We have a piece of code which creates a SigningCredentials object to use to sign xml document by using SHA256 algorithm. It works with .NET 3.5 perfectly. However, when we upgrade our codebase to .NET 4.5, it stops working. Same code, same certificate! I have spent hours on debugging and searching on the internet without any luck.
Could anyone please tell me what the problem here is? Thank you in advance.
Code to create SigningCredentials:
public SigningCredentials CreateSigningCredentials(X509Certificate2 cert)
{
var ski = new SecurityKeyIdentifier(new X509RawDataKeyIdentifierClause(cert));
return new SigningCredentials(new X509AsymmetricSecurityKey(cert), "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", "http://www.w3.org/2001/04/xmlenc#sha256", ski);
}
Exception:
[CryptographicException: Invalid algorithm specified.
]
System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr) +41
System.Security.Cryptography.Utils.SignValue(SafeKeyHandle hKey, Int32 keyNumber, Int32 calgKey, Int32 calgHash, Byte[] hash, Int32 cbHash, ObjectHandleOnStack retSignature) +0
System.Security.Cryptography.Utils.SignValue(SafeKeyHandle hKey, Int32 keyNumber, Int32 calgKey, Int32 calgHash, Byte[] hash) +118
System.Security.Cryptography.RSACryptoServiceProvider.SignHash(Byte[] rgbHash, Int32 calgHash) +334
System.Security.Cryptography.RSAPKCS1SignatureFormatter.CreateSignature(Byte[] rgbHash) +321
System.IdentityModel.SignedXml.ComputeSignature(HashAlgorithm hash, AsymmetricSignatureFormatter formatter, String signatureMethod) +323
System.IdentityModel.SignedXml.ComputeSignature(SecurityKey signingKey) +690
System.IdentityModel.EnvelopedSignatureWriter.ComputeSignature() +338
System.IdentityModel.EnvelopedSignatureWriter.OnEndRootElement() +278
System.IdentityModel.Metadata.MetadataSerializer.WriteEntityDescriptor(XmlWriter inputWriter, EntityDescriptor entityDescriptor) +1109
While this question was asked almost a year ago, it has received some up votes recently which may indicate that some other people are getting the same problem. Hopefully this answer can help :) Briefly speaking, the error doesn't happen in all machines but only in some of them. I guess it depends on what CSPs have been registered on a specific machine. Anyway, in my specific case, the certificate was generated with either "Microsoft RSA SChannel..." or "Microsoft strong cryptographic provider" as the CSP. I generated a new certificate but used "Microsoft Enhanced RSA and AES Cryptographic Provider" as the CSP and it SHA256 signing started working for me.
Some references:
https://social.msdn.microsoft.com/Forums/vstudio/en-US/e391ba75-ce6e-431c-bfc9-26a71ae1b033/sha256-signing-stops-working-in-net-45?forum=Geneva (as you can see, million thanks to Paul who helped me solve this issue)
http://hintdesk.com/c-how-to-fix-invalid-algorithm-specified-when-signing-with-sha256/