ansaurus

Question

SHA256CryptoServiceProvider and related possible to use on WinXP?

Answer 1

A:

From MSDN: SHA256CryptoServiceProvider Class

Platforms: Windows Vista, Windows XP SP2, Windows Server 2003

Dewfy 2009-08-18 13:40:28

The MSDN is wrong on this.

Chris Marisic 2009-08-18 13:59:33

Answer 2

+1 A:

I've had success with the following snippet, although I'm not really satisfied with it and nearly posted an SO question concerning the various seemingly haphazard ways to instantiate SHA512 at the time. This is tested on Windows XP, 7, and possibly Vista (can't remember).

using System.Security.Cryptography;

        SHA512 hash;
        try
        {
            hash = new SHA512Cng( );
        }
        catch ( PlatformNotSupportedException )
        {
            hash = SHA512.Create( );
        }

I think this should work the same with SHA256.

Also, comparing the output of both versions with a unix sha2 utility suggested that they both correctly implement SHA512.

Thomas Dufour 2009-08-18 16:00:23

Why not just always use SHA512.Create()?

Rasmus Faber 2009-08-20 07:07:47

The issue is the cryptography service that SHA256/SHA512 isn't included in Win XP which raises the PlatformNotSupportedException if called on Win XP that's why I was asking if it was possible for it to be installed on Win XP or if it's impossible just the way it's impossible to upgrade to IIS 6 or 7 on XP.

Chris Marisic 2009-08-31 13:20:09

@Rasmus Faber: Yes, I could always use SHA512.Create( ), but I'd not benefit from the newer (and supposedly better) implementation on Vista or 7. Also, I originally discovered the problem when deploying from my development machine (win 7) to a Win XP box.

Thomas Dufour 2009-08-31 15:08:14

@Chris Marisic: I'm not sure about your comment ; the above code was tested successfully on Win XP (SP3) with .NET 3.5 SP1 (iirc, but certainly nothing more than that), so hash = SHA512.Create( ) gives me an object to compute hashes with.

Thomas Dufour 2009-08-31 15:08:58

Answer 3

+1 A:

It seems that MSDN documentation is right in the sense that it should be supported in XP SP3 by design, and if it is not, it's only because of a bug in .NET 3.5.

Both AesCryptoServiceProvider and SHA256CryptoServiceProvider use the same cryptograhics service named "Microsoft Enhanced RSA and AES Cryptographic Provider". Under XP, the name of the service is slightly different: "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)". The constructor of AesCryptoServiceProvider performs a simple check:

string providerName = "Microsoft Enhanced RSA and AES Cryptographic Provider";
if(Environment.OSVersion.Version.Major == 5 && Environment.OSVersion.Version.Minor == 1)
{
    providerName = "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)";
}

The constructors of SHAxxxCryptoServiceProvider classes do not check the (Prototype) name, and this is why they fail in XP. If they did, they would succeed.

There is a simple workaround on a given PC. Go to registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider, find its subkey named "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)", export it to .reg, edit this .reg and delete " (Prototype)" from its name. When you import it back, the original key will be duplicated to the new key without (Prototype), with the same contents. From now on, SHA256CryptoServiceProvider will work on this XPSP3 machine.

Michael Yutsis 2010-07-27 08:11:42

ansaurus

tags:

views:

answers:

SHA256CryptoServiceProvider and related possible to use on WinXP?

related questions