Welcome to Vista Banter.
You are currently viewing our boards as a guest which gives you limited access to view most discussions, articles and access our other FREE features. By joining our free community you will have access to ask questions and reply to others posts, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!
If you have any problems with the registration process or your account login, please contact contact support.
|Security and Windows Vista A forum for discussion on security issues with Windows Vista. (microsoft.public.windows.vista.security)|
||LinkBack||Thread Tools||Display Modes|
Fixed hash algorithm in CertEnroll library
The problem is fixed hash algorithm (SHA1) used in CertEnroll library.
That's why we can't create a certificate request using our Cryptographic
Provider (CSP), that implements Russian Crypto-algorithms but not SHA1.
X509Enrollment.IX509CertificateRequestPkcs10 interface has HashAlgorithm
property that is used for signing PKCS#10. But after creating PKCS#10
CertEnroll creates "dummy-certificate" for the "Request" store (like XEnroll
does). And it tries to sign this certificate with fixed in
CertEnroll::CX509SignatureInformation::SetDefaultV alues SHA1. We think that
it is more correct to use the same hash algorithm as for signing PKCS#10.
And several comments for "Certificate Enrollment" wizard from
First of all there is similar problem. User can't choose hash algorithm for
request signing. So, there is no UI for HashAlgorithm property.
The last build of Windows Vista we looked at is 5536.
Related links a
P.S. If such behavior won't be corrected in release version of Vista, we
will have to resolve it in any way, this is critical for us. So, we will
request a fix for Vista using our benefits as Microsoft Gold Certified
Partner. So, we want to ask Microsoft to help us to avoid this process!
Phone: +7(495)933-1168, +7(495)689-43-67