none
CryptographicException - Object identifier (OID) is unknown

    Вопрос

  • I am having a problem with my certificates and creating a RSTR as string.  The line of code is failing is,

    string responseAsString = federationSerializer.GetResponseAsString(response, new WSTrustSerializationContext());

    and the exception that is being thrown is (mapping the OID in the certificate to algorithm),

    Object identifier (OID) is unknown.
    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

    Exception Details: System.Security.Cryptography.CryptographicException: Object identifier (OID) is unknown.

    [CryptographicException: Object identifier (OID) is unknown.]
       System.Security.Cryptography.X509Certificates.X509Utils._GetAlgIdFromOid(String oid) +0
       System.Security.Cryptography.X509Certificates.X509Utils.OidToAlgId(String oid) +37
       System.Security.Cryptography.RSACryptoServiceProvider.SignHash(Byte[] rgbHash, String str) +61
       System.Security.Cryptography.RSAPKCS1SignatureFormatter.CreateSignature(Byte[] rgbHash) +105
       System.Security.Cryptography.AsymmetricSignatureFormatter.CreateSignature(HashAlgorithm hash) +48
       Microsoft.IdentityModel.Protocols.XmlSignature.SignedXml.ComputeSignature(HashAlgorithm hash, AsymmetricSignatureFormatter formatter) +44
       Microsoft.IdentityModel.Protocols.XmlSignature.SignedXml.ComputeSignature(SecurityKey signingKey) +362
       Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureWriter.ComputeSignature() +135
       Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureWriter.OnEndRootElement() +150
       Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureWriter.WriteEndElement() +33
       Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.WriteAssertion(XmlWriter writer, SamlAssertion assertion) +577
       Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.WriteToken(XmlWriter writer, SecurityToken token) +44
       Microsoft.IdentityModel.Tokens.EncryptedSecurityTokenHandler.WriteToken(XmlWriter writer, SecurityToken token) +225
       Microsoft.IdentityModel.Tokens.SecurityTokenSerializerAdapter.WriteTokenCore(XmlWriter writer, SecurityToken token) +200
       System.IdentityModel.Selectors.SecurityTokenSerializer.WriteToken(XmlWriter writer, SecurityToken token) +33
       Microsoft.IdentityModel.Protocols.WSTrust.WSTrustSerializationHelper.WriteRSTRXml(XmlWriter writer, String elementName, Object elementValue, WSTrustSerializationContext context, WSTrustConstantsAdapter trustConstants) +714
       Microsoft.IdentityModel.Protocols.WSTrust.WSTrustFeb2005ResponseSerializer.WriteXmlElement(XmlWriter writer, String elementName, Object elementValue, RequestSecurityTokenResponse rstr, WSTrustSerializationContext context) +71
       Microsoft.IdentityModel.Protocols.WSTrust.WSTrustSerializationHelper.WriteKnownResponseElement(RequestSecurityTokenResponse rstr, XmlWriter writer, WSTrustSerializationContext context, WSTrustResponseSerializer responseSerializer, WSTrustConstantsAdapter trustConstants) +278
       Microsoft.IdentityModel.Protocols.WSTrust.WSTrustFeb2005ResponseSerializer.WriteKnownResponseElement(RequestSecurityTokenResponse rstr, XmlWriter writer, WSTrustSerializationContext context) +42
       Microsoft.IdentityModel.Protocols.WSTrust.WSTrustSerializationHelper.WriteResponse(RequestSecurityTokenResponse response, XmlWriter writer, WSTrustSerializationContext context, WSTrustResponseSerializer responseSerializer, WSTrustConstantsAdapter trustConstants) +195
       Microsoft.IdentityModel.Protocols.WSTrust.WSTrustFeb2005ResponseSerializer.WriteXml(RequestSecurityTokenResponse response, XmlWriter writer, WSTrustSerializationContext context) +42
       Microsoft.IdentityModel.Protocols.WSFederation.WSFederationSerializer.GetResponseAsString(RequestSecurityTokenResponse response, WSTrustSerializationContext context) +181
       FederationPassiveSecureTokenService._Default.ProcessSignInRequest(SignInRequestMessage requestMessage) in Default.aspx.cs:109
       FederationPassiveSecureTokenService._Default.Page_PreRender(Object sender, EventArgs e) in Default.aspx.cs:42
       System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +14
       System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +35
       System.Web.UI.Control.OnPreRender(EventArgs e) +8682870
       System.Web.UI.Control.PreRenderRecursiveInternal() +80
       System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +842


    I assume it is the way I have used makecert.exe for my signing certificate.  I am using makecert.exe. I have created my own root CA certificate which is the issue of my signing certificate.  The command line I used to create my certificate is shown below (parameters are split onto new lines for ease of reading)


    makecert.exe
      -pe
      -n "CN=RP STS"
      -b 01/01/2009 -e 01/01/2036
      -ss My
      -sr localMachine
      -sky exchange
      -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.3
      -iv CA-root.pvk
      -ic CA-root.cer

    I have granted the service account (Network Service) read access to the private key.  I have also configured geneva as follows

        <microsoft.identityModel>
            <service>
                <serviceCertificate>
                    <certificateReference x509FindType="FindBySubjectName"
                                          findValue="RP STS"
                                          storeLocation="LocalMachine"
                                          storeName="My" />
                </serviceCertificate>

    I assume the options I used to create the certificate are incorrect.  I had tried to use the

      -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12

    options, but same result.  If someone could give me some suggestions, it would be much appreciated.

    Phil Bolduc
    Vancouver, BC
    25 сентября 2009 г. 23:38

Ответы

  • The issue was NOT related to certificate creation issues.  This issue may only occur on Windows 2003 Server and versions of Geneva later than Beta 2. In the Geneva Framework code (Microsoft.IdentityModel.dll) it explictly sets the signature method, signatureMethod == "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"

    To fix the issue,

    1. Download  Security.Cryptography.dll from http://clrsecurity.codeplex.com/  - I built from source
    2. Create a console application that references Security.Cryptography.dll
    3. Add the code below and execute the console application.
    using Security.Cryptography;

    class Program
    {
        static void Main(string[] args)
        {
            Oid2.RegisterSha2OidInformationForRsa();
        }
    }

    Hopefully this helps anyone else that experiences this issue.

    • Изменено Phil S. Bolduc 1 октября 2009 г. 18:37 fix formatting
    • Помечено в качестве ответа Phil S. Bolduc 1 октября 2009 г. 18:42
    1 октября 2009 г. 18:33

Все ответы

  • I have used the below format with success:
    makecert.exe -pe -n "CN=RP-STS" 
        -e 01/01/2036 
        -eku 1.3.6.1.5.5.7.3.1 
        -ss my -sr LocalMachine
        -sky exchange
        -sp "Microsoft RSA SChannel Cryptographic Provider"
        -sy 12
         -ic  ca.cer -iv ca.pvk
    26 сентября 2009 г. 2:17
  • I guess it sucks to be me as I recreated my certificates with these same options and I get the same OID problem.  I am starting to lean toward something wrong with my environment.  Odd as this is the only thing that does not appear to be working. Failing finding any certificate utilities/code to validate the certificates, I think I may have to rebuild my development VM and start from scratch.
    28 сентября 2009 г. 15:51
  • Would you try using "-a sha1" as well?
    30 сентября 2009 г. 17:28
  • Thanks to Brent's help, we have resolved the issue.  The issue had nothing to do with the certificates, but rather the encryption algorithm used by Geneva is not registered correctly on Windows Server 2003 for use by the .NET Framework. Running an encryption algorithm registration command resolved the problem.  We are now ready to push these changes to our QA environment with tomorrow's release.
    • Предложено в качестве ответа Brent Schmaltz - MSFT 25 ноября 2009 г. 2:50
    1 октября 2009 г. 18:25
  • The issue was NOT related to certificate creation issues.  This issue may only occur on Windows 2003 Server and versions of Geneva later than Beta 2. In the Geneva Framework code (Microsoft.IdentityModel.dll) it explictly sets the signature method, signatureMethod == "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"

    To fix the issue,

    1. Download  Security.Cryptography.dll from http://clrsecurity.codeplex.com/  - I built from source
    2. Create a console application that references Security.Cryptography.dll
    3. Add the code below and execute the console application.
    using Security.Cryptography;

    class Program
    {
        static void Main(string[] args)
        {
            Oid2.RegisterSha2OidInformationForRsa();
        }
    }

    Hopefully this helps anyone else that experiences this issue.

    • Изменено Phil S. Bolduc 1 октября 2009 г. 18:37 fix formatting
    • Помечено в качестве ответа Phil S. Bolduc 1 октября 2009 г. 18:42
    1 октября 2009 г. 18:33
  • Hi,

    I'm wondering if this this Cryptography problem will also cause the following on a Windows 2003 Server.

    at Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureWriter.ComputeSignature()
       at Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureWriter.OnEndRootElement()
       at Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureWriter.WriteEndElement()
       at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.WriteAssertion(XmlWriter writer, SamlAssertion assertion)
       at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.WriteToken(XmlWriter writer, SecurityToken token)
       at Microsoft.IdentityModel.Tokens.EncryptedSecurityTokenHandler.WriteToken(XmlWriter writer, SecurityToken token)
       at Microsoft.IdentityModel.Tokens.SecurityTokenSerializerAdapter.WriteTokenCore(XmlWriter writer, SecurityToken token)
       at System.IdentityModel.Selectors.SecurityTokenSerializer.WriteToken(XmlWriter writer, SecurityToken token)
       at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustSerializationHelper.WriteRSTRXml(XmlWriter writer, String elementName, Object elementValue, WSTrustSerializationContext context, WSTrustConstantsAdapter trustConstants)
       at Microsoft.IdentityModel.Protocols.WSTrust.WSTrust13ResponseSerializer.WriteXmlElement(XmlWriter writer, String elementName, Object elementValue, RequestSecurityTokenResponse rstr, WSTrustSerializationContext context)
       at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustSerializationHelper.WriteKnownResponseElement(RequestSecurityTokenResponse rstr, XmlWriter writer, WSTrustSerializationContext context, WSTrustResponseSerializer responseSerializer, WSTrustConstantsAdapter trustConstants)
       at Microsoft.IdentityModel.Protocols.WSTrust.WSTrust13ResponseSerializer.WriteKnownResponseElement(RequestSecurityTokenResponse rstr, XmlWriter writer, WSTrustSerializationContext context)
       at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustSerializationHelper.WriteResponse(RequestSecurityTokenResponse response, XmlWriter writer, WSTrustSerializationContext context, WSTrustResponseSerializer responseSerializer, WSTrustConstantsAdapter trustConstants)
       at Microsoft.IdentityModel.Protocols.WSTrust.WSTrust13ResponseSerializer.WriteXml(RequestSecurityTokenResponse response, XmlWriter writer, WSTrustSerializationContext context)
       at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustResponseBodyWriter.OnWriteBodyContents(XmlDictionaryWriter writer)
       at System.ServiceModel.Channels.BodyWriter.WriteBodyContents(XmlDictionaryWriter writer)
       at System.ServiceModel.Channels.BodyWriterMessage.OnWriteBodyContents(XmlDictionaryWriter writer)
       at System.ServiceModel.Channels.Message.WriteBodyContents(XmlDictionaryWriter writer)
       at System.ServiceModel.Security.SecurityAppliedMessage.WriteBodyToSignThenEncryptWithFragments(Stream stream, Boolean includeComments, String[] inclusivePrefixes, EncryptedData encryptedData, SymmetricAlgorithm algorithm, XmlDictionaryWriter writer)
       at System.ServiceModel.Security.WSSecurityOneDotZeroSendSecurityHeader.ApplyBodySecurity(XmlDictionaryWriter writer, IPrefixGenerator prefixGenerator)
       at System.ServiceModel.Security.SecurityAppliedMessage.OnWriteMessage(XmlDictionaryWriter writer)
       at System.ServiceModel.Channels.Message.WriteMessage(XmlDictionaryWriter writer)
       at System.ServiceModel.Channels.BufferedMessageWriter.WriteMessage(Message message, BufferManager bufferManager, Int32 initialOffset, Int32 maxSizeQuota)
       at System.ServiceModel.Channels.TextMessageEncoderFactory.TextMessageEncoder.WriteMessage(Message message, Int32 maxMessageSize, BufferManager bufferManager, Int32 messageOffset)
       at System.ServiceModel.Channels.HttpOutput.SerializeBufferedMessage(Message message)
       at System.ServiceModel.Channels.HttpOutput.Send(TimeSpan timeout)
       at System.ServiceModel.Channels.HttpRequestContext.OnReply(Message message, TimeSpan timeout)
       at System.ServiceModel.Activation.HostedHttpContext.OnReply(Message message, TimeSpan timeout)
       at System.ServiceModel.Channels.RequestContextBase.Reply(Message message, TimeSpan timeout)
       at System.ServiceModel.Channels.SecurityChannelListener`1.SecurityRequestContext.OnReply(Message message, TimeSpan timeout)
       at System.ServiceModel.Channels.RequestContextBase.Reply(Message message, TimeSpan timeout)
       at System.ServiceModel.Channels.RequestContextBase.Reply(Message message)
       at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.Reply(MessageRpc&amp;amp; rpc)</StackTrace><ExceptionString>System.NotSupportedException: ID6035: Cannot create a HashAlgorithm with name 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256' using the 'System.IdentityModel.Tokens.X509AsymmetricSecurityKey' crypto provider. SHA256 may require a minimum platform of Windows Server 2003 and .NET 3.5 SP1. ---&amp;gt; System.Security.Cryptography.CryptographicException: Object identifier (OID) is unknown.
       at System.Security.Cryptography.X509Certificates.X509Utils._GetAlgIdFromOid(String oid)
       at System.Security.Cryptography.X509Certificates.X509Utils.OidToAlgId(String oid)
       at System.Security.Cryptography.RSACryptoServiceProvider.SignHash(Byte[] rgbHash, String str)
       at System.Security.Cryptography.RSAPKCS1SignatureFormatter.CreateSignature(Byte[] rgbHash)
       at System.Security.Cryptography.AsymmetricSignatureFormatter.CreateSignature(HashAlgorithm hash)
       at Microsoft.IdentityModel.CryptoUtil.CreateSignatureForSha256(AsymmetricSignatureFormatter formatter, HashAlgorithm hash)
       at Microsoft.IdentityModel.Protocols.XmlSignature.SignedXml.ComputeSignature(HashAlgorithm hash, AsymmetricSignatureFormatter formatter, String signatureMethod)
       at Microsoft.IdentityModel.Protocols.XmlSignature.SignedXml.ComputeSignature(SecurityKey signingKey)
       --- End of inner exception stack trace ---
       at c
       at Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureWriter.ComputeSignature()
       at Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureWriter.OnEndRootElement()
       at Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureWriter.WriteEndElement()
       at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.WriteAssertion(XmlWriter writer, SamlAssertion assertion)
       at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.WriteToken(XmlWriter writer, SecurityToken token)
       at Microsoft.IdentityModel.Tokens.EncryptedSecurityTokenHandler.WriteToken(XmlWriter writer, SecurityToken token)
       at Microsoft.IdentityModel.Tokens.SecurityTokenSerializerAdapter.WriteTokenCore(XmlWriter writer, SecurityToken token)
       at System.IdentityModel.Selectors.SecurityTokenSerializer.WriteToken(XmlWriter writer, SecurityToken token)
       at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustSerializationHelper.WriteRSTRXml(XmlWriter writer, String elementName, Object elementValue, WSTrustSerializationContext context, WSTrustConstantsAdapter trustConstants)
       at Microsoft.IdentityModel.Protocols.WSTrust.WSTrust13ResponseSerializer.WriteXmlElement(XmlWriter writer, String elementName, Object elementValue, RequestSecurityTokenResponse rstr, WSTrustSerializationContext context)
       at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustSerializationHelper.WriteKnownResponseElement(RequestSecurityTokenResponse rstr, XmlWriter writer, WSTrustSerializationContext context, WSTrustResponseSerializer responseSerializer, WSTrustConstantsAdapter trustConstants)
       at Microsoft.IdentityModel.Protocols.WSTrust.WSTrust13ResponseSerializer.WriteKnownResponseElement(RequestSecurityTokenResponse rstr, XmlWriter writer, WSTrustSerializationContext context)
       at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustSerializationHelper.WriteResponse(RequestSecurityTokenResponse response, XmlWriter writer, WSTrustSerializationContext context, WSTrustResponseSerializer responseSerializer, WSTrustConstantsAdapter trustConstants)
       at Microsoft.IdentityModel.Protocols.WSTrust.WSTrust13ResponseSerializer.WriteXml(RequestSecurityTokenResponse response, XmlWriter writer, WSTrustSerializationContext context)
       at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustResponseBodyWriter.OnWriteBodyContents(XmlDictionaryWriter writer)
       at System.ServiceModel.Channels.BodyWriter.WriteBodyContents(XmlDictionaryWriter writer)
       at System.ServiceModel.Channels.BodyWriterMessage.OnWriteBodyContents(XmlDictionaryWriter writer)
       at System.ServiceModel.Channels.Message.WriteBodyContents(XmlDictionaryWriter writer)
       at System.ServiceModel.Security.SecurityAppliedMessage.WriteBodyToSignThenEncryptWithFragments(Stream stream, Boolean includeComments, String[] inclusivePrefixes, EncryptedData encryptedData, SymmetricAlgorithm algorithm, XmlDictionaryWriter writer)
       at System.ServiceModel.Security.WSSecurityOneDotZeroSendSecurityHeader.ApplyBodySecurity(XmlDictionaryWriter writer, IPrefixGenerator prefixGenerator)
       at System.ServiceModel.Security.SecurityAppliedMessage.OnWriteMessage(XmlDictionaryWriter writer)
       at System.ServiceModel.Channels.Message.WriteMessage(XmlDictionaryWriter writer)
       at System.ServiceModel.Channels.BufferedMessageWriter.WriteMessage(Message message, BufferManager bufferManager, Int32 initialOffset, Int32 maxSizeQuota)
       at System.ServiceModel.Channels.TextMessageEncoderFactory.TextMessageEncoder.WriteMessage(Message message, Int32 maxMessageSize, BufferManager bufferManager, Int32 messageOffset)
       at System.ServiceModel.Channels.HttpOutput.SerializeBufferedMessage(Message message)
       at System.ServiceModel.Channels.HttpOutput.Send(TimeSpan timeout)
       at System.ServiceModel.Channels.HttpRequestContext.OnReply(Message message, TimeSpan timeout)
       at System.ServiceModel.Activation.HostedHttpContext.OnReply(Message message, TimeSpan timeout)
       at System.ServiceModel.Channels.RequestContextBase.Reply(Message message, TimeSpan timeout)
       at System.ServiceModel.Channels.SecurityChannelListener`1.SecurityRequestContext.OnReply(Message message, TimeSpan timeout)
       at System.ServiceModel.Channels.RequestContextBase.Reply(Message message, TimeSpan timeout)
       at System.ServiceModel.Channels.RequestContextBase.Reply(Message message)
       at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.Reply(MessageRpc&amp;amp; rpc)</ExceptionString><InnerException><ExceptionType>System.Security.Cryptography.CryptographicException, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType><Message>Object identifier (OID) is unknown.</Message><StackTrace>   at System.Security.Cryptography.X509Certificates.X509Utils._GetAlgIdFromOid(String oid)
       at System.Security.Cryptography.X509Certificates.X509Utils.OidToAlgId(String oid)
       at System.Security.Cryptography.RSACryptoServiceProvider.SignHash(Byte[] rgbHash, String str)
       at System.Security.Cryptography.RSAPKCS1SignatureFormatter.CreateSignature(Byte[] rgbHash)
       at System.Security.Cryptography.AsymmetricSignatureFormatter.CreateSignature(HashAlgorithm hash)
       at Microsoft.IdentityModel.CryptoUtil.CreateSignatureForSha256(AsymmetricSignatureFormatter formatter, HashAlgorithm hash)
       at Microsoft.IdentityModel.Protocols.XmlSignature.SignedXml.ComputeSignature(HashAlgorithm hash, AsymmetricSignatureFormatter formatter, String signatureMethod)
       at Microsoft.IdentityModel.Protocols.XmlSignature.SignedXml.ComputeSignature(SecurityKey signingKey)</StackTrace><ExceptionString>System.Security.Cryptography.CryptographicException: Object identifier (OID) is unknown.
       at System.Security.Cryptography.X509Certificates.X509Utils._GetAlgIdFromOid(String oid)
       at System.Security.Cryptography.X509Certificates.X509Utils.OidToAlgId(String oid)
       at System.Security.Cryptography.RSACryptoServiceProvider.SignHash(Byte[] rgbHash, String str)
       at System.Security.Cryptography.RSAPKCS1SignatureFormatter.CreateSignature(Byte[] rgbHash)
       at System.Security.Cryptography.AsymmetricSignatureFormatter.CreateSignature(HashAlgorithm hash)
       at Microsoft.IdentityModel.CryptoUtil.CreateSignatureForSha256(AsymmetricSignatureFormatter formatter, HashAlgorithm hash)
       at Microsoft.IdentityModel.Protocols.XmlSignature.SignedXml.ComputeSignature(HashAlgorithm hash, AsymmetricSignatureFormatter formatter, String signatureMethod)
       

    Thanks

    TC
    25 ноября 2009 г. 0:54
  • Yes, it does.  If you dig deep in your inner exception list, you see

    <ExceptionString>System.Security.Cryptography.CryptographicException: Object identifier (OID) is unknown.

    near the bottom of your post.


    26 ноября 2009 г. 16:39
  • I tried out the fix that @Phil Bolduc suggested but I am still getting the "sha256 may require a minimum platform of windows server 2003 and .net 3.5 sp1" error.

    My setup:
    Windows Server 2003 R2 Enterprise x64 Edition w/ Service Pack 2 running as a Virtual Machine
    .NET 3.5  / Visual Studio 2008 w/ SP1

    I have installed the WIF for Windows 2003 and the WIF SDK.

    I followed your directions and I even rebooted the OS.

    Please help.
    • Изменено jdenis.unum 30 декабря 2009 г. 18:13 corrected server edition
    30 декабря 2009 г. 15:52
  • What do you mean by: "Running an encryption algorithm registration command resolved the problem."

    What is the command?
    30 декабря 2009 г. 17:59
  • Hey,

    I am too facing same issue. I am using WIF (v3.5.0.0) on Windows Server 2003 SP2.

    I tried Phil's solution..still its not working.

    Brent,
    Which command did you run to get it working? Could you please share?

    Thanks
    Laxmikant
    • Изменено Laxmikant 7 января 2010 г. 6:28 additional info
    7 января 2010 г. 6:27
  • I also cannot get SHA256 to work, and Phil's solution to register the missing OIDs doesn't seem to work for me either.

    Is there some way under .NET to display all the RSA OIDs that are currently registered and available?

    Thanks,
    Kess
    13 января 2010 г. 11:56
  • I'm also having trouble in getting the SHA256 registered. I've tried to register the algorithm as stated, but still getting the same error.

    * Checked the .net (3.5 sp1) and windows (2003 r2) version.
    * Checked the wif (latest) version.
    * Tried to register RegisterSha2OidInformationForRsa().

    Is there any thing that i've missed?

    Thanks,

    João
    JRainha
    26 января 2010 г. 2:27
  • For those who were unable to get this problem resolved using Phil Bolduc's solution...

    I was having the same problem, and in reading some known issues with the WIF Samples, it seemed that there is a need to run this function in both 64bit and 32 bit mode, as the registry keys injected by this routine seem to be bound to the platform binary.

    The solution is to compile both a 64bit executable and a 32bit executable, and run each of them once.
    If you want to check that the OIDs have been registered successfully, check the following registry hives:
      -  32bit  -  HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo
      -  64bit  -  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo

    each should contain the 3 OIDs which represent the 3 new SHA2 algorithms
      -  (SHA256) - "2.16.840.1.101.3.4.2.1!1"
      -  (SHA384) - "2.16.840.1.101.3.4.2.2!1"
      -  (SHA512) - "2.16.840.1.101.3.4.2.3!1"

    Hope this helps

    9 марта 2010 г. 6:29
  • Hi,

    I am also getting this error on a 64bit Win 7 machine using VS2010. Is the fix identified above still required for Win 7?

    20 августа 2010 г. 21:58
  • Was having a terrible time trying to figure out why I couldn't get this working - especially when it worked fine in my development environment!

    Just for future people like me arriving through their favourite search engine, you don't need to do the above any more.

    Microsoft released a hotfix that addresses this issue

    http://support.microsoft.com/kb/938397

    Hope this helps someone someday. If it helped you, maybe you'll buy me a beer sometime ;)

    8 ноября 2012 г. 5:04
  • didnt help , using win 7 , but for your spirit i would buy you a beer anyway :)
    20 сентября 2013 г. 7:52
  • Thanks Phil ,

    It was really helpful for me.

    17 января 2014 г. 12:21