locked
Setting default hash algorithm for signing certificate programatically RRS feed

  • Question

  • Screenshot: http://imgur.com/R54dthw

    Hi,

    I am using Cryptography API to import my certificate to the Trust Store. (https://msdn.microsoft.com/en-us/library/ms867086.aspx)

    I am using the following steps:

    1. Opening the trust store

    2. Create a certificate context

    3. Adding the certificate to the certificate context

    4. Set friendly name using certificate context property

    5. Setting CERT_KEY_PROV_INFO property where we are setting our custom cryptographic service provider with ProvType as PROV_RSA_FULL

    The hash algorithm of our certificate is SHA-1 and 3DES for encryption. However, when we import it to the trust store using the crypto API, the default Hash Algorithm is being shown as SHA 512 (as shown in the image). What property do I need to set in the cert context so that I can set the default Hash Algorithm of the certificate in the Trust Store, same as what I have in the certificate?

    Thanks,

    Yash

    • Moved by Steve Fan Tuesday, March 1, 2016 6:35 AM Programming related
    Monday, February 29, 2016 6:07 AM

All replies

  • Hi Yash,

    This forum is for general questions and feedback related to Outlook. Since your question is more related to programming, I'll move it to the Windows Desktop Development forum:

    https://social.msdn.microsoft.com/Forums/windowsdesktop/en-US/home?category=windowsdesktopdev

    The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.

    Steve Fan
    TechNet Community Support


    Please mark the reply as an answer if you find it is helpful.

    If you have feedback for TechNet Support, contact tnmff@microsoft.com.
    Tuesday, March 1, 2016 6:31 AM
  • If you call ::CertCreateCertificateContext, then I think all parts of the CERT_CONTEXT are filled correctly.

    But look at  LPSTR oid= itsCertContext->pCertInfo->SignatureAlgorithm.pszObjId;

    It would help if you listed each API call you make.

    Tuesday, March 1, 2016 6:31 PM