1

I'm struggling with this now a whole week and hope someone could help me out.

I need to sign xml using SHA256 and xmldsig. For this I use the SignedXML Class. When looking into this class I see it uses the SignatureAlgorithm value of the loaded key to determine what Hashing type to use.

No matter how I load the key(via cert store of via loading cert file) it will show SHA1 as SignatureAlgorithm. When I look up the details of my Certificate in the MMC cert store, it shows SHA256 as SignatureAlgorithm.

I tried both openssl and makecert to generate a SHA256 cert key, but both will load as SHA1 in .Net And so signedXml.ComputeSignature(); will use SHA1 as a SignatureMethod

.Net 4.0 should support SHA256 right?

user2506299
  • 31
  • 1
  • 5
  • Have a look here: http://msdn.microsoft.com/en-us/library/system.security.cryptography.xml.signedinfo.signaturemethod.aspx, it may only be able to handle SHA-1 in SignedXML. – Dustin Jun 20 '13 at 18:46

2 Answers2

1

Found out that I was probably using the wrong class.

Instead of Microsoft.Web.Services.Security.SignedXml of should use System.Security.Cryptography.Xml.SignedXml. The latter doesn't use the SignatureAlgorithm of the used key to determine what Algorithm to use. Now I can set the Algorithm myself with 'SignedXml.SignedInfo.SignatureMethod' and use a SHA1 key.

user2506299
  • 31
  • 1
  • 5
0

You have to declare a KeyedHashAlgorithm object and pass a string corresponding to SHA256 (documentation here).

The corresponding string for SHA256 is HMACSHA256

Then pass this object to the ComputeSignature method.

The code should be as follows:
KeyedHashAlgorithm kha = KeyedHashAlgorithm.Create("HMACSHA256"); signedXml.ComputeSignature(kha);

arsanyf
  • 1,573
  • 1
  • 14
  • 14