Original URL: | https://blogs.msdn.microsoft.com/alejacma/2010/06/02/an-internal-error-ocurred-when-using-sha-2-algorithms-with-signedcms/ |
Post name: | "An internal error ocurred" when using SHA-2 algorithms with SignedCMS |
Original author: | Alejandro Campos Magencio |
Posting date: | 2010-06-02T08:58:00+00:00 |
Hi all,
The other day a customer of mine got this exception when trying to use SHA-2 algorithms with SignedCms class in their .NET 3.5 application:
Exception type: System.Security.Cryptography.CryptographicException
Message: An internal error occurred.
They got the exception on Windows Vista SP2/Server 2008 SP2 and later versions when using using a third-party CSP. Why?
SignedCMS class uses CAPI2 (CryptMsg* API) behind the scenes. CAPI2 requires a CNG provider for any algorithm that is not on this list:
CryptFindOIDInfo Function
"
Hash Algorithms:
CALG_SHA1
CALG_MD5
CALG_MD4
CALG_MD2
Algorithms that are not listed are supported by using Cryptography API: Next Generation (CNG) only;
"
In customer's scenario, third-party CSP was a legacy CSP and not a CNG provider.
Summing up, if you want to work with i.e. SHA256, SHA384 & SHA512 algorithms, you will need a CNG provider.
Now, I will post about this in greater detail soon, but SignedCMS class doesn't support CNG. So basically, we cannot use SHA-2 algorithms with that class under this scenario.
I hope this helps.
Regards,
Alex (Alejandro Campos Magencio)
Comments: