Discrepancy between signature algorithm identifiers #14
Comments
|
I'm going to move the issue to the main BC repo. Cheers |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, I'm in the process to write a CMP Certificate Confirmation Content and the code blows up while trying to create the CertHash. After investigation it turns out that the problem is caused by the value ("SHA-256withRSA") in the sigAlgName field of the certificate which is worked out using this code (X509Certificate.cs:247)
public virtual string SigAlgName { get { return SignerUtilities.GetEncodingName(c.SignatureAlgorithm.Algorithm); } }SignerUtilities.cs:67 associates a specific PkcsObjectIdentifier to a string (the algorithm's name), e.g.
algorithms[PkcsObjectIdentifiers.Sha256WithRsaEncryption.Id] = "SHA-256withRSA";Now, when the CMSSignedGenerator:346 looks this name up in its algorithms list it doesn't find it, and the reason is that the CMSSignedGenerator.cs:60 associates a different algorithm's name to the same PkcsObjectIdentifier: e.g.
algorithms["SHA256WITHRSA"] = PkcsObjectIdentifiers.Sha256WithRsaEncryption;The problem is clearly that the same identifier
PkcsObjectIdentifiers.Sha256WithRsaEncryptionis transcoded in 2 different names across the codebase.Adding
algorithms["SHA-256WITHRSA"] = PkcsObjectIdentifiers.Sha256WithRsaEncryption;to CMSSignedGenerator addresses the issue.Obviously this should be done for every algorithm present in the SignerUtilities.cs.
I look forward to hearing from you.
Thanks and regards,
Filippo Biondi
The text was updated successfully, but these errors were encountered: