Clever Geek Handbook

How do I view the "signature hashing algorithm" in the C # certificate callback?

I have a server that uses the following certificate for SSL / TLS communication:

Cert viewer

In my C # code, I am using a certificate authentication callback to view the properties of that certificate programmatically, like this:

private static bool CertificateValidationCallBack(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
    // Certificate2 is better than Certificate1, right?
    X509Certificate2 cert = (X509Certificate2)certificate;            

    Console.WriteLine("Certificate Subject   : " + cert.Subject);
    Console.WriteLine("Certificate Issuer    : " + cert.Issuer);
    // So on and so forth...
}

However, my problem is that I cannot see what the "Signature hash algorithm" property is. cert.SignatureAlgorithm.FriendlyName

returns RSASSA-PSS

and

new System.Security.Cryptography.Oid(cert.GetKeyAlgorithm()).FriendlyName)

returns simply RSA

. None of these properties seem to give me this "sha256" property that I see in the GUI. How do I return this property?

Edit: I found this related question at Cryptography.SE which explains that the GUI for viewing Microsoft certificates is a bit elusive and non-standard, but if so, I want to be too. I want to know how to report "sha256" just like the GUI.

Update 08/13: Viewing from a different perspective when I use the command

certutil.exe -dump cert.cer

Excerpt from the result:

Signature Algorithm:
    Algorithm ObjectId: 1.2.840.113549.1.1.10 RSASSA-PSS
    Algorithm Parameters:
    0000  30 34 a0 0f 30 0d 06 09  60 86 48 01 65 03 04 02
    0010  01 05 00 a1 1c 30 1a 06  09 2a 86 48 86 f7 0d 01
    0020  01 08 30 0d 06 09 60 86  48 01 65 03 04 02 01 05
    0030  00 a2 03 02 01 20
            2.16.840.1.101.3.4.2.1 sha256 (sha256NoSign)
            05 00
            1.2.840.113549.1.1.8 mgf1
                2.16.840.1.101.3.4.2.1 sha256 (sha256NoSign)
                05 00
            0x20 (32)

I'm sure I knew how to find these OIDs (sha256) for myself ... without having to go through the output of the actual certutil command.

+3


source to share


No one has answered this question yet

Check out similar questions:



More articles:


All Articles