SignedCMS and SHA256 RRS feed

  • Question

  • According to this thread from last august, there was supposed to be some issue with the

    System.Security.Cryptography.SignedCMS class and the OIDs of SHA-2 in general.

    I'm currently running into an issue with this class and PKCS#7 timestamps that use a SHA256 digest.

    basically the following code

    ContentInfo ciSign = new ContentInfo(message_bytes);
    SignedCms scSign = new SignedCms(ciSign, true);
    scSign.CheckSignature( true);
    is telling me the hash is invalid whereas the validation from our timestamp provider is validating those timestamps.

    Either I'm doing something very wrong or the issue still persists. Oh and I've tried this with a target Framework 2.0 and 4.5 with identical results.

    In an ideal world I'd want to simply enter the Hash value of the timestamped message into the ContentInfo to be able to use this but first things first.

    • Moved by Bob Shen Thursday, March 14, 2013 5:43 AM
    Wednesday, March 13, 2013 5:05 PM

All replies

  • Hi Frank,

    I would like to redirect you to appropriate forum for better responses.

    Bob Shen
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Thursday, March 14, 2013 5:43 AM
  • Hi Frank,

    I believe that the situation with SignedCms and SHA-2 algorithms hasn't changed.  I don't think it's currently supported.  I'll do some research and will get back to you.


    Carlos Lopez - Microsoft Escalation Engineer

    Tuesday, March 19, 2013 5:00 AM
  • Hi Frank,

    I am able to verify a message signed with SHA256, however I'm not sure about the your timestamp scenario.  Can you paste a base64 version of the message_bytes, timestamp_bytes and ciSign so I can reproduce the problem?


    Carlos Lopez - Microsoft Escalation Engineer

    Friday, March 22, 2013 2:45 AM