Signed Attributes in Windows Vista and XP - CryptSignMessage RRS feed

  • Question

  • I am using CryptSignMessage to sign a detached message. On Vista I am able to add signed attributes and when I do so the two required CMS signed attributes are automatically added (content-type and message-digest). However when I run the same code on Windows XP I get the error 0x80091002, CRYPT_E_UNKNOWN_ALGO, "Unknown cryptographic algorithm"


    I have tried adding the two required signed attributes on XP manually, but even these alone cause the unknown algorithm error.


    If I remove the rgAuthAttr from CRYPT_SIGN_MESSAGE_PARA then the code works fine on both platforms. Although the certificates and keys are different on the two platforms, they are both practically the same so that does not seem to be the variable.


    The specific rsaenh.dll versions on the two platforms are XP and Vista respectively: 5.1.2600.2161 and 6.0.6001.18000. As far as I can tell the one on XP is up to date.


    DumpAsn1 of the signature file produced on Vista looks exactly as it should. Likewise when the code runs on XP without the rgAuthAttr everything looks the same. Are signed attributes supported on XP?


    Wednesday, August 13, 2008 2:59 AM

All replies

  • To answer my own question, I found out that the algorithms supported on XP (by trial and error, still no documentation found) are

    SigParams.HashAlgorithm.pszObjId = szOID_RSA_MD2, szOID_RSA_MD5, szOID_RSA_MD4

    which is pretty disappointing even in 2001 these were all known to be broken, and none of them are FIPS certifiable.

    Sunday, August 17, 2008 5:09 PM