locked
CryptographicException - Object identifier (OID) is unknown

    Question

  • I am having a problem with my certificates and creating a RSTR as string.  The line of code is failing is,

    string responseAsString = federationSerializer.GetResponseAsString(response, new WSTrustSerializationContext());

    and the exception that is being thrown is (mapping the OID in the certificate to algorithm),

    Object identifier (OID) is unknown.
    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

    Exception Details: System.Security.Cryptography.CryptographicException: Object identifier (OID) is unknown.

    [CryptographicException: Object identifier (OID) is unknown.]
       System.Security.Cryptography.X509Certificates.X509Utils._GetAlgIdFromOid(String oid) +0
       System.Security.Cryptography.X509Certificates.X509Utils.OidToAlgId(String oid) +37
       System.Security.Cryptography.RSACryptoServiceProvider.SignHash(Byte[] rgbHash, String str) +61
       System.Security.Cryptography.RSAPKCS1SignatureFormatter.CreateSignature(Byte[] rgbHash) +105
       System.Security.Cryptography.AsymmetricSignatureFormatter.CreateSignature(HashAlgorithm hash) +48
       Microsoft.IdentityModel.Protocols.XmlSignature.SignedXml.ComputeSignature(HashAlgorithm hash, AsymmetricSignatureFormatter formatter) +44
       Microsoft.IdentityModel.Protocols.XmlSignature.SignedXml.ComputeSignature(SecurityKey signingKey) +362
       Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureWriter.ComputeSignature() +135
       Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureWriter.OnEndRootElement() +150
       Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureWriter.WriteEndElement() +33
       Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.WriteAssertion(XmlWriter writer, SamlAssertion assertion) +577
       Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.WriteToken(XmlWriter writer, SecurityToken token) +44
       Microsoft.IdentityModel.Tokens.EncryptedSecurityTokenHandler.WriteToken(XmlWriter writer, SecurityToken token) +225
       Microsoft.IdentityModel.Tokens.SecurityTokenSerializerAdapter.WriteTokenCore(XmlWriter writer, SecurityToken token) +200
       System.IdentityModel.Selectors.SecurityTokenSerializer.WriteToken(XmlWriter writer, SecurityToken token) +33
       Microsoft.IdentityModel.Protocols.WSTrust.WSTrustSerializationHelper.WriteRSTRXml(XmlWriter writer, String elementName, Object elementValue, WSTrustSerializationContext context, WSTrustConstantsAdapter trustConstants) +714
       Microsoft.IdentityModel.Protocols.WSTrust.WSTrustFeb2005ResponseSerializer.WriteXmlElement(XmlWriter writer, String elementName, Object elementValue, RequestSecurityTokenResponse rstr, WSTrustSerializationContext context) +71
       Microsoft.IdentityModel.Protocols.WSTrust.WSTrustSerializationHelper.WriteKnownResponseElement(RequestSecurityTokenResponse rstr, XmlWriter writer, WSTrustSerializationContext context, WSTrustResponseSerializer responseSerializer, WSTrustConstantsAdapter trustConstants) +278
       Microsoft.IdentityModel.Protocols.WSTrust.WSTrustFeb2005ResponseSerializer.WriteKnownResponseElement(RequestSecurityTokenResponse rstr, XmlWriter writer, WSTrustSerializationContext context) +42
       Microsoft.IdentityModel.Protocols.WSTrust.WSTrustSerializationHelper.WriteResponse(RequestSecurityTokenResponse response, XmlWriter writer, WSTrustSerializationContext context, WSTrustResponseSerializer responseSerializer, WSTrustConstantsAdapter trustConstants) +195
       Microsoft.IdentityModel.Protocols.WSTrust.WSTrustFeb2005ResponseSerializer.WriteXml(RequestSecurityTokenResponse response, XmlWriter writer, WSTrustSerializationContext context) +42
       Microsoft.IdentityModel.Protocols.WSFederation.WSFederationSerializer.GetResponseAsString(RequestSecurityTokenResponse response, WSTrustSerializationContext context) +181
       FederationPassiveSecureTokenService._Default.ProcessSignInRequest(SignInRequestMessage requestMessage) in Default.aspx.cs:109
       FederationPassiveSecureTokenService._Default.Page_PreRender(Object sender, EventArgs e) in Default.aspx.cs:42
       System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +14
       System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +35
       System.Web.UI.Control.OnPreRender(EventArgs e) +8682870
       System.Web.UI.Control.PreRenderRecursiveInternal() +80
       System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +842


    I assume it is the way I have used makecert.exe for my signing certificate.  I am using makecert.exe. I have created my own root CA certificate which is the issue of my signing certificate.  The command line I used to create my certificate is shown below (parameters are split onto new lines for ease of reading)


    makecert.exe
      -pe
      -n "CN=RP STS"
      -b 01/01/2009 -e 01/01/2036
      -ss My
      -sr localMachine
      -sky exchange
      -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.3
      -iv CA-root.pvk
      -ic CA-root.cer

    I have granted the service account (Network Service) read access to the private key.  I have also configured geneva as follows

        <microsoft.identityModel>
            <service>
                <serviceCertificate>
                    <certificateReference x509FindType="FindBySubjectName"
                                          findValue="RP STS"
                                          storeLocation="LocalMachine"
                                          storeName="My" />
                </serviceCertificate>

    I assume the options I used to create the certificate are incorrect.  I had tried to use the

      -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12

    options, but same result.  If someone could give me some suggestions, it would be much appreciated.

    Phil Bolduc
    Vancouver, BC
    Friday, September 25, 2009 11:38 PM

Answers

  • The issue was NOT related to certificate creation issues.  This issue may only occur on Windows 2003 Server and versions of Geneva later than Beta 2. In the Geneva Framework code (Microsoft.IdentityModel.dll) it explictly sets the signature method, signatureMethod == "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"

    To fix the issue,

    1. Download  Security.Cryptography.dll from http://clrsecurity.codeplex.com/  - I built from source
    2. Create a console application that references Security.Cryptography.dll
    3. Add the code below and execute the console application.
    using Security.Cryptography;

    class Program
    {
        static void Main(string[] args)
        {
            Oid2.RegisterSha2OidInformationForRsa();
        }
    }

    Hopefully this helps anyone else that experiences this issue.

    • Edited by Phil S. Bolduc Thursday, October 01, 2009 6:37 PM fix formatting
    • Marked as answer by Phil S. Bolduc Thursday, October 01, 2009 6:42 PM
    Thursday, October 01, 2009 6:33 PM

All replies

  • I have used the below format with success:
    makecert.exe -pe -n "CN=RP-STS" 
        -e 01/01/2036 
        -eku 1.3.6.1.5.5.7.3.1 
        -ss my -sr LocalMachine
        -sky exchange
        -sp "Microsoft RSA SChannel Cryptographic Provider"
        -sy 12
         -ic  ca.cer -iv ca.pvk
    Saturday, September 26, 2009 2:17 AM
    Moderator
  • I guess it sucks to be me as I recreated my certificates with these same options and I get the same OID problem.  I am starting to lean toward something wrong with my environment.  Odd as this is the only thing that does not appear to be working. Failing finding any certificate utilities/code to validate the certificates, I think I may have to rebuild my development VM and start from scratch.
    Monday, September 28, 2009 3:51 PM
  • Would you try using "-a sha1" as well?
    Wednesday, September 30, 2009 5:28 PM
    Moderator
  • Thanks to Brent's help, we have resolved the issue.  The issue had nothing to do with the certificates, but rather the encryption algorithm used by Geneva is not registered correctly on Windows Server 2003 for use by the .NET Framework. Running an encryption algorithm registration command resolved the problem.  We are now ready to push these changes to our QA environment with tomorrow's release.
    Thursday, October 01, 2009 6:25 PM
  • The issue was NOT related to certificate creation issues.  This issue may only occur on Windows 2003 Server and versions of Geneva later than Beta 2. In the Geneva Framework code (Microsoft.IdentityModel.dll) it explictly sets the signature method, signatureMethod == "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"

    To fix the issue,

    1. Download  Security.Cryptography.dll from http://clrsecurity.codeplex.com/  - I built from source
    2. Create a console application that references Security.Cryptography.dll
    3. Add the code below and execute the console application.
    using Security.Cryptography;

    class Program
    {
        static void Main(string[] args)
        {
            Oid2.RegisterSha2OidInformationForRsa();
        }
    }

    Hopefully this helps anyone else that experiences this issue.

    • Edited by Phil S. Bolduc Thursday, October 01, 2009 6:37 PM fix formatting
    • Marked as answer by Phil S. Bolduc Thursday, October 01, 2009 6:42 PM
    Thursday, October 01, 2009 6:33 PM
  • Hi,

    I'm wondering if this this Cryptography problem will also cause the following on a Windows 2003 Server.

    at Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureWriter.ComputeSignature()
       at Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureWriter.OnEndRootElement()
       at Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureWriter.WriteEndElement()
       at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.WriteAssertion(XmlWriter writer, SamlAssertion assertion)
       at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.WriteToken(XmlWriter writer, SecurityToken token)
       at Microsoft.IdentityModel.Tokens.EncryptedSecurityTokenHandler.WriteToken(XmlWriter writer, SecurityToken token)
       at Microsoft.IdentityModel.Tokens.SecurityTokenSerializerAdapter.WriteTokenCore(XmlWriter writer, SecurityToken token)
       at System.IdentityModel.Selectors.SecurityTokenSerializer.WriteToken(XmlWriter writer, SecurityToken token)
       at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustSerializationHelper.WriteRSTRXml(XmlWriter writer, String elementName, Object elementValue, WSTrustSerializationContext context, WSTrustConstantsAdapter trustConstants)
       at Microsoft.IdentityModel.Protocols.WSTrust.WSTrust13ResponseSerializer.WriteXmlElement(XmlWriter writer, String elementName, Object elementValue, RequestSecurityTokenResponse rstr, WSTrustSerializationContext context)
       at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustSerializationHelper.WriteKnownResponseElement(RequestSecurityTokenResponse rstr, XmlWriter writer, WSTrustSerializationContext context, WSTrustResponseSerializer responseSerializer, WSTrustConstantsAdapter trustConstants)
       at Microsoft.IdentityModel.Protocols.WSTrust.WSTrust13ResponseSerializer.WriteKnownResponseElement(RequestSecurityTokenResponse rstr, XmlWriter writer, WSTrustSerializationContext context)
       at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustSerializationHelper.WriteResponse(RequestSecurityTokenResponse response, XmlWriter writer, WSTrustSerializationContext context, WSTrustResponseSerializer responseSerializer, WSTrustConstantsAdapter trustConstants)
       at Microsoft.IdentityModel.Protocols.WSTrust.WSTrust13ResponseSerializer.WriteXml(RequestSecurityTokenResponse response, XmlWriter writer, WSTrustSerializationContext context)
       at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustResponseBodyWriter.OnWriteBodyContents(XmlDictionaryWriter writer)
       at System.ServiceModel.Channels.BodyWriter.WriteBodyContents(XmlDictionaryWriter writer)
       at System.ServiceModel.Channels.BodyWriterMessage.OnWriteBodyContents(XmlDictionaryWriter writer)
       at System.ServiceModel.Channels.Message.WriteBodyContents(XmlDictionaryWriter writer)
       at System.ServiceModel.Security.SecurityAppliedMessage.WriteBodyToSignThenEncryptWithFragments(Stream stream, Boolean includeComments, String[] inclusivePrefixes, EncryptedData encryptedData, SymmetricAlgorithm algorithm, XmlDictionaryWriter writer)
       at System.ServiceModel.Security.WSSecurityOneDotZeroSendSecurityHeader.ApplyBodySecurity(XmlDictionaryWriter writer, IPrefixGenerator prefixGenerator)
       at System.ServiceModel.Security.SecurityAppliedMessage.OnWriteMessage(XmlDictionaryWriter writer)
       at System.ServiceModel.Channels.Message.WriteMessage(XmlDictionaryWriter writer)
       at System.ServiceModel.Channels.BufferedMessageWriter.WriteMessage(Message message, BufferManager bufferManager, Int32 initialOffset, Int32 maxSizeQuota)
       at System.ServiceModel.Channels.TextMessageEncoderFactory.TextMessageEncoder.WriteMessage(Message message, Int32 maxMessageSize, BufferManager bufferManager, Int32 messageOffset)
       at System.ServiceModel.Channels.HttpOutput.SerializeBufferedMessage(Message message)
       at System.ServiceModel.Channels.HttpOutput.Send(TimeSpan timeout)
       at System.ServiceModel.Channels.HttpRequestContext.OnReply(Message message, TimeSpan timeout)
       at System.ServiceModel.Activation.HostedHttpContext.OnReply(Message message, TimeSpan timeout)
       at System.ServiceModel.Channels.RequestContextBase.Reply(Message message, TimeSpan timeout)
       at System.ServiceModel.Channels.SecurityChannelListener`1.SecurityRequestContext.OnReply(Message message, TimeSpan timeout)
       at System.ServiceModel.Channels.RequestContextBase.Reply(Message message, TimeSpan timeout)
       at System.ServiceModel.Channels.RequestContextBase.Reply(Message message)
       at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.Reply(MessageRpc&amp;amp; rpc)</StackTrace><ExceptionString>System.NotSupportedException: ID6035: Cannot create a HashAlgorithm with name 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256' using the 'System.IdentityModel.Tokens.X509AsymmetricSecurityKey' crypto provider. SHA256 may require a minimum platform of Windows Server 2003 and .NET 3.5 SP1. ---&amp;gt; System.Security.Cryptography.CryptographicException: Object identifier (OID) is unknown.
       at System.Security.Cryptography.X509Certificates.X509Utils._GetAlgIdFromOid(String oid)
       at System.Security.Cryptography.X509Certificates.X509Utils.OidToAlgId(String oid)
       at System.Security.Cryptography.RSACryptoServiceProvider.SignHash(Byte[] rgbHash, String str)
       at System.Security.Cryptography.RSAPKCS1SignatureFormatter.CreateSignature(Byte[] rgbHash)
       at System.Security.Cryptography.AsymmetricSignatureFormatter.CreateSignature(HashAlgorithm hash)
       at Microsoft.IdentityModel.CryptoUtil.CreateSignatureForSha256(AsymmetricSignatureFormatter formatter, HashAlgorithm hash)
       at Microsoft.IdentityModel.Protocols.XmlSignature.SignedXml.ComputeSignature(HashAlgorithm hash, AsymmetricSignatureFormatter formatter, String signatureMethod)
       at Microsoft.IdentityModel.Protocols.XmlSignature.SignedXml.ComputeSignature(SecurityKey signingKey)
       --- End of inner exception stack trace ---
       at c
       at Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureWriter.ComputeSignature()
       at Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureWriter.OnEndRootElement()
       at Microsoft.IdentityModel.Protocols.XmlSignature.EnvelopedSignatureWriter.WriteEndElement()
       at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.WriteAssertion(XmlWriter writer, SamlAssertion assertion)
       at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.WriteToken(XmlWriter writer, SecurityToken token)
       at Microsoft.IdentityModel.Tokens.EncryptedSecurityTokenHandler.WriteToken(XmlWriter writer, SecurityToken token)
       at Microsoft.IdentityModel.Tokens.SecurityTokenSerializerAdapter.WriteTokenCore(XmlWriter writer, SecurityToken token)
       at System.IdentityModel.Selectors.SecurityTokenSerializer.WriteToken(XmlWriter writer, SecurityToken token)
       at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustSerializationHelper.WriteRSTRXml(XmlWriter writer, String elementName, Object elementValue, WSTrustSerializationContext context, WSTrustConstantsAdapter trustConstants)
       at Microsoft.IdentityModel.Protocols.WSTrust.WSTrust13ResponseSerializer.WriteXmlElement(XmlWriter writer, String elementName, Object elementValue, RequestSecurityTokenResponse rstr, WSTrustSerializationContext context)
       at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustSerializationHelper.WriteKnownResponseElement(RequestSecurityTokenResponse rstr, XmlWriter writer, WSTrustSerializationContext context, WSTrustResponseSerializer responseSerializer, WSTrustConstantsAdapter trustConstants)
       at Microsoft.IdentityModel.Protocols.WSTrust.WSTrust13ResponseSerializer.WriteKnownResponseElement(RequestSecurityTokenResponse rstr, XmlWriter writer, WSTrustSerializationContext context)
       at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustSerializationHelper.WriteResponse(RequestSecurityTokenResponse response, XmlWriter writer, WSTrustSerializationContext context, WSTrustResponseSerializer responseSerializer, WSTrustConstantsAdapter trustConstants)
       at Microsoft.IdentityModel.Protocols.WSTrust.WSTrust13ResponseSerializer.WriteXml(RequestSecurityTokenResponse response, XmlWriter writer, WSTrustSerializationContext context)
       at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustResponseBodyWriter.OnWriteBodyContents(XmlDictionaryWriter writer)
       at System.ServiceModel.Channels.BodyWriter.WriteBodyContents(XmlDictionaryWriter writer)
       at System.ServiceModel.Channels.BodyWriterMessage.OnWriteBodyContents(XmlDictionaryWriter writer)
       at System.ServiceModel.Channels.Message.WriteBodyContents(XmlDictionaryWriter writer)
       at System.ServiceModel.Security.SecurityAppliedMessage.WriteBodyToSignThenEncryptWithFragments(Stream stream, Boolean includeComments, String[] inclusivePrefixes, EncryptedData encryptedData, SymmetricAlgorithm algorithm, XmlDictionaryWriter writer)
       at System.ServiceModel.Security.WSSecurityOneDotZeroSendSecurityHeader.ApplyBodySecurity(XmlDictionaryWriter writer, IPrefixGenerator prefixGenerator)
       at System.ServiceModel.Security.SecurityAppliedMessage.OnWriteMessage(XmlDictionaryWriter writer)
       at System.ServiceModel.Channels.Message.WriteMessage(XmlDictionaryWriter writer)
       at System.ServiceModel.Channels.BufferedMessageWriter.WriteMessage(Message message, BufferManager bufferManager, Int32 initialOffset, Int32 maxSizeQuota)
       at System.ServiceModel.Channels.TextMessageEncoderFactory.TextMessageEncoder.WriteMessage(Message message, Int32 maxMessageSize, BufferManager bufferManager, Int32 messageOffset)
       at System.ServiceModel.Channels.HttpOutput.SerializeBufferedMessage(Message message)
       at System.ServiceModel.Channels.HttpOutput.Send(TimeSpan timeout)
       at System.ServiceModel.Channels.HttpRequestContext.OnReply(Message message, TimeSpan timeout)
       at System.ServiceModel.Activation.HostedHttpContext.OnReply(Message message, TimeSpan timeout)
       at System.ServiceModel.Channels.RequestContextBase.Reply(Message message, TimeSpan timeout)
       at System.ServiceModel.Channels.SecurityChannelListener`1.SecurityRequestContext.OnReply(Message message, TimeSpan timeout)
       at System.ServiceModel.Channels.RequestContextBase.Reply(Message message, TimeSpan timeout)
       at System.ServiceModel.Channels.RequestContextBase.Reply(Message message)
       at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.Reply(MessageRpc&amp;amp; rpc)</ExceptionString><InnerException><ExceptionType>System.Security.Cryptography.CryptographicException, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType><Message>Object identifier (OID) is unknown.</Message><StackTrace>   at System.Security.Cryptography.X509Certificates.X509Utils._GetAlgIdFromOid(String oid)
       at System.Security.Cryptography.X509Certificates.X509Utils.OidToAlgId(String oid)
       at System.Security.Cryptography.RSACryptoServiceProvider.SignHash(Byte[] rgbHash, String str)
       at System.Security.Cryptography.RSAPKCS1SignatureFormatter.CreateSignature(Byte[] rgbHash)
       at System.Security.Cryptography.AsymmetricSignatureFormatter.CreateSignature(HashAlgorithm hash)
       at Microsoft.IdentityModel.CryptoUtil.CreateSignatureForSha256(AsymmetricSignatureFormatter formatter, HashAlgorithm hash)
       at Microsoft.IdentityModel.Protocols.XmlSignature.SignedXml.ComputeSignature(HashAlgorithm hash, AsymmetricSignatureFormatter formatter, String signatureMethod)
       at Microsoft.IdentityModel.Protocols.XmlSignature.SignedXml.ComputeSignature(SecurityKey signingKey)</StackTrace><ExceptionString>System.Security.Cryptography.CryptographicException: Object identifier (OID) is unknown.
       at System.Security.Cryptography.X509Certificates.X509Utils._GetAlgIdFromOid(String oid)
       at System.Security.Cryptography.X509Certificates.X509Utils.OidToAlgId(String oid)
       at System.Security.Cryptography.RSACryptoServiceProvider.SignHash(Byte[] rgbHash, String str)
       at System.Security.Cryptography.RSAPKCS1SignatureFormatter.CreateSignature(Byte[] rgbHash)
       at System.Security.Cryptography.AsymmetricSignatureFormatter.CreateSignature(HashAlgorithm hash)
       at Microsoft.IdentityModel.CryptoUtil.CreateSignatureForSha256(AsymmetricSignatureFormatter formatter, HashAlgorithm hash)
       at Microsoft.IdentityModel.Protocols.XmlSignature.SignedXml.ComputeSignature(HashAlgorithm hash, AsymmetricSignatureFormatter formatter, String signatureMethod)
       

    Thanks

    TC
    Wednesday, November 25, 2009 12:54 AM
  • Yes, it does.  If you dig deep in your inner exception list, you see

    <ExceptionString>System.Security.Cryptography.CryptographicException: Object identifier (OID) is unknown.

    near the bottom of your post.


    Thursday, November 26, 2009 4:39 PM
  • I tried out the fix that @Phil Bolduc suggested but I am still getting the "sha256 may require a minimum platform of windows server 2003 and .net 3.5 sp1" error.

    My setup:
    Windows Server 2003 R2 Enterprise x64 Edition w/ Service Pack 2 running as a Virtual Machine
    .NET 3.5  / Visual Studio 2008 w/ SP1

    I have installed the WIF for Windows 2003 and the WIF SDK.

    I followed your directions and I even rebooted the OS.

    Please help.
    • Edited by jdenis.unum Wednesday, December 30, 2009 6:13 PM corrected server edition
    Wednesday, December 30, 2009 3:52 PM
  • What do you mean by: "Running an encryption algorithm registration command resolved the problem."

    What is the command?
    Wednesday, December 30, 2009 5:59 PM
  • Hey,

    I am too facing same issue. I am using WIF (v3.5.0.0) on Windows Server 2003 SP2.

    I tried Phil's solution..still its not working.

    Brent,
    Which command did you run to get it working? Could you please share?

    Thanks
    Laxmikant
    • Edited by Laxmikant Thursday, January 07, 2010 6:28 AM additional info
    Thursday, January 07, 2010 6:27 AM
  • I also cannot get SHA256 to work, and Phil's solution to register the missing OIDs doesn't seem to work for me either.

    Is there some way under .NET to display all the RSA OIDs that are currently registered and available?

    Thanks,
    Kess
    Wednesday, January 13, 2010 11:56 AM
  • I'm also having trouble in getting the SHA256 registered. I've tried to register the algorithm as stated, but still getting the same error.

    * Checked the .net (3.5 sp1) and windows (2003 r2) version.
    * Checked the wif (latest) version.
    * Tried to register RegisterSha2OidInformationForRsa().

    Is there any thing that i've missed?

    Thanks,

    João
    JRainha
    Tuesday, January 26, 2010 2:27 AM
  • For those who were unable to get this problem resolved using Phil Bolduc's solution...

    I was having the same problem, and in reading some known issues with the WIF Samples, it seemed that there is a need to run this function in both 64bit and 32 bit mode, as the registry keys injected by this routine seem to be bound to the platform binary.

    The solution is to compile both a 64bit executable and a 32bit executable, and run each of them once.
    If you want to check that the OIDs have been registered successfully, check the following registry hives:
      -  32bit  -  HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo
      -  64bit  -  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo

    each should contain the 3 OIDs which represent the 3 new SHA2 algorithms
      -  (SHA256) - "2.16.840.1.101.3.4.2.1!1"
      -  (SHA384) - "2.16.840.1.101.3.4.2.2!1"
      -  (SHA512) - "2.16.840.1.101.3.4.2.3!1"

    Hope this helps

    Tuesday, March 09, 2010 6:29 AM
  • Hi,

    I am also getting this error on a 64bit Win 7 machine using VS2010. Is the fix identified above still required for Win 7?

    Friday, August 20, 2010 9:58 PM
  • Was having a terrible time trying to figure out why I couldn't get this working - especially when it worked fine in my development environment!

    Just for future people like me arriving through their favourite search engine, you don't need to do the above any more.

    Microsoft released a hotfix that addresses this issue

    http://support.microsoft.com/kb/938397

    Hope this helps someone someday. If it helped you, maybe you'll buy me a beer sometime ;)

    Thursday, November 08, 2012 5:04 AM
  • didnt help , using win 7 , but for your spirit i would buy you a beer anyway :)
    Friday, September 20, 2013 7:52 AM
  • Thanks Phil ,

    It was really helpful for me.

    Friday, January 17, 2014 12:21 PM