Given a public/private key pair PFX file created from the following commands:
makecert.exe -r -n "CN=TEST" -pe -sv TEST.pvk -a sha512 -len 2048 -b 01/01/2014 -e 12/31/2075 TEST.cer
pvk2pfx.exe -pvk TEST.pvk -spc TEST.cer -pfx TEST.pfx
The following C# code:
X509Certificate2 cert = new X509Certificate2("TEST.pfx");
Console.WriteLine(cert.SignatureAlgorithm.FriendlyName);
var creds = new X509SigningCredentials(cert);
Console.WriteLine(creds.SignatureAlgorithm);
Console.WriteLine("Key size: {0}", creds.SigningKey.KeySize / 8);
Results in this:
sha512RSA
http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
Key size: 256
What I am confused about is why the signing credentials are coming out as SHA256 when the cert was created SHA512? Am I misunderstanding something?
What you are probably misunderstanding is where the hashing algorithms are used. The first one is used during the creation of the signature over the certificate. The second one is the hashing algorithm that is used during signing with the private key that belongs to the certificate. That one seems to default to SHA-256.
Note that Microsoft is actually confusing hashing algorithms with signature algorithms. Maybe that once made some sense when everybody was still only using PKCS#1 v1.5 style signatures, but now it just makes them look stupid.