Feb 12, 2025
Introduction
SHA-2 is a set of cryptographic hash functions which includes SHA-224, SHA-256, and SHA-512. The 256 in SHA-256 represents the bit size of the hash output or digest when the hash function is performed. Not all software supports every digest size within the SHA-2 family. This article focuses specifically on SHA-256 and its compatibility with various software platforms and operating systems. As a general rule, SHA-256 is supported on OS X 10.5+ and Windows XP SP3+.
Read our Hash Functions article for a better understanding of how they work and how they are used to validate certificates and documents.
For GlobalSign’s policy on SHA-256 issuance as well as important dates set by Microsoft, Google, and Mozilla, please read the SHA-256 Rollout article.
To purchase a trusted SHA-256 certificate, contact a GlobalSign representative.
Index:
- OS, Browser, and Server Support
- Firewall Support
- Toolkits, Libraries, Frameworks, etc.
- Database Support
- Detailed Operating System Support
- E-Mail Clients
- Document Signing
- Windows Code Signing
- SafeNet iKey / eToken Compatibility
- Mainframe
- Citrix Support
- Services
OS, Browser, and Server Support
|
Minimum OS Version (SSL Certificates) |
Minimum OS Version (Client Certificates) |
|
|---|---|---|
| Apple OS X | 10.5+ | 10.5+ |
| Apple iOS | 3.0+ (Required in iOS 9+) [30] |
3.0+ |
| Android* | 1.0+ (1.6 / 2.2) | 1.0+ |
| Blackberry | 5.0+ | 5.0+ |
| ChromeOS | All Versions | All Versions |
| Windows [1] [2] | XP SP3+ | XP SP3+ |
| Windows Phone | 7+ | 7+ |
| Windows Server | 2003 SP2 +MS13-095 | 2003 SP2 +MS13-095 |
| Minimum Browser Version | ||
| Chrome** [7] | 1.0+ (38+) | |
| Firefox [7] | 1.0+ | |
| Internet Explorer [7] | 6+ (On a SHA-2 Compatible OS) |
|
| Konqueror | 3.5.6+ | |
| Mozilla [7] | 1.4+ | |
| Netscape [7] | 7.1+ | |
| Opera [7] | 6.0+ | |
| Safari | 3+ (Ships with OS X 10.5) |
|
| Minimum Server Version | ||
| Active Directory Federation Server (AD FS) [28] | 2.0+ (Must use non-CNG CSP) |
|
| Apache HTTP Server*** | Dependent on OpenSSL or GnuTLS version. |
|
| Apache Tomcat | Dependent on Java version | |
| IBM Domino Server [9] | 9.x with Fix Pack | |
| IBM HTTP Server [10] | Any version with GSKit 7.0.4.14 | |
| IBM WebSphere Server [26] | 7.0.0.25 / 8.0.04 with PM62842 | |
| Microsoft Exchange Server | Dependent on Windows Server version | |
| NGINX | Dependent on OpenSSL version | |
| Oracle Wallet Manager | 11.2.0.1+ | |
| Oracle Weblogic**** [27] | 10.3.3+ |
* Android has the technical capability of handling SHA-256 certificates right from version 1.0. In practice, some users may encounter issues with validating certificates that use cross certificates (these help chain certificates to alternate roots). 1.6 improved this issue for some users, with the issue being resolved as of version 2.2.
** Chrome is capable of supporting SHA-2 certificates as of version 1.0, however through version 37 it is dependent on the operating system. For instance, on Windows Server 2003 without MS13-095 or Windows XP SP2 Chrome will not connect to pages using SHA-2 certs. Applying MS13-095 to Server 2003, or SP3 to Windows XP will allow Chrome to support SHA-2 on these legacy systems.
Chrome 38+ can validate SHA-2 certificates independently, even on systems like Server 2003 without MS13-095 applied.
*** Apache 2.0 is bundled with mod_ssl by default. Versions prior to 2.0 require manual installation of mod_ssl for any SSL support at all. Mod_gnutls is an alternative to mod_ssl, leveraging GnuTLS instead of OpenSSL libraries.
**** Oracle Weblogic Server 10.3.3 and above have JSSE available to support SSL/TLS certificates & connections. Older versions leverage Certicom extensions, which is now considered deprecated.
10.3.3 is the first version to officially support JSSE, it can be enabled by logging in to the admin console and clicking Environment > Servers > ManagedServerName > Configuration > SSL > Advanced > Use JSSE SSL. Click Save; restart your server. Versions prior to 10.3.3 can manually enable JSSE, but it is not officially supported by Oracle.
Firewall Support
| Minimum Version | |
|---|---|
| Cisco ASA 5500 [29] | 8.2 (3.9) |
Toolkits, Libraries, Frameworks, etc.
| Minimum Version | |
|---|---|
| Java [19] | Java 1.4.2+ |
| Mozilla NSS [18] | 3.8+ |
| OpenSSL* [3] | 0.9.8 / 0.9.8o+ |
| GNUTLS [12] | 1.7.4+ |
| .NET FX[13] | 3.5 SP1+ |
Support for SHA-2 was introduced in OpenSSL 0.9.8, but is not enabled by default with SSL_library_init(). In 0.9.8, SHA-2 hash functions must be called specifically or by using OpenSSL_add_all_algorithms() which may not be desired. OpenSSL 0.9.8o enables the SHA-2 hash algorithms in the default configuration.
Database Support
| Minimum Version | |
|---|---|
| MYSQL[23] | 5.5.5+ |
| PostgreSQL [24] [25] | 8.1 / 8.2* |
* The pgcrypto module for PostgreSQL introduced support for the SHA-2 family of hash algorithms with the 8.1 release but only for the standalone module. 8.2 incorporated the SHA-2 functions of the pgcrypto module into PostgreSQL core allowing these hashes to be available to PostgreSQL even if the installed version of OpenSSL does not support it.
Detailed Operating System Support
|
SSL Certificates (Client Side) |
SSL Certificates (Server Side) |
S/MIME | Code Signing | |
|---|---|---|---|---|
| Windows XP (SP1, SP2) | ✗ | N/A | ✗ | ✗ |
| Windows XP SP3 | ✓ | N/A | Partial* | Partial** |
| Windows Vista | ✓ | N/A | ✓ | Partial** |
| Windows 7 [20] | ✓ | N/A | ✓ | ✓ |
| Windows 8 | ✓ | N/A | ✓ | ✓ |
| Windows 10 | ✓ | N/A | ✓ | ✓ |
| Windows Server 2003 / 2003 SP1 | ✗ | ✗ | ✗ | ✗ |
| Windows Server 2003 SP2 + MS13-095 | ✓ | ✓ | ✓ | ✗ |
| Windows Server 2008 | ✓ | ✓ | ✓ | Partial** |
| Windows Server 2008 R2 [20] | ✓ | ✓ | ✓ | ✓ |
| Windows Server 2012 & 2012 R2 | ✓ | ✓ | ✓ | ✓ |
| Windows Mobile 5 | ✗ | N/A | ✗ | N/A |
| Windows Mobile 6 | ✗ | N/A | ✗ | N/A |
| Windows Phone 7 | ✓ | N/A | ✓ | N/A |
| Windows Phone 8 | ✓ | N/A | ✓ | N/A |
Notes on «Partial» compatibility:
* S/MIME:
- Outlook on Windows XP SP3 can utilize certificates signed with SHA-256 but cannot validate an e-mail signed using the SHA-256 hashing algorithm.
- By default Outlook signs with SHA1 even if a SHA2 cert is in use though this behavior can be changed if desired.
** Code Signing:
- Code can be signed with a SHA2 cert on any of the systems listed as having partial or full compatibility without issue.
- There is an incompatibility with SHA2 signed kernel drivers on the partially compatible platforms. Kernel drivers signed with SHA2 certs will not install on systems listed as having «Partial» compatibility.
E-Mail Clients
The signature hash algorithm on the certificate itself is independent of the signature hash placed on an e-mail. For example, Outlook 2003 on XP SP3 can utilize a certificate signed with SHA-256 to sign an encrypt e-mails. But the signature on the e-mail will be limited to SHA1.
| Verify SHA-1 Signed E-Mail | Verify SHA-256 Signed E-Mail | Send SHA-1 Signed E-Mail | Send SHA-256 Signed E-Mail | |
|---|---|---|---|---|
| Mozilla Thunderbird 1 — 4 [21] | ✓ | ✗ | ✓ | ✗ |
| Mozilla Thunderbird 5 — 37 [4] [21] | ✓ | ✓ | ✓ | ✗ |
| Mozilla Thunderbird 38+ [22] | ✓ | ✓ | ? | ✓ |
| IBM Notes 8 [8] | ✓ | ✗ | ✓ | ✗ |
| IBM Notes 9 [8] | ✓ | ✓ | ✓ | ✓ |
| Microsoft Entourage 2004 [17] | ✓ | ✗ | ✓ | ✗ |
| Microsoft Entourage 2008 [17] | ✓ | ✓ | ✓ | ✓ |
| Microsoft Outlook 2003 & 2007 on XP SP3 [1] [2] | ✓ | ✗ | ✓ | ✗ |
| Microsoft Outlook 2007 on Windows Vista [1] [2] | ✓ | ✓ | ✓ | ✓ |
| Outlook for Mac 2011 [17] | ✓ | ✓ | ✓ | ✓ |
Set Outlook Hash Algorithm to SHA-1
Outlook 2003: Tools > Options > Settings > Security > Settings > Hash Algorithm > SHA1
Outlook 2007, 2010, 2013: File > Options > Trust Center > Trust Center Settings > E-Mail Security > Settings > Hash Algorithm > SHA1
Document Signing
| Place SHA1 Signature with SHA-256 certificate | Place SHA2 Signature with SHA-256 certificate | Validate SHA2 Signature | |
|---|---|---|---|
| LibreOffice 4[7] | ✓ | ✗ | ✗ |
| Microsoft Office 2003, 2007[7] | ✓ | ✗ | ✗ |
| Microsoft Office 2010, 2013 | ✓ | ✓ | ✓ |
| Adobe Acrobat 8.0+ | ✓ | ✓ | ✓ |
| Adobe Reader 8.0+ | ✓ See Note |
✓ See Note |
✓ |
Note: Adobe Reader 8+ can place signatures with a Digital ID if the functionality has been enabled via Adobe Acrobat Professional.
Adobe Acrobat & Adobe Reader are compatible with SHA-256 certs as of version 8.0, but still place SHA1 signatures by default. As of version 9.1, Acrobat & Reader will prefer SHA-256 for the signature hash if available, otherwise it will fall back to SHA1. SHA-2 signatures can be preferred in versions prior to 9.1 through edits to the registry.
Digital signatures placed with newer versions of Microsoft Office may not be backwards compatible with older versions. Legacy compatibility can be specified manually.
Office 2003 — 2010 work with SHA-2 certs, but place SHA1 signatures. Office 2013 uses SHA2 as the default signature hash when available. You can specify the signature hash in Office 2010 & 2013 via the registry.
Windows Code Signing
| Executables | Kernel Drivers |
VBA Macros: Office 2003, 2007 |
VBA Macros: Office 2010 |
VBA Macros: Office 2013 |
|
|---|---|---|---|---|---|
| Windows XP (SP1, SP2) | ✗ | ✗ | ✗ | ✗ | N/A |
| Windows XP SP3 | ✓ | ✗ | ✗ | ✓ | N/A |
| Windows Vista [15] | ✓ | ✗ | ✗ | ✓ | N/A |
| Windows 7 [20] | ✓ | ✓ | ✗ | ✓ | ✓ |
| Windows 8 | ✓ | ✓ | ✗ | ✓ | ✓ |
| Windows 10 | ✓ | ✓ | ✗ | ✓ | ✓ |
Office 2010 on Windows 7 requires hotfix kb 2598139 to add SHA-256 support for Code Signing Certs.
Windows 7 and Windows Server 2008 R2 require kb 3033929 to validate SHA-2 signed kernel drivers. This update is not available for XP, Vista, 2003, or 2008.
For a more detailed look at hash algorithm support on both certificates & file digests in Windows, read the Windows Code Signing Hash Algorithm Support article.
| Minimum Version | |
|---|---|
| Visual Studio Tools for Office (VSTO) [16] | 10.0.50325 |
SafeNet iKey / eToken Compatibility
| Works with SHA2 Certificate | Place SHA1 Signature | Place SHA2 Signature | |
|---|---|---|---|
| iKey 4000 [5] | ✓ | ✓ | ✗ |
| eToken 5100 [6] | ✓ | ✓ | ✓ |
Mainframe
| Minimum Version | |
|---|---|
| IBM z/OS [11] | v1r10 |
Citrix Support
| Minimum Version | |
|---|---|
| Citrix Receiver | Varies — See PDF |
Sources:
[1] SHA2 and Windows.
[2] Common questions about SHA2 and Windows.
[3] OpenSSL 0.9.8 Branch Release notes
[4] Bug 222179 — User preferences should control ciphers used when sending encrypted S/MIME messages
[5] iKey 4000 Specifications
[6] eToken 5100 Specifications
[7] Verified In-House
[8] IBM Notes SHA2 Support
[9] IBM Domino Planned SHA-2 Support
[10] IBM HTTP Server
[11] IBM z/OS
[12] GnuTLS
[13] .NET Security Blog
[14] Security Advisory 2949927 (SHA-2 Hash Support for Kernel Drivers — Currently Retracted)
[15] SHA-2 Signed Executables Windows Vista & Server 2008
[16] VSTO Runtime Update to Address “Unknown Publisher” for SHA256 Certificates
[17] Digital Certificate Requirements (Technet)
[18] Mozilla NSS 3.8 Release Notes
[19] Java 1.4.2 Release Notes
[20] Availability of SHA-2 Code Signing Support for Windows 7 and Windows Server 2008 R2
[21] Add recognition of SHA-2 hashes when verifying S/MIME messages
[22] Thunderbird 38 Release Notes
[23] MYSQL 5.5 Release Notes
[24] PostgreSQL 8.1 Release Notes
[25] PostgreSQL 8.2 Release Notes
[26] PM62842: Web Services Security Runtime Update to Support SHA-2 Signature Algorithms
[27] Oracle Weblogic — Configuring SSL
[28] Certificate Requirements for Federation Servers
[29] Release Notes for the Cisco ASA 5500
[30] App Transport Security Technot
PROBLEM: Unable to validate Digital Signature on Windows XP SP3
I recently encountered the following errors when attempting to validate the Digital Signatures for our application on Windows XP SP3:
Digital Code Signature (Right-click application > Properties > Digital Signatures > Details)
Digital Signature Information The certificate is not valid for the requested usage. Certificate Information This certificate does not appear to be valid for the selected purpose.
Receiving these same errors? If your code signing certificate was issued in the past 24 hours, you might just need to wait a day before Windows XP SP3 can validate the signature. See solution #2 at the end of this article for details.
I was attempting to use the following widely-accepted signtool.exe commands to perform Dual Code Signing (SHA-1 and SHA-2/SHA-256 file digest algorithms) of an Executable for use with current systems (e.g. Windows 7, Windows 8, Windows 10) as well as legacy systems (Windows XP SP3, Windows Vista).
Note: As of 03/2018, every one of these OS should accept a “User Mode” executable (e.g. application or service) that is signed with an SHA-1 file digest algorithm. We would like to dual sign to “future proof” our executables since we anticipate that some of these OS will eventually require an SHA-256 file digest algorithm.
signtool.exe sign /f comodo256.pfx /p password /t http://timestamp.comodoca.com /v app.exe signtool.exe sign /f comodo256.pfx /p password /fd sha256 /tr http://timestamp.comodoca.com/?td=sha256 /td sha256 /as /v app.exe
We are using our new Comodo SHA-256 code signing certificate with the COMODO SHA-1 Time Stamping server and the COMODO SHA-256 Time Stamping server.
The first command uses our RSA SHA-256 code signing certificate to embed a digital signature with an RSA SHA-1 file digest and a timestamp counter-signature with an RSA SHA-1 file digest. *
The second command uses our RSA SHA-256 code signing certificate to embed a digital signature with an RSA SHA-256 file digest and a timestamp counter-signature with an RSA SHA-256 file digest.
* Contrary to code signing documentation on several certificate authority websites, we have found that XP SP3 *CAN* validate a digital signature when signed with an RSA SHA-256 code signing certificate, as long as the actual signature uses an RSA SHA-1 file digest algorithm.
TROUBLESHOOTING NOTES
I attempted several variations of the signtool.exe commands above. I also attempted using the ZIP bundle of “signtool.exe” version 8.1 distributed by K-Software as well as the “kSign” software created by K-Software to dual sign several executables. I continued to receive the exact same errors, which led me to believe there may be a problem with my certificate, or it was no longer possible to dual sign for XP SP3.
While researching these two digital signature validation errors on Windows XP SP3, I could find no mention of the errors I encountered above related to code signing on legacy systems. In addition, the discussion surrounding SHA-1 vs SHA-256 and the Microsoft announcement to no longer support code signing with SHA-1 made it difficult to determine if it was still possible to dual sign executables with support for legacy systems that require SHA-1.
Through trial and error, I realized that Microsoft no longer allows digital signatures based on RSA SHA-1 digital certificates, but every OS from Windows XP SP3 to Windows 10 continue to support “User Mode” executable (e.g. application or service) that are signed with an RSA SHA-1 file digest algorithm. This Windows Code Signing Hash Algorithm Support article from GlobalSign has a nice chart that supports these findings. The distinction here is that the digital certificate is used to sign all of your applications, whereas the file digest algorithm is the format of the file hash output that is embedded in the executable. I suppose it may be worthwhile for someone to forge a certificate (that could sign many applications), but it would not be as likely or worthwhile for someone to forge an individual signature.
SOLUTION #1: Dual Sign with “osslsigncode” on Linux/OSX instead of “signtool.exe” on Windows
Thanks to a response from @Keeely in the thread signtool failing to dual sign SHA2 and SHA1 with timestamps, I was able to use our Comodo SHA-256 code signing certificate to dual sign an application that validates correctly on Windows XP SP3. I adapted his SHA1-only solution to successfully dual sign with SHA-1 and SHA-2/SHA-256.
Digital Code Signature (Right-click application > Properties > Digital Signatures > Details)
This digital signature is OK This certificate is intended for the following purpose(s): Ensures software came from software publisher Protects software from alteration after publication
Digital Timestamp Counter-Signature
This digital signature is OK This certificate is intended for the following purpose(s): Allows data to be signed with the current time
I had to install osslsigncode, which is designed for Linux and also available on OSX. A fork also appears to be available for Windows.
osslsigncode sign -pkcs12 comodo256.pfx -pass password -h sha1 -t http://timestamp.comodoca.com -in unsigned.exe -out intermediate.exe osslsigncode sign -pkcs12 comodo256.pfx -pass password -nest -h sha256 -ts http://timestamp.comodoca.com/?td=sha256 -in intermediate.exe -out signed.exe
The first command uses our RSA SHA-256 code signing certificate to embed a digital signature with an RSA SHA-1 file digest and a timestamp counter-signature with an RSA SHA-1 file digest into a new file named “intermediate.exe”, which you would delete afterwards.
The second command uses our RSA SHA-256 code signing certificate to embed a digital signature with an RSA SHA-256 file digest and a timestamp counter-signature with an RSA SHA-256 file digest into a new file named “signed.exe”, which you would distribute to your end users.
SOLUTION #2 – Dual Sign with native Windows tools?
Wait several days?
The certificate was issued on a Friday morning. I was attempting to sign executables with our new certificate that same day. When I revisited this issue on Monday, I realized that XP SP3 was suddenly able to validate the previous signatures that were applied with the “signtool.exe” commands listed above.
|
two_oceans |
|
|
Статус: Эксперт Группы: Участники Откуда: Иркутская область Сказал(а) «Спасибо»: 110 раз |
Добрый день. Все как бы работает (сертификаты гост-2001 в хранилище личные видит, сертификат Минкомсвязи по гост-2012 также без ошибок, цепочки проверятся без ошибок, контейнеры тестирует без ошибок, RDP соединяется без ошибок, csptest успешно получает контекст провайдера и с контейнером и с verify_context), но CryptAcquireContext (с флагом verify_context и null в качестве имени контейнера, пробовал и указывать имя провайдера и указывать null) из моей программы возвращает FALSE, в GetLastError код NTE_BAD_SIGNATURE. Сама программа 32-разрядная, имя указывалось в ASCII. Типы криптопровайдера тоже указывал разные (75/80/81), но эффект такой же. Эта же сборка программы (c null в качестве имени криптопровайдера) успешно работает с КриптоПро 4.0 на компьютерах на работе (Windows 7 32, Windows 7 64, Windows Server 2008 R2 64). В итоге, похоже дело или в Windows XP или в конфигурации компьютера. Проверил список криптопровайдеров — помимо стандартных и криптопро там только какие-то смарткарты, судя по поиску специфичные для XP. По поиску же — вроде как этот код ошибки означает неправильную подпись библиотеки криптопровайдера. Электронные подписи на файлах КриптоПро (и установщике и установленных файлах проверяются без ошибок. Хэши файлов на закладке «Дополнительно» панели управления КриптоПро все в состоянии «ОК». Сверил со значениями на Windows 7 32 — за исключением системных файлов, непарные следущие. Нашел ошибку ЭП только в файле каталога cpdrvlib.ms.cat (выдает, что не удается проверить подпись). Догадка пока в том, что это подпись Майкрософт по sha256RSA, в то время как проходят проверку подписи КриптоПро по sha1RSA. Подумал бы на алгоритм, но сам сертификат Майкрософт подписан по sha256RSA и проверку проходит. По поиску нашел, что был хотфикс sha256RSA для XP от Майкрософт в 2009 году, но сейчас его найти проблематично. Коллеги, может быть еще что-то посоветуете. |
|
|
|
|
Максим Коллегин |
|
|
Статус: Сотрудник Группы: Администраторы Откуда: КРИПТО-ПРО Сказал «Спасибо»: 37 раз |
XP мы стараемся пока поддержвивать. Код: |
|
Знания в базе знаний, поддержка в техподдержке |
|
|
|
WWW |
|
1 пользователь поблагодарил Максим Коллегин за этот пост. |
two_oceans
оставлено 23.08.2019(UTC) |
|
two_oceans |
|
|
Статус: Эксперт Группы: Участники Откуда: Иркутская область Сказал(а) «Спасибо»: 110 раз |
Добрый день. Спасибо за совет. Насколько помню была похожая проблема в моей программе на windows 7 32 с 4.0.9842, там при запросе криптопровайдера возвращало TRUE, хотя в getLastError после CryptAcquireContext оставалось значение NTE_BAD_SIGNATURE. Решилось переходом на 4.0.9944, предположительно дистрибутив 4.0.9842 был поврежден. Поэтому на XP я попробовал две разных версии, но симптомы одинаковые (FALSE с NTE_BAD_SIGNATURE). Обновление 2836198 нашлось у Майкрософт для 2003 сервера, 3121918 в каталоге для PosReady, оба отказались ставиться. Правка реестра насколько помню сделает ОС псевдо-PosReady и после перезагрузки обратима только через LiveCD? Попробую внести правку и установить 3121918. Отредактировано пользователем 23 августа 2019 г. 13:27:10(UTC) |
|
|
|
|
Максим Коллегин |
|
|
Статус: Сотрудник Группы: Администраторы Откуда: КРИПТО-ПРО Сказал «Спасибо»: 37 раз |
Под патчами я имел в виду нашу компоненту Расширенная Совместимость с MSFT. Отредактировано пользователем 23 августа 2019 г. 14:09:23(UTC) |
|
Знания в базе знаний, поддержка в техподдержке |
|
|
|
WWW |
|
two_oceans |
|
|
Статус: Эксперт Группы: Участники Откуда: Иркутская область Сказал(а) «Спасибо»: 110 раз |
Автор: Максим Коллегин Под патчами я имел в виду нашу компоненту Расширенная Совместимость с MSFT. Компонента «Расширенная Совместимость с MSFT» включена, на всякий случай уже и «Криптопровайдер уровня ядра» включен, хотя в режиме службы (точнее вариант запуска программы из службы Apache) работу не тестировал. В общем, совет про kb3121918 сработал, спасибо огромное. Сделал так: поставил в реестре PosReady c Installed=1, поставил kb3121918 из каталога для Embedded and PosReady, отложил перезагрузку, вернул Installed=0, перезагрузился. Проверил на старте программы отладочные сообщения в консоль об ошибках 75/80/81 исчезли — далее пошла штатно проверка подписи. В логе Код: На закладке дополнительно пересчитал хэши, был измененный хэш advapi32.dll. Если все же интересно отладить ошибку с помощью delay load — есть оригинал системного раздела икспи на старом жестком диске до переноса на новый жесткий диск пару месяцев назад, можно попробовать воспроизвести ситуацию на нем. Правда займет некоторое время — заморочки с AHCI (грузится только на определенном чипсете, универсального AHCI драйвера в XP не было) и с ходу завести на втором системнике не выйдет. Отредактировано пользователем 27 августа 2019 г. 11:47:18(UTC) |
|
|
|
|
Максим Коллегин |
|
|
Статус: Сотрудник Группы: Администраторы Откуда: КРИПТО-ПРО Сказал «Спасибо»: 37 раз |
cpdrvlib.ms.cat содержит несколько подписей, некоторые не должны проверяться — не нужно обращать внимание. |
|
Знания в базе знаний, поддержка в техподдержке |
|
|
|
WWW |
|
1 пользователь поблагодарил Максим Коллегин за этот пост. |
two_oceans
оставлено 27.08.2019(UTC) |
|
two_oceans |
|
|
Статус: Эксперт Группы: Участники Откуда: Иркутская область Сказал(а) «Спасибо»: 110 раз |
Хорошо, спасибо за уточнение. Утилиту все же когда-нибудь напишу, так как нечто отдаленно похожее бывает и на Семерке (сначала выполняется SetLastError(0); потом CryptAcquireContext возвращает действительный HCRYPTPROV и TRUE, но GetLastError = 5), но про семерку лучше наверно в новой теме. Технически у меня сейчас все же не PosReady, так как Installed=0. После перезагрузки изменить/удалить значение из самой ОС под администратором уже невозможно, защищено от изменения. Хотя это уже совсем другая история. Скопировал и сохранил измененную advapi32.dll (других измененных обновлением файлов не нашел) на случай если у кого-то будут аналогичные трудности. |
|
|
|
|
Максим Коллегин |
|
|
Статус: Сотрудник Группы: Администраторы Откуда: КРИПТО-ПРО Сказал «Спасибо»: 37 раз |
Если функция вернула TRUE, GetLastError может быть любым — значение неопределёно. |
|
Знания в базе знаний, поддержка в техподдержке |
|
|
|
WWW |
|
Wmffre |
|
|
Статус: Участник Группы: Участники Сказал(а) «Спасибо»: 3 раз |
Автор: two_oceans По поиску нашел, что был хотфикс sha256RSA для XP от Майкрософт в 2009 году, но сейчас его найти проблематично. Коллеги, может быть еще что-то посоветуете. Можете попробовать установить собранные мной обновления по ссылке для Windows XP SP3, обновляющие системные файлы Windows XP SP3, контроль целостности которых осуществляет Криптопро CSP 4.0, и некоторые вспомогательные системные файлы до последних возможных лицензией Microsoft версий (Обновлений для XP PosReady здесь нет, только обновления для XPSP3). Обратите внимание на следующие файлы: |
|
|
WWW |
|
1 пользователь поблагодарил Wmffre за этот пост. |
two_oceans
оставлено 28.08.2019(UTC) |
| Пользователи, просматривающие эту тему |
|
Guest |
Быстрый переход
Вы не можете создавать новые темы в этом форуме.
Вы не можете отвечать в этом форуме.
Вы не можете удалять Ваши сообщения в этом форуме.
Вы не можете редактировать Ваши сообщения в этом форуме.
Вы не можете создавать опросы в этом форуме.
Вы не можете голосовать в этом форуме.
First published on TECHNET on Sep 30, 2010
UPDATE (2/8): Based on some recent questions, additional information has been posted about SHA2 and Windows.
We’ve recently received a couple of requests from customers around the functionality of SHA-256 when running on Windows XP and 2003. This has been more important recently, as NIST has recommended the migration off of SHA-1 by end of the year. More details about the NIST recommendation can be found in SP 800-78-2 and SP 800-57 . Hopefully this blog post can help clear up the confusion surrounding scenarios that work and the ones that don’t.
Prior to Windows XP Service Pack 3, there was no SHA2 functionality within Windows XP. With the release of Service Pack 3 some limited functionality was added to the crypto module rsaenh.dll. This includes the following SHA2 hashes: SHA-256, SHA-384, SHA-512. SHA-224 was not included.
Windows Server 2003 Service Pack 2 does not ship with support for SHA2. This limitation can become an important concern when processing smart card logons and for mutual TLS authentications to web servers. As unlike other technologies, smart card logon and mutual TLS both use strict revocation checking; so should either the certificate itself or the revocation information (CRL/OCSP) use SHA2, the logon would fail.
Though support SHA2 is not included in Windows Server 2003 Service Pack 2, it is available for download. KB 938397 will bring Windows Server 2003 to the same level of functionality as Windows XP with Service Pack 3. KB 938397 is not available via Windows Update; it needs to be requested via the “View and request hotfix downloads” link on the support page . Note, KB 938397 is also offered for Windows Server 2003 Service Pack 1.
With the release of Windows Server 2008 it was found that Windows XP Service Pack 3 and Windows Server 2003 Service Pack 2 with KB 938397 were unable to request certificates from a Windows Server 2008 (and 2008 R2) certificate authority (CA) who’s certificate was signed with a SHA2 hash. KB 968730 was release to address this issue. Incidentally, KB 968730 completely supersedes KB 938397; so if a Windows Server 2003 Service Pack 2 system would need to both enroll from a SHA2 certificate authority and process SHA2 certificates, only KB 968730 would need to be installed. As before, KB 968730 is not available via Windows Update; it needs to be requested via the “View and request hotfix downloads” link on the support page . Note, KB 968730 is not offered for Windows Server 2003 Service Pack 1.
Starting with Windows Vista and Server 2008, the Cryptography Next Generation (CNG) Suite B algorithms (including SHA2) are included in the operating system. It is worth noting that even though the algorithms are available, it is up to the individual applications to implement support.
Besides logon, another very popular use for smart cards is S/MIME. But before diving into Outlook and S/MIME, the following warning should be given: Regardless of the functionality Windows and Outlook provide; in order for mail to be delivered between two users, there are any number of spam filters, relays, mailboxes, etc between sender and recipient. Each of these can be made by a wide range of vendors; running on a wide range of platforms. So before deploying SHA2, testing should be done against one’s own email infrastructure, in addition to the email infrastructure of external organizations from whom S/MIME signed mail needs to be exchanged with.
All those warnings aside, the basic functionality for Outlook is a follows. Outlook 2003, 2007, and 2010 running on Windows XP Service Pack 3 can sign and validate certificates when that certificate itself is SHA2 signed. Outlook 2003, 2007, and 2010 running on Windows XP Service Pack 3 cannot validate email messages when the message itself is SHA2 signed (regardless of the certificate used). Outlook 2003, 2007, and 2010 running on Windows XP Service Pack 3 cannot sign a message with SHA2; only SHA-1 and MD5 are available.
In order to validate SHA2 messages, Windows Vista with Outlook 2003 (or newer) is needed. In order to both sign and validate SHA2 messages, Windows Vista or 7 with Outlook 2007 or 2010 is needed.
For organizations looking to deploy SHA2 or organizations that interact with 3 rd parties that will soon begin using SHA2, the following is recommended.
- If Windows XP is used in the environment, Service Pack 3 should be deployed. In addition to SHA2 functionality, Service Pack 3 is currently the only Windows XP service pack that is supported.
- If Windows XP systems would need to enroll in certificates from a SHA2 certificate authority, KB 968730 should be deployed.
- If Windows Server 2003 is used in the environment, Service Pack (1 or 2) and KB 938397 should be deployed.
- If Windows Server 2003 would need to enroll in certificates from a SHA2 certificate authority, Service Pack 2 and KB 968730 should be deployed. If planning on deploying KB 968730, installing KB 938397 is not necessary.
- If S/MIME using SHA2 signing for the message body is needed, workstations should be upgraded to at least Windows Vista running Office 2003.
|
XP SP3 |
XP SP3 with KB968730 |
2003 R2 SP2 |
2003 R2 SP2 with KB968730 |
Windows Vista, 7, 2008, 2008 R2 |
||
Basic Functionality |
||||||
|
Browsing a website using SHA2 certificate |
Works |
Works |
Unable to validate certificate |
Works |
Works |
|
|
Open a certificate and viewing properties |
Works |
Works |
Unable to validate certificate |
Works |
Works |
|
Interactive logon and mutual TLS (client system) |
||||||
|
Client with SHA2 certificate; server with SHA1 certificate |
Works |
Works |
Works |
Works |
Works |
|
|
Client with SHA2 certificate; server with SHA2 certificate |
Works |
Works |
Unable to login |
Works |
Works |
|
Interactive logon and mutual TLS (domain controller / IIS server) |
||||||
|
Client with SHA2 certificate; server with SHA1 certificate |
N/A |
N/A |
Unable to login |
Works |
Works |
|
Certificate Enrollment |
||||||
|
V3 certificate template enrollment from any type of root |
Unable to select template |
Unable to select template |
Unable to select template |
Unable to select template |
Works |
|
|
V2 certificate template enrollment from SHA2 root |
Request fails |
Works |
Request fails |
Works |
Works |
|
S/MIME (Outlook 2003) |
||||||
|
Validate and sign to a SHA2 certificate |
Works |
Works |
N/A |
N/A |
Works |
|
|
Validate message body signed with SHA2 |
Unable to validate certificate |
Unable to validate certificate |
N/A |
N/A |
Works |
|
|
Sign message body with SHA2 |
Not an available option |
Not an available option |
N/A |
N/A |
Not an available option |
|
S/MIME (Outlook 2007 and 2010) |
||||||
|
Validate and sign to a SHA2 certificate using SHA-1 for the message signature |
Works |
Works |
N/A |
N/A |
Works |
|
|
Validate message body signed with SHA2 |
Unable to validate certificate |
Unable to validate certificate |
N/A |
N/A |
Works |
|
|
Sign message body with SHA2 |
Not an available option |
Not an available option |
N/A |
N/A |
Works |
-Adam Stasiniewicz
UPDATE (2/8): Based on some recent questions, additional information has been posted about SHA2 and Windows.
Starting from Windows XP SP3 there is a partial support for SHA256.
With CryptoAPI when calling the «CryptCreateHash» function, it is important to choose a provider that supports it.
Microsoft basic or enhanced cryptographic providers will not work for this case, use
«Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)» instead.
This provider in Windows Vista and above supports SHA512 as well — great thing for testing, since all smart card manufacturers do this.
Unfortunately Microsoft does not support the SHA256RSA in .NET frameworks so far, SignedCms will tell it doesn’t recognize this algorithm.
There are some implementations of pkcs7 encoding with SHA256RSA that work on windows XP SP3 — they are not free, but they do exist.
For instance ComsignTrustDesktop implements pkcs7 encoding with SHA256RSA for any type of files. There are some further difficulties with it such a lack of support from Microsoft Office 2007-20010 which do not support signature validation of this kind.
For further details please refer to :
Here is a PFX I’ve prepared for testing purposes: