SHA256签署停止工作在.NET 4.5工作、NET
我们有一块code这将创建一个SigningCredentials反对使用使用SHA256算法签署的XML文档。它与.NET 3.5完美。然而,当我们升级我们的codeBase类到.NET 4.5,它停止工作。同一code,相同的证书!我把时间用在调试和在互联网上搜索小时,没有任何运气。
谁能告诉我什么这里的问题是?谢谢你在前进。
code创建SigningCredentials:
公共SigningCredentials CreateSigningCredentials(X509Certificate2 CERT)
{
VAR滑雪=新SecurityKeyIdentifier(新X509RawDataKeyIdentifierClause(CERT));
返回新SigningCredentials(新X509AsymmetricSecurityKey(CERT),http://www.w3.org/2001/04/xmldsig-more#rsa-sha256,http://www.w3.org/2001/04/xmlenc #SHA256,滑雪场);
}
例外:
[CryptographicException:指定了无效的算法。
]
System.Security.Cryptography.CryptographicException.ThrowCryptographicException(的Int32小时)+41
System.Security.Cryptography.Utils.SignValue(SafeKeyHandle的hKey,的Int32 keyNumber,的Int32 calgKey,的Int32 calgHash,字节[]哈希的Int32 cbHash,ObjectHandleOnStack retSignature)+ 0
System.Security.Cryptography.Utils.SignValue(SafeKeyHandle的hKey,的Int32 keyNumber,的Int32 calgKey,的Int32 calgHash,字节[]哈希)+118
System.Security.Cryptography.RSACryptoServiceProvider.SignHash(字节[] rgbHash,的Int32 calgHash)+ 334
System.Security.Cryptography.RSAPKCS1SignatureFormatter.CreateSignature(字节[] rgbHash)+321
System.IdentityModel.SignedXml.ComputeSignature(HashAlgorithm哈希,AsymmetricSignatureFormatter格式,字符串是SignatureMethod)323
System.IdentityModel.SignedXml.ComputeSignature(SecurityKey signingKey)690
System.IdentityModel.EnvelopedSignatureWriter.ComputeSignature()+338
System.IdentityModel.EnvelopedSignatureWriter.OnEndRootElement()278
System.IdentityModel.Metadata.MetadataSerializer.WriteEntityDescriptor(XmlWriter的inputWriter,EntityDescriptor entityDescriptor)1109
解决方案
虽然这个问题被问大约一年前,它已经收到了一些选票最近这可能表明,一些人所得到的同样的问题。希望这个答案可以帮助:) 简单地说,错误不会发生在所有的机器,但只在其中的一些。我想这取决于哪些电信运营商已经注册了特定的机器上。不管怎样,在我的具体情况,证书是不是微软RSA SChannel中...或微软强大的加密提供者为CSP产生。我生成一个新的证书,但使用Microsoft增强RSA和AES加密提供程序作为CSP和它SHA256签约开始为我工作。
一些参考文献:
https://social.msdn.microsoft.com/Forums/vstudio/en-US/e391ba75-ce6e-431c-bfc9-26a71ae1b033/sha256-signing-stops-working-in-net-45?forum=Geneva (你可以看到,万元保赐谁帮我解决这个问题)
的http://hintdesk.com/c-how-to-fix-invalid-algorithm-specified-when-signing-with-sha256/
We have a piece of code which creates a SigningCredentials object to use to sign xml document by using SHA256 algorithm. It works with .NET 3.5 perfectly. However, when we upgrade our codebase to .NET 4.5, it stops working. Same code, same certificate! I have spent hours on debugging and searching on the internet without any luck.
Could anyone please tell me what the problem here is? Thank you in advance.
Code to create SigningCredentials:
public SigningCredentials CreateSigningCredentials(X509Certificate2 cert)
{
var ski = new SecurityKeyIdentifier(new X509RawDataKeyIdentifierClause(cert));
return new SigningCredentials(new X509AsymmetricSecurityKey(cert), "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", "http://www.w3.org/2001/04/xmlenc#sha256", ski);
}
Exception:
[CryptographicException: Invalid algorithm specified.
]
System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr) +41
System.Security.Cryptography.Utils.SignValue(SafeKeyHandle hKey, Int32 keyNumber, Int32 calgKey, Int32 calgHash, Byte[] hash, Int32 cbHash, ObjectHandleOnStack retSignature) +0
System.Security.Cryptography.Utils.SignValue(SafeKeyHandle hKey, Int32 keyNumber, Int32 calgKey, Int32 calgHash, Byte[] hash) +118
System.Security.Cryptography.RSACryptoServiceProvider.SignHash(Byte[] rgbHash, Int32 calgHash) +334
System.Security.Cryptography.RSAPKCS1SignatureFormatter.CreateSignature(Byte[] rgbHash) +321
System.IdentityModel.SignedXml.ComputeSignature(HashAlgorithm hash, AsymmetricSignatureFormatter formatter, String signatureMethod) +323
System.IdentityModel.SignedXml.ComputeSignature(SecurityKey signingKey) +690
System.IdentityModel.EnvelopedSignatureWriter.ComputeSignature() +338
System.IdentityModel.EnvelopedSignatureWriter.OnEndRootElement() +278
System.IdentityModel.Metadata.MetadataSerializer.WriteEntityDescriptor(XmlWriter inputWriter, EntityDescriptor entityDescriptor) +1109
解决方案
While this question was asked almost a year ago, it has received some up votes recently which may indicate that some other people are getting the same problem. Hopefully this answer can help :) Briefly speaking, the error doesn't happen in all machines but only in some of them. I guess it depends on what CSPs have been registered on a specific machine. Anyway, in my specific case, the certificate was generated with either "Microsoft RSA SChannel..." or "Microsoft strong cryptographic provider" as the CSP. I generated a new certificate but used "Microsoft Enhanced RSA and AES Cryptographic Provider" as the CSP and it SHA256 signing started working for me.
Some references:
https://social.msdn.microsoft.com/Forums/vstudio/en-US/e391ba75-ce6e-431c-bfc9-26a71ae1b033/sha256-signing-stops-working-in-net-45?forum=Geneva (as you can see, million thanks to Paul who helped me solve this issue)
http://hintdesk.com/c-how-to-fix-invalid-algorithm-specified-when-signing-with-sha256/
