CODEWITHSUNDEEP
c#cryptography.net-core
Roman Prykhodko
Roman Prykhodko

Reputation: 103

Unable to sign data in .Net Core 2.1 - exception "Could not determine signature algorithm for the signer certificate" appears

Recently .Net Core had introduced SignedCms, so data signing became possible. However it is not so clear as it seems. I have sign method, which works well in .Net 4.6 (see below)

  private byte[] SignData(byte[] data, X509Certificate2 signCertificate, bool isAttached)
    {
        if (data == null || data.Length == 0)
        {
            throw new ArgumentException("Data to sign is missing", nameof(data));
        }
        if (signCertificate == null)
        {
            throw new ArgumentException("Certificate is missing", nameof(signCertificate));
        }
        var signer = new CmsSigner(SubjectIdentifierType.IssuerAndSerialNumber, signCertificate);
        var signedCms = new SignedCms(new ContentInfo(data), !isAttached);
        signedCms.ComputeSignature(signer);
        return signedCms.Encode();
    }

When I call it in .Net 4.6, the following exception appears:

{System.Security.Cryptography.CryptographicException: Could not determine signature algorithm for the signer certificate.
at System.Security.Cryptography.Pkcs.CmsSigner.Sign(ReadOnlyMemory`1  data, String contentTypeOid, Boolean silent, X509Certificate2Collection& chainCerts)
at System.Security.Cryptography.Pkcs.SignedCms.ComputeSignature(CmsSigner signer, Boolean silent)
at System.Security.Cryptography.Pkcs.SignedCms.ComputeSignature(CmsSigner signer)
at BusinessLogic.Managers.CryptographyService.SignData(Byte[] data, X509Certificate2 signCertificate, Boolean isAttached)

I have CSP with algorithm mentioned above installed in my PC, in .Net 4.6 it works fine. Please give some advice.

Upvotes: 0

Views: 1807

Answers (1)

bartonjs
bartonjs

Reputation: 33178

I have CSP with algorithm mentioned above installed in my PC

This suggests that your asymmetric algorithm isn't one of RSA, RSA-PSS, DSA, or ECDSA.

The .NET Framework implementation of SignedCms asks the Windows CMS libraries to do the signing, and those libraries have CAPI/CNG extensibility points.

The .NET Core implementation of SignedCms uses the .NET cryptographic classes and does the CMS formatting without asking the OS to do the work. It currently has no extensibility model.

If you only are interested in Windows then you could try P/Invoking into the Windows CMS APIs directly. Otherwise you'll need to make a feature request to .NET Core (https://github.com/dotnet/corefx/issues).

Upvotes: 2

Related Questions