3

I use Bouncy Castle libraries in C# to sign with SHA-256, and I'd like to use them in a test of a self generated certificate instead of a smartcard reader.

Using the self certificate used before, I have a cryptographic exception:

specified algoritm not valid

If I use a SHA-1 signature with the same self certificate, it goes well. With the smartcard the same code run successfully.

What is the makecert parameter?

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
Andreanta
  • 175
  • 1
  • 8

2 Answers2

9

The 4.5 version of makecert supports other signing algorithms such as sha256, sha384, or sha512. See makecert 4.5 (-a)

PAMF
  • 106
  • 1
  • 2
  • I used multiple version of Command Line because of multiple Visual Studio versions. I used the VS 2012 command line. – Nap Oct 15 '14 at 06:44
2

There is no parameter for makecert to use SHA256 has a hashing algorithm for makecert.exe. You can only use -a md5 or -a sha1.

Note there are also issues with certificates using a SHA256/384/512 hash on Windows XP and Windows 2003 and earlier operating systems (see http://blogs.msdn.com/b/alejacma/archive/2009/01/23/sha-2-support-on-windows-xp.aspx) and this may be what you are seeing.

akton
  • 14,148
  • 3
  • 43
  • 47