedCms.ComputeSignature(cmsSigner, false);

    return signedCms.Encode();
}

this function work well

To update to SHA256, I changed 

cmsSigner.DigestAlgorithm = new Oid("1.3.14.3.2.26"); //SHA1

with 

cmsSigner.DigestAlgorithm = new Oid("2.16.840.1.101.3.4.2.1");//SHA256

but at 

signedCms.ComputeSignature(cmsSigner, false);

I get the following exception

System.Security.Cryptography.CryptographicException Message=There was an internal error.

Someone has a suggestion?

I work with VS2010 Professional 64 and win7 professional 64

2 answers

solution1
 4  2012-09-06 10:35:52

i believe there is a typo bug in CAPIBase: 

internal const string szOID_OIWSEC_SHA256 = "2.16.840.1.101.3.4.1";
internal const string szOID_OIWSEC_SHA384 = "2.16.840.1.101.3.4.2";
internal const string szOID_OIWSEC_SHA512 = "2.16.840.1.101.3.4.3";

should be: 

internal const string szOID_OIWSEC_SHA256 = "2.16.840.1.101.3.4.2.1";
internal const string szOID_OIWSEC_SHA384 = "2.16.840.1.101.3.4.2.2";
internal const string szOID_OIWSEC_SHA512 = "2.16.840.1.101.3.4.2.3";

more discussion on this is here:

blogs.msdn.com/b/alejacma/archive/2012/08/02/10018922.aspx

Todd, what makes you believe that OID 2.16.840.1.101.3.4.2.1 is not SHA256? What is the correct OID then?

solution2
 0  2012-03-16 16:04:51

You are specifying the wrong OID -that OID is for NULL signed blobs. For an RSA signed blob, you need to use 1.2.840.113549.1.1.5 sha1RSA.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Digital sign with sha256 with c# How to update manifest from sha1 to sha256? convert signature algorithm from sha1 to sha256 in c# Decrypt from SHA256 Sign text in C# with SHA256 Hashes (MD5, SHA1, SHA256, SHA384, SHA512) - why isn't it possible to get the value back from the hash? Can RSACryptoServiceProvider (.NET's RSA) use SHA256 for encryption (not signing) instead of SHA1? .Net 4.0 C# When loading SHA256 key SignatureAlgorithm changes to SHA1 How to sign and verify an ECDSA with SHA256 signature in C# Bouncy Castle Sign and Verify SHA256 Certificate With C#
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM