A Windows Vista forum. Vista Banter

Welcome to Vista Banter.

You are currently viewing our boards as a guest which gives you limited access to view most discussions, articles and access our other FREE features. By joining our free community you will have access to ask questions and reply to others posts, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact contact support.

Go Back   Home » Vista Banter forum » Microsoft Windows Vista » Security and Windows Vista
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Security and Windows Vista A forum for discussion on security issues with Windows Vista. (microsoft.public.windows.vista.security)

Fixed hash algorithm in CertEnroll library



 
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old August 29th 06, 08:32 AM posted to microsoft.public.windows.vista.security
Roman Sedov
external usenet poster
 
Posts: 1
Default Fixed hash algorithm in CertEnroll library

Hello!

The problem is fixed hash algorithm (SHA1) used in CertEnroll library.

That's why we can't create a certificate request using our Cryptographic
Provider (CSP), that implements Russian Crypto-algorithms but not SHA1.

X509Enrollment.IX509CertificateRequestPkcs10 interface has HashAlgorithm
property that is used for signing PKCS#10. But after creating PKCS#10
CertEnroll creates "dummy-certificate" for the "Request" store (like XEnroll
does). And it tries to sign this certificate with fixed in
CertEnroll::CX509SignatureInformation::SetDefaultV alues SHA1. We think that
it is more correct to use the same hash algorithm as for signing PKCS#10.



And several comments for "Certificate Enrollment" wizard from
"Certificates" snap-in:

First of all there is similar problem. User can't choose hash algorithm for
request signing. So, there is no UI for HashAlgorithm property.



The last build of Windows Vista we looked at is 5536.





Related links a

http://www.ietf.org/rfc/rfc4357.txt

http://www.ietf.org/rfc/rfc4357.txt

http://www.ietf.org/rfc/rfc4491.txt



P.S. If such behavior won't be corrected in release version of Vista, we
will have to resolve it in any way, this is critical for us. So, we will
request a fix for Vista using our benefits as Microsoft Gold Certified
Partner. So, we want to ask Microsoft to help us to avoid this process!



Thank you!



Roman Sedov
Crypto-Pro Company
Phone: +7(495)933-1168, +7(495)689-43-67
WWW: http://www.cryptopro.ru
e-mail:


 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT. The time now is 08:27 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.Search Engine Optimization by vBSEO 3.0.0 RC6
Copyright ©2004-2024 Vista Banter.
The comments are property of their posters.