Forums, Documentation & Knowledge Base - ComponentSpace

SHA-256 and Cryptographic Service Provider Types


https://www.componentspace.com/forums/Topic1565.aspx

By ComponentSpace - 7/11/2015

SHA-256, SHA-384 and SHA-512 XML signatures require the Microsoft Enhanced RSA and AES Cryptographic Provider. This provider's type is 24.
More details about cryptographic service providers (CSPs) and their capabilities may be found at:
https://msdn.microsoft.com/en-us/library/windows/desktop/bb931357(v=vs.85).aspx
The following code displays various information about an X.509 certificate and its associated private key.

var x509Certificate = new X509Certificate2("test.pfx", "password", X509KeyStorageFlags.Exportable);
Console.WriteLine(x509Certificate.ToString(true));

The output includes information about the cryptographic provider.
The following output shows the Microsoft Enhanced RSA and AES Cryptographic Provider (type 24) is used and this private key may be used to generate SHA-256, SHA-384 and SHA-512 XML signatures.

[Private Key]
  Key Store: User
  Provider Name: Microsoft Enhanced RSA and AES Cryptographic Provider
  Provider type: 24
  Key Spec: Exchange
  Key Container Name:
  Hardware Device: False
  Removable: False

By comparison, the following output is for a private key that doesn't support SHA-256 XML signatures although it may be used to generate SHA-1 XML signatures.

[Private Key]
  Key Store: User
  Provider Name: Microsoft Strong Cryptographic Provider
  Provider type: 1
  Key Spec: Exchange
  Key Container Name:
  Hardware Device: False
  Removable: False
By ComponentSpace - 2/8/2022

No. This shouldn't have any impact on the partner site verifying the signatures. No changes are made to the private or public key. The cryptographic service provider type is a separate property stored in the PFX file.