ispiro
Reputation: 27683
Why does RSACryptoServiceProvider.VerifyHash have a “hash algorithm identifier” parameter?
Since RSACryptoServiceProvider.VerifyHash verifies an already hashed message - why does it need to know which hash algorithm was used?
When asking about the SignHash method , it was suggested that the reason there is for communicating the hash (and not for actual use in the signing). But that won't explain it in this case. (since it's not an out parameter.)
Upvotes: 2
Views: 1311
Answers (1)
Nickolay Olshevsky
Reputation: 14160
That's because PKCS#1 encoding of signature includes hash function OID in RSA-encrypted data block.
Upvotes: 3
Related Questions
- Verify integrity Ceritifcate { RSACryptoServiceProvider - SHA1 - thumbprint }
- Can RSACryptoServiceProvider (.NET's RSA) use SHA256 for encryption (not signing) instead of SHA1?
- RSACryptoServiceProvider.SignHash with SHA256 returns 128 bytes instead of 32?
- Why is SHA256 and invalid hash algorithm when signing with RSA?
- Using the RSACryptoServiceProvider to sign a hash from a server and then verifying the hash from client side
- Do I use RSACryptoServiceProvider.SignHash to sign data?
- Why does SignHash need to know what hash algorithm was used?
- .net RSACryptoServiceProvider supported hash algorithms
- RSA_sign and RSACryptoProvider.VerifySignature
- Why does RSACryptoServiceProvider.VerifyHash need an LDAP check?