0

I am creating PKCS#7 Message:

SignedCms signedCms = new SignedCms(GetContent());

var certificateFromFile = new X509Certificate2("my-ecdsa.pfx");

var signer = new CmsSigner(certificateFromFile);
signer.DigestAlgorithm = new Oid("2.16.840.1.101.3.4.2.1"); //sha256

// Sign the message.

signedCms.ComputeSignature(signer);
// Encode the message.
var myCmsMessage = signedCms.Encode();

But there is exception thrown at signedCms.ComputeSignature():

Invalid provider type specified

When using pfx with RSA key, everything works as expected.

Is ECDSA not supported? Can I change provider?

My cert info:

Signing algorithm: sha256RCDSA
Public key: ECC (256 bits)
Public key parameters: secP256k1
pwas
  • 3,225
  • 18
  • 40
  • What version of .NET Framework are you on? The .NET Core tests have the "don't run these on .NET Framework" marker for the ECDSA tests, but that could mean that it was added in a later version than the compatibility runs. (Are you sure the callstack says it came from Encode? It should really be from ComputeSignature) – bartonjs Mar 14 '18 at 04:13
  • @bartonjs I am running on net framework 4.6.2. And indeed, my bad - exception is thrown from ComputeSignature. – pwas Mar 14 '18 at 06:31
  • Some parts of SignedCms changed under the covers in the [4.7.2 Early Access](https://blogs.msdn.microsoft.com/dotnet/2018/02/05/announcing-net-framework-4-7-2-early-access-build-3052/) build. If you have a spare machine you could try that to see if it happens to have also made ECDSA work. (The last "maybe it accidentally works now" edit would have been 4.6.1, which you already have) – bartonjs Mar 15 '18 at 16:36
  • Are you using Windows7 or Windows8 as OS? I have found that underneath the crypt32.dll is used for encryption. This is a part of the OS and not from .Net. I have a certificate with Sha256ECDSA and when I want to do SignedCms.CheckSignature(true) it fails on Windows7/8 but it works on Windows10. When I use a Sha256RSA cert it works on all of them. The only solution for now that I have found is to use BouncyCastle and be OS independent. – Jeroen VL Jul 09 '18 at 10:04

0 Answers0