Archived Forum Post

Index of archived forum posts

Question:

Crypt2 Chilkat Delphi ActiveX: crypt.HashAlgorithm does not work for "sha256" algorithm

Apr 09 '15 at 10:40

As title suggests, the property HashAlgorithm does not set "sha256", so that I cannot create a .P7M file.

If I use as algorithm "sha1" or "md5" it works fine, anyone knows why?

The quote from the documentation: HashAlgorithm As String

Selects the hash algorithm used by methods that create hashes. The valid choices are "sha1", "sha256", "sha384", "sha512", "md2", "md5", "haval", "ripemd128", "ripemd160","ripemd256", or "ripemd320".


Answer

Make sure to test with the very latest version of Chilkat.

Also, examine the contents of the LastErrorText property after calling CreateP7M (or whichever method you are using to create the .p7m file). Please post the contents of the LastErrorText here, with formatting intact using "pre" tags..


Answer

ok, thanks very much for your help.

I have the latest version of Chilkat libraries.

This is the error Log I get, when I try to sign a document using a certificate from a smart card.

ChilkatLog:
  CreateP7M:
    DllDate: Jul 31 2014
    ChilkatVersion: 9.5.0.43
    UnlockPrefix: 30-day trial
    Username: EDITED HERE Personal Info
    Architecture: Little Endian; 64-bit
    Language: .NET 4.0 / x64
    VerboseLogging: 0
    inPath: test.txt
    outPath: test.p7m
    createOpaqueSignature:
      No private key seems to be available for signing (6)
      Continuing anyway in case it's a hardware CSP...
      Will use CryptoAPI for signing.
      Using Crypto API, therefore must load entire file into memory.
      msCryptoSignature:
        bDetached: 0
        cert_def_provider: Bit4id Universal Middleware Provider
        hashAlgorithmName: sha1
        hashAlgorithmOid: 1.3.14.3.2.26
        buildCertChain:
          startCertDN: EDITED CENSURED personal info here
          Unable to build certificate chain to root.
        --buildCertChain
        signingCert:  EDITED CENSURED personal info here
        pkcs7NumBytes: 1818
        This is an opaque signature that includes the signed data.
      --msCryptoSignature
    --createOpaqueSignature
  --CreateP7M
--ChilkatLog

This is the code snipper I did:

Chilkat.Csp csp = new Chilkat.Csp();
      System.Console.WriteLine(csp.SetProviderMicrosoftRsaAes());
      System.Console.WriteLine(csp.ProviderName);

  //csp.SetHashAlgorithm("SHA256");
  System.Console.WriteLine(csp.SetHashAlgorithm("SHA256"));
  System.Console.WriteLine(csp.HashAlgorithm);

  //  Tell the crypt component to use this cert and this CSP.
  crypt.SetSigningCert(cert);
  System.Console.WriteLine(crypt.SetCSP(csp));
  string outputFile;
  outputFile = @"test.p7m";
  string inFile;
  inFile = @"test.txt";
  System.Console.WriteLine(crypt.CreateP7M(@"test.txt", @"test.p7m"));

I tried almost all formats (sha256 / SHA-256) but I got the same Chillkat Log.


Answer

After calling csp.SetHashAlgorithm("SHA256"), examine the contents of the csp.LastErrorText to see if the hash algorithm is offered by the particular cryptographic service provider.

Note: This problem is specific to the fact that the private key is non-exportable and internally, Chilkat must relegate the signing to the Microsoft Crypto API.


Answer

the line csp.SetProviderMicrosoftRsaAes(); set up a Rsa/Aes Provider Name thet work only on Windows XP: "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)"

use this code line instead: csp.ProviderName = "Microsoft Enhanced RSA and AES Cryptographic Provider"; and it will find the sha256 HashAlgorithm

source: https://msdn.microsoft.com/en-us/library/windows/desktop/aa380243%28v=vs.85%29.aspx