[Mono-list] SingedXml.ComputeSignature: Why is SHA1 enforced

Mathias Tausig mtausig at fsmat.at
Mon Jun 2 11:24:14 EDT 2008


> Hello Mathias,
>
> On Fri, 2008-05-30 at 12:58 +0200, Mathias Tausig wrote:
>> Hy!
>>
>> I was looking through the ComputeSignature() function of the SignedXML
>> class: There appear the source lines (abbreviated, just for a RSA case):
>>
>> signer = new RSAPKCS1SignatureFormatter (key);
>
> IIRC this class only support SHA1 and MD5. This is because MS version,
> in the earlier frameworks, was limited to what CryptoAPI supported. Not
> sure if the class was updated (in the newer 3.5 framework which also
> supports CNG under Vista) to support more algorithm. If it is please
> fill a bug report about it.

No, msdn still only speaks of RSA-SHA1.

>
>> HashAlgorithm hash = GetHash (sd.DigestAlgorithm);
>> byte[] digest = hash.ComputeHash (SignedInfoTransformed ());
>> signer.SetHashAlgorithm ("SHA1");
>> m_signature.SignatureValue = signer.CreateSignature (digest);
>>

I haven't checked it throughly yet, but I do believe the the hard coded
setting of SHA1, while some of the other objects could be set to a
different algorithm is probably a bug.

cheers
Mathias



More information about the Mono-list mailing list