ComponentSpace

Forums



SHA-256 and Cryptographic Service Provider Types


SHA-256 and Cryptographic Service Provider Types

Author
Message
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
SHA-256, SHA-384 and SHA-512 XML signatures require the Microsoft Enhanced RSA and AES Cryptographic Provider. This provider's type is 24.
More details about cryptographic service providers (CSPs) and their capabilities may be found at:
https://msdn.microsoft.com/en-us/library/windows/desktop/bb931357(v=vs.85).aspx
The following code displays various information about an X.509 certificate and its associated private key.

var x509Certificate = new X509Certificate2("test.pfx", "password", X509KeyStorageFlags.Exportable);
Console.WriteLine(x509Certificate.ToString(true));

The output includes information about the cryptographic provider.
The following output shows the Microsoft Enhanced RSA and AES Cryptographic Provider (type 24) is used and this private key may be used to generate SHA-256, SHA-384 and SHA-512 XML signatures.

[Private Key]
  Key Store: User
  Provider Name: Microsoft Enhanced RSA and AES Cryptographic Provider
  Provider type: 24
  Key Spec: Exchange
  Key Container Name:
  Hardware Device: False
  Removable: False

By comparison, the following output is for a private key that doesn't support SHA-256 XML signatures although it may be used to generate SHA-1 XML signatures.

[Private Key]
  Key Store: User
  Provider Name: Microsoft Strong Cryptographic Provider
  Provider type: 1
  Key Spec: Exchange
  Key Container Name:
  Hardware Device: False
  Removable: False


Regards
ComponentSpace Development
manish khandelwal
manish khandelwal
New Member
New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)

Group: Awaiting Activation
Posts: 1, Visits: 9
ComponentSpace - 7/11/2015
SHA-256, SHA-384 and SHA-512 XML signatures require the Microsoft Enhanced RSA and AES Cryptographic Provider. This provider's type is 24.
More details about cryptographic service providers (CSPs) and their capabilities may be found at:
https://msdn.microsoft.com/en-us/library/windows/desktop/bb931357(v=vs.85).aspx
The following code displays various information about an X.509 certificate and its associated private key.

var x509Certificate = new X509Certificate2("test.pfx", "password", X509KeyStorageFlags.Exportable);
Console.WriteLine(x509Certificate.ToString(true));

The output includes information about the cryptographic provider.
The following output shows the Microsoft Enhanced RSA and AES Cryptographic Provider (type 24) is used and this private key may be used to generate SHA-256, SHA-384 and SHA-512 XML signatures.

[Private Key]
  Key Store: User
  Provider Name: Microsoft Enhanced RSA and AES Cryptographic Provider
  Provider type: 24
  Key Spec: Exchange
  Key Container Name:
  Hardware Device: False
  Removable: False

By comparison, the following output is for a private key that doesn't support SHA-256 XML signatures although it may be used to generate SHA-1 XML signatures.

[Private Key]
  Key Store: User
  Provider Name: Microsoft Strong Cryptographic Provider
  Provider type: 1
  Key Spec: Exchange
  Key Container Name:
  Hardware Device: False
  Removable: False

Do we need anything at the verification side as well? So after generating signature with provider type 24 Is there any setting required at signature verification party? 
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
No. This shouldn't have any impact on the partner site verifying the signatures. No changes are made to the private or public key. The cryptographic service provider type is a separate property stored in the PFX file.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 1 query. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search