[Mono-list] SingedXml.ComputeSignature: Why is SHA1 enforced
mtausig at fsmat.at
Mon Jun 2 11:24:14 EDT 2008
> Hello Mathias,
> On Fri, 2008-05-30 at 12:58 +0200, Mathias Tausig wrote:
>> I was looking through the ComputeSignature() function of the SignedXML
>> class: There appear the source lines (abbreviated, just for a RSA case):
>> signer = new RSAPKCS1SignatureFormatter (key);
> IIRC this class only support SHA1 and MD5. This is because MS version,
> in the earlier frameworks, was limited to what CryptoAPI supported. Not
> sure if the class was updated (in the newer 3.5 framework which also
> supports CNG under Vista) to support more algorithm. If it is please
> fill a bug report about it.
No, msdn still only speaks of RSA-SHA1.
>> HashAlgorithm hash = GetHash (sd.DigestAlgorithm);
>> byte digest = hash.ComputeHash (SignedInfoTransformed ());
>> signer.SetHashAlgorithm ("SHA1");
>> m_signature.SignatureValue = signer.CreateSignature (digest);
I haven't checked it throughly yet, but I do believe the the hard coded
setting of SHA1, while some of the other objects could be set to a
different algorithm is probably a bug.
More information about the Mono-list