• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Want to support SHA-256 on Windows XP

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Theory and Cryptanalysis - Internal and Transmission Security

View previous topic :: View next topic  
Author Message
amol_crypto
Just Arrived
Just Arrived


Joined: 21 Jul 2009
Posts: 0


Offline

PostPosted: Tue Jul 21, 2009 7:48 am    Post subject: Want to support SHA-256 on Windows XP Reply with quote

I am trying to implement support of SHA_256 on Windows XP. I have certificate that I use to sign message digest when I call “CryptAcquireCertificatePrivateKey” to get provider and private key information I get provider (I guess PROV_RSA_FULL) which does not support SHA_256. “PROV_RSA_AES” supports SHA_256, I confirmed this. Please let me know how I can change the provider that is returned from “CryptAcquireCertificatePrivateKey” and make it return “PROV_RSA_AES” provider.


Thanks in Advnace
Amol
Back to top
View user's profile Send private message
puneet2k5
Just Arrived
Just Arrived


Joined: 20 Aug 2009
Posts: 0


Offline

PostPosted: Thu Aug 20, 2009 8:38 am    Post subject: Reply with quote

PROV_RSA_FULL does not support SHA-256.
To use PROV_RSA_AES, acquire its handle using CryptAcquireContext().
The use this handle for verification etc.
For SHA-2 make sure that
CRYPT_VERIFY_MESSAGE_PARA params passed to CryptVerifyDetachedMessageSignature() must contain a handle to a CSP of type 'PROV_RSA_AES'rather than NULL. Passing NULL means default CSP which may not be PROV_RSA_AES typ.
Back to top
View user's profile Send private message
amol_crypto
Just Arrived
Just Arrived


Joined: 21 Jul 2009
Posts: 0


Offline

PostPosted: Thu Aug 20, 2009 12:46 pm    Post subject: Reply with quote

Yes , I changed the provider type there and used PROV_RSA_AES instead of PROV_RSA_FULL but still verification part of detached message is getting failed. CryptVerifyDetachedMessageSignature says "failed: Invalid Signature (0x80090006).."

Anything else that I need to change to specify what type of SHA digest is this like SHA-256 or SHA-384.
Back to top
View user's profile Send private message
puneet2k5
Just Arrived
Just Arrived


Joined: 20 Aug 2009
Posts: 0


Offline

PostPosted: Tue Aug 25, 2009 9:09 am    Post subject: Reply with quote

At Minimum you must have Windows XP SP3. Plz check it
Back to top
View user's profile Send private message
amol_crypto
Just Arrived
Just Arrived


Joined: 21 Jul 2009
Posts: 0


Offline

PostPosted: Tue Aug 25, 2009 9:28 am    Post subject: Algorithm ID is not defined for SHA-224 Reply with quote

Why algorithm ID for SHA-224 is not defined in "wincrypt.h" header file like we have for SHA-256 (CALG_SHA_256).
Back to top
View user's profile Send private message
amol_crypto
Just Arrived
Just Arrived


Joined: 21 Jul 2009
Posts: 0


Offline

PostPosted: Tue Aug 25, 2009 2:57 pm    Post subject: Reply with quote

One more problem I encountered with CryptGetMessageCertificates it fails when I pass on signature (pkcs7) which has SHA-256 (pkcs1) embedded in it. It says invalid algorithm specified. I passed on "PROV_RSA_AES" as a provider type but get the same error. Any idea about this kind of behavior.
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Theory and Cryptanalysis - Internal and Transmission Security All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register