More on .NET CMS classes and SHA-2 algorithms

Hi all,


We don’t officially support the .NET CMS classes with SHA-2 algorithms. This won’t work on Vista and later with third-party CSPs, for instance:

"An internal error ocurred" when using SHA-2 algorithms with SignedCMS

"Invalid provider type specified" when using CNG providers with .NET CMS classes


But it will work on Vista and later with MS providers (e.g. with a cert associated to "Microsoft Enhanced RSA and AES Cryptographic Provider")


Now, in a Windows XP scenario we have no CNG, so the issue is a bit different. The support to SHA-2 itself on Windows XP is a bit limited:

SHA-2 support on Windows XP


So on XP we need a CSP of type PROV_RSA_AES like "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)" (implemented in Rsaenh.dll) to work with SHA-2. 


The other day a customer of mine was getting an “Invalid algorithm specified”  when calling signedCms.CheckSignature to verify SHA256 signed files on Windows XP SP3

Debugging the issue I saw that .NET ends up calling CryptMsgOpenToDecode API behind the scenes with a NULL hCryptProv. That has the following implications:


CryptMsgOpenToDecode Function


Windows Server 2003, Windows XP, and Windows 2000: Specifies a handle for the cryptographic provider to use for hashing the message. For signed messages, hCryptProv is used for signature verification.This parameter's data type is HCRYPTPROV.

Unless there is a strong reason for passing in a specific cryptographic provider in hCryptProv, set this parameter to NULL. Passing in NULL causes the default RSA or DSS provider to be acquired before performing hash, signature verification, or recipient encryption operations.



And I could verify that we indeed end up getting the default CSP for the PROV_RSA_FULL provider type. So basically, with current .NET and Windows XP SP3 designs, we will never be able to use a provider of type PROV_RSA_AES with SignedCMS.


Summing up, current version of SignedCMS won’t support SHA-2 algorithms on Windows XP SP3


So we took my LargeCMS sample as a base for a workaround:

How to call CryptMsg API in streaming mode - LargeCMS full sample


The idea was to forget about SignedCMS by calling CryptMsg API directly. This way we could pass a valid HCRYPTPROV handle of a CSP that works with SHA-2 (like our "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)") to CryptMsgOpenToDecode API. 


My customer was able to use my sample with some minor modifications to verify the signature in XP and Vista: he modified the OpenMessageToDecode and the CheckSignature methods to pass in a handle to the proper CSP that supports SHA-2. The SignedLargeCMS.VerifySignature method in the sample now becomes:


public void VerifySignature(FileStream dataFile, FileStream encodedFile, FileStream decodedFile)
SafeCSPHandle hCryptProv = SafeCSPHandle.Null;

hCryptProv = Win32.AcquireRsaEnhVerifyContext();

Decode(hCryptProv.DangerousGetHandle(), dataFile, encodedFile, decodedFile);

// Check all signature in the message
Win32.CheckSignatures2(hCryptProv.DangerousGetHandle(), m_hMsg);

// Check parameters
if (m_hMsg.IsInvalid)
throw new Exception("CheckSignature error: Decode method must be called first");



The AcquireRsaEnhVerifyContext method is in Win32Helper file:

public static SafeCSPHandle AcquireRsaEnhVerifyContext()
SafeCSPHandle hCryptProv = SafeCSPHandle.Null;

out hCryptProv,
"Microsoft Enhanced RSA and AES Cryptographic Provider",
PROV_RSA_ENH, // type 24, 0x00000018
if ((hCryptProv == null) || (hCryptProv.IsInvalid))
throw new Exception("CryptAcquireContext error #" + Marshal.GetLastWin32Error().ToString(), new Win32Exception(Marshal.GetLastWin32Error()));

return hCryptProv;


Note that in AcquireRsaEnhVerifyContext we will have to use "Microsoft Enhanced RSA and AES Cryptographic Provider" on Vista and later, and "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)" on XP.



I hope this helps.



Alex (Alejandro Campos Magencio)

Comments (0)

Skip to main content