2

Possible Duplicate:
Can RSACryptoServiceProvider (.NET’s RSA) use SHA256 for encryption (not signing) instead of SHA1?

When using RSACryptoServiceProvider for encryption the default hash algorithm obviously is SHA-1. How can I define another hash algorithm like SHA-512 when encrypting data (using the Encrypt method)? I did not find any property related to the hash algorithm.

Community
  • 1
  • 1
Jürgen Bayer
  • 2,993
  • 3
  • 26
  • 51

1 Answers1

2

RSACryptoServiceProvider will only let you set the hash function used with signing, by using one of the SignData() overloads. Unfortunately it doesn't look like there's any way to change the hash used by OAEP padding without using something like the CLRSecurity project.

If you look at the RSACng wrapper, you can set the EncryptionHashAlgorithm property. The default looks like it's SHA256. See this answer that @owelstead gave in the comments.

Community
  • 1
  • 1
mfanto
  • 14,168
  • 6
  • 51
  • 61
  • 1
    I think that hashing is indeed used when encrypting data with RSA. One indicator is that the maximum size of the data is calculated using the formula (modulo size - 2) - (2 * hash size in byte) when using OAEP padding. With a 1024 bit key (modulo 128) and SHA-1 hash (20 bytes) I calculate 86 byte and that's exactly what the maximum is when testing encryption using these params in a program. Another strong indicator is that the Windows Runtime allows SHA-2 and when checking the maximum size when encrypting for example with 1024 bit and SHA-256 I get 62 bytes, just as the formula results. – Jürgen Bayer Jan 06 '13 at 21:58
  • 1
    RSA OAEP does use a hash algo for the G and H functions. RSA PKCS v1.5 padding does not (it only pads with some static bytes and then fills the rest of it with (at least 8) random bytes. – Maarten Bodewes Jan 06 '13 at 23:17
  • @owlstead : Thanks for clarifying. It's not RSA that uses the hash algorithm for encryption but OAEP for padding. – Jürgen Bayer Jan 07 '13 at 00:07
  • Those paddings **are integral to RSA**. RSA deploys modulus exponentiation over a padded message. The RSAEP function describes how the modulus exponentiation is performed. This is sometimes (incorrectly) described as "RAW" RSA. RSAES-OAEP is one of the two RSA encryption schemes described. – Maarten Bodewes Jan 07 '13 at 00:23
  • You're right, I wasn't thinking about OAEP when I answered, just PKCS v1.5. My apologies, I'll update the answer. – mfanto Jan 07 '13 at 03:36