Fixed hash algorithm in CertEnroll library
Hello!
The problem is fixed hash algorithm (SHA1) used in CertEnroll library. That's why we can't create a certificate request using our Cryptographic Provider (CSP), that implements Russian Crypto-algorithms but not SHA1. X509Enrollment.IX509CertificateRequestPkcs10 interface has HashAlgorithm property that is used for signing PKCS#10. But after creating PKCS#10 CertEnroll creates "dummy-certificate" for the "Request" store (like XEnroll does). And it tries to sign this certificate with fixed in CertEnroll::CX509SignatureInformation::SetDefaultV alues SHA1. We think that it is more correct to use the same hash algorithm as for signing PKCS#10. And several comments for "Certificate Enrollment" wizard from "Certificates" snap-in: First of all there is similar problem. User can't choose hash algorithm for request signing. So, there is no UI for HashAlgorithm property. The last build of Windows Vista we looked at is 5536. Related links a http://www.ietf.org/rfc/rfc4357.txt http://www.ietf.org/rfc/rfc4357.txt http://www.ietf.org/rfc/rfc4491.txt P.S. If such behavior won't be corrected in release version of Vista, we will have to resolve it in any way, this is critical for us. So, we will request a fix for Vista using our benefits as Microsoft Gold Certified Partner. So, we want to ask Microsoft to help us to avoid this process! Thank you! Roman Sedov Crypto-Pro Company Phone: +7(495)933-1168, +7(495)689-43-67 WWW: http://www.cryptopro.ru e-mail: |
All times are GMT. The time now is 11:39 PM. |
Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.0.0 RC6
Copyright ©2004-2006 VistaBanter.com