Reputation: 1
How to enable hash algorithm SHA-256 for ASP.NET, .NET Framework 4.8?
We have a web service, running under Windows 2019 Server. It's implemented with C# (WSE 2.0, ASP.NET, .NET Framework 4.8).
That web service needs data from another web service. So for every request a SOAP request message is created and sent to that other web service.
That interface to that other web service has been changed. Before that change the SOAP response messages contained no security header at all. Now they contain such a security header and the signatures are encrypted with SHA-256. This causes error messages: "SignatureDescription could not be created for the signature algorithm supplied."
In outgoing SOAP request messages I see that SHA-1 is used for the signatures.
So obvious the system is no able to handle SHA-256 and I have to adapt it.
I've added a public class RSAPKCS1SHA256SignatureDescription to the code, with overriding methods for CreateDeformatter and CreateFormatter and a method to register the sha-256 hash algorithm which is called in constructor of proxy class for that interface to the other web service.
The signature algorithm of the signature object is set to SHA-256, too.
The Cryptographic Service Provider of the client certificate for that interface was set to "Microsoft Enhanced RSA and AES Cryptographic Provider". She signature algorithm of the certificate is sha256.
Some entries in the Windows registry have been added: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\SHA256, set to enabled Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Configuration\Local\Default\Functions\Hashes\SHA256 = bcrypt.dll Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Configuration\Local\Default\Providers\Hash\SHA256\Functions\OpenSSL = bcrypt.dll
In files C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\machine.config and C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config entries have been created for mscorlib and cryptoClass RSASHA256SignatureDescription.
None of that changes had any effect. The SOAP request messages for the other web service are still signed with SHA-1 and the incomming response messages cannot be processed.
So whether I made a mistake or there is still any importand configuration missing.
Does anyone have an idea how the using of hash algorithm SHA-256 can be enabled?
Upvotes: 0
Views: 504
Answers (0)
Related Questions
- How to hash some String with SHA-256 in Java?
- Generating a SHA-256 hash from the Linux command line
- When using GPG to sign git commits, what exactly is being signed?
- Hash String via SHA-256 in Java
- How to encrypt data using RSA, with SHA-256 as hash function and MGF1 as mask generating function?
- OpenSSL on Mac OS X for SHA-256 signature algorithm
- One way hash (not for crypto/security), use SHA256 (not MD5, SHA-1)?
- C# Support for RSA SHA 256 signing for individual XML elements
- How to convert String to SHA-256 hash in J2ME?