Reputation: 1155
How do I obtain the Signature Hash Algorithm from the certificate Signature Algorithm on Windows?
Given a certificate parsed with CNG on Windows, I am recommended to extract the "Signature Algorithm" as follows:
hashAlgorithm.pszObjId = cert->pCertInfo->SignatureAlgorithm.pszObjId;
On a particular certificate I get szOID_RSA_SHA256RSA.
Windows docs and examples tell me to pass szOID_RSA_SHA256RSA to CryptSignMessage, and this results in a successful PKCS7 signed response, however bouncycastle refuses to parse the signed response, claiming that 1.2.840.113549.1.1.11 (SHA256withRSAEncryption) is not valid.
This is technically true, bouncycastle wants 2.16.840.1.101.3.4.2.1 that corresponds to SHA256. This is what Windows describes as the "Signature Hash Algorithm".
Obviously I can construct a big switch statement in my own code, but that will break over time as new algorithms are released.
The question is, what Windows API call will return to me szOID_NIST_sha256 when given szOID_RSA_SHA256RSA?
Upvotes: 0
Views: 90
Answers (0)
Related Questions
- How do I install pip on Windows?
- How can I develop for iPhone using a Windows development machine?
- How do I run two commands in one line in Windows CMD?
- Generate a Hash from string in Javascript
- Is there an equivalent of 'which' on the Windows command line?
- How to upgrade Git on Windows to the latest version
- How do I get the application exit code from a Windows command line?
- How can I generate an MD5 hash in Java?
- List all environment variables from the command line