none
Using SHA256 with RSACryptoServiceProvider

    Question

  • Hi,

     

     The below shown example works well with SHA1, but fails when i try with SHA256 or higher. The documentation i found in MSDN does not restrict from using other Hash Algorithms.Any clarification would be appreciated.

     

    //Secret message

    string message = "Meet me at 17:00 hours";

    //The sender creates a rsa service instance

    RSACryptoServiceProvider rsaSender = new RSACryptoServiceProvider();

    //The sender signs the message and sends the message and

    //signature to the receiver.

    byte[] messageBytes = new UnicodeEncoding().GetBytes(message);

    byte[] hash = HashAlgorithm.Create("SHA1").ComputeHash(messageBytes);

    RSAPKCS1SignatureFormatter formatter = new RSAPKCS1SignatureFormatter(rsaSender);

    formatter.SetHashAlgorithm("SHA1");

    byte[] signature = formatter.CreateSignature(hash);

     

     

    Thanks!

    Kkumar

    Monday, June 25, 2007 10:25 PM

Answers

  •  

    Ah, the error message really helped point to the real problem.

     

    The issue is that all the SHAxxx algorithms are managed (.NET) code only. The Microsoft Win32 crypto service providers do not implement any of them. They only implement SHA1. Basically, the Win32 function CryptSignHash is being invoked under the covers, which then makes a similar call to the installed crypto service provider. It is returning error code NTE_BAD_ALGID, which means the crypto service provider doesn't understand the hash OID.

     

    As far as I can tell, even the newer crypto service providers (like MS AES) don't implement SHAxxx algorithms.

    Tuesday, June 26, 2007 4:19 PM

All replies

  • The RSA cipher encrypts and signs data with a finite size. The size of the input data is restricted (somewhat) proportionally to the size of the RSA key. Depending on the OS version you are using, and any service packs or other software that has been installed, the default RSA provider might be different, meaning that it might select a smaller key (such as 512 bits) by default, which wouldn't be enough to sign a 256 bit+ message. Try specifying a larger key size (1024 or 2048 for example) for the RSA Crypto Service Provider and see if that works.

    Otherwise, please post the error message. Without a specific message, it's difficult to tell exactly what the issue is.
    Monday, June 25, 2007 11:11 PM
  • Hi Rob,

     

    The Keysize is 1024.

    When i replace all SHA1 with SHA256 and execute the code i get the following exception.

    Object identifier (OID) is unknown.  at line 259 

     

    Line 257:        new RSAPKCS1SignatureFormatter(rsaSender);
      Line 258:        formatter.SetHashAlgorithm("SHA256");
      Line 259:        byte[] signature = formatter.CreateSignature(hash);

    But i checkup the OID by calling this function for SHA256 and it exists, The function

    CryptoConfig.MapNameToOID("SHA256")     returns  "2.16.840.1.101.3.4.2.1".

     

     

    thanks!

    kkumar

     

    Tuesday, June 26, 2007 3:24 PM
  •  

    Ah, the error message really helped point to the real problem.

     

    The issue is that all the SHAxxx algorithms are managed (.NET) code only. The Microsoft Win32 crypto service providers do not implement any of them. They only implement SHA1. Basically, the Win32 function CryptSignHash is being invoked under the covers, which then makes a similar call to the installed crypto service provider. It is returning error code NTE_BAD_ALGID, which means the crypto service provider doesn't understand the hash OID.

     

    As far as I can tell, even the newer crypto service providers (like MS AES) don't implement SHAxxx algorithms.

    Tuesday, June 26, 2007 4:19 PM
  •  Hi Ron,

     

    I found some more stuff from  http://download.microsoft.com/download/1/f/1/1f175034-fbf6-4d7b-b0a0-686a7997ad68/WindowsSDK_Readme_Beta2.htm

    It says ,

    SHA-256 is only supported for symmetric key usage such as Kerberos key. It cannot be used when RSA is applied during the signing process .RSA signatures using SHA-256 hash are not supported.In this release if you use an RSA signature using SHA-256 a general exception is thrown.

    This is the exception that is thrown:

    Unhandled Exception: System.Security.Cryptography.CryptographicException: Object identifier (OID) is unknown.

     

    Thanks for the clarification, i appreciate it.

     

    KKumar

    Tuesday, June 26, 2007 6:39 PM
  • I know this is a old post, but I've read from the following post/blog that this is now supported on Server 2003.
    http://blogs.msdn.com/shawnfa/archive/2008/08/25/using-rsacryptoserviceprovider-for-rsa-sha256-signatures.aspx

    But I am still getting the same error, Object identifier (OID) is unknown. When using the simple sample code on 2003.

    John
    Sunday, November 02, 2008 4:24 PM
  • Where did you hear that: key of 512 bits which wouldn't be enough to sign a 256 bits message?


    Thursday, November 27, 2008 8:49 AM
  • Hi John,

    Did you find a solution?  I'm getting the same problem on Windows Server 2003 SP2 running .Net 3.5 SP1.

    Thanks,

    Andy
    Tuesday, December 02, 2008 4:11 PM
  • No, still nothing resolved.
    I created a new thread asking for help.
    http://social.msdn.microsoft.com/Forums/en-US/clr/thread/f9d78789-223f-4134-a3e0-fab6bd09100f
    Wednesday, December 03, 2008 1:41 AM
  • See my answer on the Geneva forum, http://social.msdn.microsoft.com/Forums/en-US/Geneva/thread/35c10fe5-9693-4f3a-9c5c-8afbb423ee95

    To fix the issue,

    1. Download  Security.Cryptography.dll from http://clrsecurity.codeplex.com/  - I built from source
    2. Create a console application that references Security.Cryptography.dll
    3. Add the code below and execute the console application.
    using Security.Cryptography;

    class Program
    {
        static void Main(string[] args)
        {
            Oid2.RegisterSha2OidInformationForRsa();
        }
    }
    Thursday, October 01, 2009 7:01 PM