SHA-256 and Cryptographic Service Provider Types

How to fix System.Security.Cryptography.CryptographicException: Invalid algorithm specified error when using Cryptographic Service Provider.

By Tim Trott | C# ASP.Net MVC | August 13, 2011

What is a Cryptographic Service Provider?

A Cryptographic Service Provider is a software library that implements the Microsoft CryptoAPI. CSPs implement encoding and decoding functions, which computer application programs may use, for example, to implement strong user authentication or for secure email.

How to fix Invalid Algorithm Specified

SHA-256, SHA-384 and SHA-512 XML signatures require the Microsoft Enhanced RSA and AES Cryptographic Provider. When trying to sign data using SHA-256 on another provider type you may encounter the exception System.Security.Cryptography.CryptographicException: Invalid algorithm specified.

If the private key isn't associated with the correct Cryptographic Service Provider (CSP), it can be converted to specify the Microsoft Enhanced RSA and AES Cryptographic Provider.

One method to perform this conversion is to use OpenSSL.

Windows binaries are available for download. Refer to the OpenSSL Wiki .

The following command outputs information about the private key and certificate including the CSP.

openssl pkcs12 -in idp.pfx

Enter Import Password:
MAC verified OK
Bag Attributes
    localKeyID: 01 00 00 00
    Microsoft CSP Name: Microsoft Strong Cryptographic Provider
    friendlyName: PvkTmp:b143944f-c289-4e3c-b9cc-37ce1e8ada19
Key Attributes
    X509v3 Key Usage: 10
 
The Microsoft Strong Cryptographic Provider is suitable for SHA-1 XML signatures but doesn't support SHA-256 XML signatures.

The PFX can be recreated specifying the required CSP. Firstly, it must be converted from PKCS12 to PEM format.

openssl pkcs12 -in idp.pfx -out idp.pem

Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:

Then it must be converted back to PKCS12 specifying the Microsoft Enhanced RSA and AES Cryptographic Provider.

openssl pkcs12 -export -in idp.pem -out new-idp.pfx -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider"

Loading 'screen' into random state - done
Enter pass phrase for idp.pem:
Enter Export Password:
Verifying - Enter Export Password:

The new PFX file is now ready for generating SHA-256, SHA-384 and SHA-512 XML signatures.

Was this article helpful to you?
 

Related ArticlesThese articles may also be of interest to you

Simple String Encryption and Decryption with C#
An Introduction and Brief History of Cryptography and Codebreaking
Calculate MD5 Checksum for a File using C#

CommentsShare your thoughts in the comments below

If you enjoyed reading this article, or it helped you in some way, all I ask in return is you leave a comment below or share this page with your friends. Thank you.

This post has 1 comment(s). Why not join the discussion!

We respect your privacy, and will not make your email public. Learn how your comment data is processed.

  1. PS

    On Wednesday 4th of July 2018, PEDRO HENRIQUE ARANTES E SILVA said

    Thank you, work like a charm!

AZULIA DESIGNSWeb design that taps into the Harmony and Vision of your Dreams

Tim Trott is a freelance software developer and web designer based in Glasgow, Edinburgh & the Lothians, Scotland

SocialsConnect with us on socials

Latest PostsOur most recent writings

The Power of Continuous Integration and Deployment in Software Engineering
The Power of Continuous Integration and Deployment in Software Engineering
How to Implement Rate Limiting in Your C# REST API
How to Implement Rate Limiting in Your C# REST API
Tips and Tricks for Optimizing Performance in Vue.js Applications
Tips and Tricks for Optimizing Performance in Vue.js Applications
Caching Strategies for Improved Efficiency in C# REST APIs
Caching Strategies for Improved Efficiency in C# REST APIs

You May Also Like

Simple String Encryption and Decryption with C#
Simple String Encryption and Decryption with C#
Calculate MD5 Checksum for a File using C#
Calculate MD5 Checksum for a File using C#
An Introduction and Brief History of Cryptography and Codebreaking
An Introduction and Brief History of Cryptography and Codebreaking
Guide to C# Data Types, Variables and Object Casting
Guide to C# Data Types, Variables and Object Casting