I have a server that uses the following certificate for SSL/TLS communications:
In my C# code, I use a custom certificate validation callback to view the properties of this certificate programmatically, like so:
private static bool CertificateValidationCallBack(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
// Certificate2 is better than Certificate1, right?
X509Certificate2 cert = (X509Certificate2)certificate;
Console.WriteLine("Certificate Subject : " + cert.Subject);
Console.WriteLine("Certificate Issuer : " + cert.Issuer);
// So on and so forth...
}
However, my problem is that I cannot seem to see that "Signature hash algorithm" property. cert.SignatureAlgorithm.FriendlyName returns RSASSA-PSS, and
new System.Security.Cryptography.Oid(cert.GetKeyAlgorithm()).FriendlyName)
returns simply RSA. None of these properties seem to give me that "sha256" property that I see in the GUI. How do I return that property?
Edit: I found this related question on Cryptography.SE that explains that Microsoft's certificate viewer GUI is a little wonky and off-standard, but if that's the case then I want to be wonky too. I want to know how to report "sha256" the same way that the GUI does.
Update 08/13: Viewed from another perspective, when I use the command
certutil.exe -dump cert.cer
An excerpt of the result:
Signature Algorithm:
Algorithm ObjectId: 1.2.840.113549.1.1.10 RSASSA-PSS
Algorithm Parameters:
0000 30 34 a0 0f 30 0d 06 09 60 86 48 01 65 03 04 02
0010 01 05 00 a1 1c 30 1a 06 09 2a 86 48 86 f7 0d 01
0020 01 08 30 0d 06 09 60 86 48 01 65 03 04 02 01 05
0030 00 a2 03 02 01 20
2.16.840.1.101.3.4.2.1 sha256 (sha256NoSign)
05 00
1.2.840.113549.1.1.8 mgf1
2.16.840.1.101.3.4.2.1 sha256 (sha256NoSign)
05 00
0x20 (32)
I sure wish I knew how to find those OIDs (the sha256 ones) for myself... without resorting to parsing the output of an actual certutil command.
