Starting from Windows XP SP3 there is a partial support for SHA256.
With CryptoAPI when calling the "CryptCreateHash" function, it is important to choose a provider that supports it.
Microsoft basic or enhanced cryptographic providers will not work for this case, use
"Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)" instead.
This provider in Windows Vista and above supports SHA512 as well - great thing for testing, since all smart card manufacturers do this.
Unfortunately Microsoft does not support the SHA256RSA in .NET frameworks so far, SignedCms will tell it doesn't recognize this algorithm.
There are some implementations of pkcs7 encoding with SHA256RSA that work on windows XP SP3 - they are not free, but they do exist.
For instance ComsignTrustDesktop implements pkcs7 encoding with SHA256RSA for any type of files. There are some further difficulties with it such a lack of support from Microsoft Office 2007-20010 which do not support signature validation of this kind.
For instance ComsignTrustDesktop implements pkcs7 encoding with SHA256RSA for any type of files. There are some further difficulties with it such a lack of support from Microsoft Office 2007-20010 which do not support signature validation of this kind.
For further details please refer to :
Here is a PFX I've prepared for testing purposes:
Tags
Security