1. 技术文章
  2. Digital sign From SHA1 to SHA256

Digital sign From SHA1 to SHA256

南笙酒味 提交于 2019-12-11 03:23:42

问题


I'm trying to update a function that performs a digital signature, I want to switch from SHA1 SHA256 this is the current function:

private byte[] zSignData(Byte[] msg, X509Certificate2 signerCert)
{
    ContentInfo contentInfo = new ContentInfo(msg);
    SignedCms signedCms = new SignedCms(contentInfo, false);
    CmsSigner cmsSigner = new CmsSigner(signerCert);

    cmsSigner.DigestAlgorithm = new Oid("1.3.14.3.2.26"); //SHA1

    signedCms.ComputeSignature(cmsSigner, false);

    return signedCms.Encode();
}

this function work well

To update to SHA256, I changed

cmsSigner.DigestAlgorithm = new Oid("1.3.14.3.2.26"); //SHA1

with

cmsSigner.DigestAlgorithm = new Oid("2.16.840.1.101.3.4.2.1");//SHA256

but at

signedCms.ComputeSignature(cmsSigner, false);

I get the following exception

System.Security.Cryptography.CryptographicException Message=There was an internal error.

Someone has a suggestion?

I work with VS2010 Professional 64 and win7 professional 64


回答1:


i believe there is a typo bug in CAPIBase:

internal const string szOID_OIWSEC_SHA256 = "2.16.840.1.101.3.4.1";
internal const string szOID_OIWSEC_SHA384 = "2.16.840.1.101.3.4.2";
internal const string szOID_OIWSEC_SHA512 = "2.16.840.1.101.3.4.3";

should be:

internal const string szOID_OIWSEC_SHA256 = "2.16.840.1.101.3.4.2.1";
internal const string szOID_OIWSEC_SHA384 = "2.16.840.1.101.3.4.2.2";
internal const string szOID_OIWSEC_SHA512 = "2.16.840.1.101.3.4.2.3";

more discussion on this is here:

  • http://social.msdn.microsoft.com/Forums/en-US/netfxbcl/thread/217776fa-5dcd-41a6-a800-b401509fbbf0/#fbae9811-a5a2-418f-b049-dcbabf18431a
  • http://social.msdn.microsoft.com/Forums/en-US/csharpgeneral/thread/0cc90bdd-35f9-4a7d-8025-89f7ea9f9704/#deb21fba-1171-4eee-81ea-6de294abbeeb

blogs.msdn.com/b/alejacma/archive/2012/08/02/10018922.aspx

Todd, what makes you believe that OID 2.16.840.1.101.3.4.2.1 is not SHA256? What is the correct OID then?




回答2:


You are specifying the wrong OID -that OID is for NULL signed blobs. For an RSA signed blob, you need to use 1.2.840.113549.1.1.5 sha1RSA.



来源:https://stackoverflow.com/questions/5704906/digital-sign-from-sha1-to-sha256

标签
c#
sign
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!