Discuss this help topic in SecureBlackbox Forum

Load CMS message

Choosing hash algorithms for CAdES signatures Different environments may impose different requirements on hash algorithm(s) to be used during signing. It is also worth keeping in mind that during an average signing routine several different hashes are calculated for different purposes, an algorithm to use for each of which can be adjusted individually. The first hash is calculated over the message being signed. This is included in the signature and then signed with the signer's private key. Essentially, this is the most important message digest as cracking it may result in signature forfeiture. The algorithm used for calculating this hash is set via the TElCMSSignature.DigestAlgorithm property. It is a good idea to use at least SHA256 for this: sig.DigestAlgorithm = SBConstants.Unit.SB_ALGORITHM_DGST_SHA256; The next hash is used to confirm the integrity of the signed certificate. Each compliant CAdES signature generator is required to include the SigningCertificate attribute into its signatures (TElCAdESSignatureProcessor adds it automatically), which particularly contain a hash of the signing certificate. This is to prevent simple certificate substitution and re-issue attacks. The algorithm to use for certificate identification purposes can be set via the FingerprintAlgorithm property: sig.FingerprintAlgorithm = SBConstants.Unit.SB_ALGORITHM_DGST_SHA256; The majority of signature policies around the world require the fingerprint algorithm to be SHA256 (with SigningCertificateV2 attribute used). Finally, there is another hash algorithm used to create timestamps over signatures. This concerns signature timestamps, content timestamps and archival timestamps. Hash algorithms used for timestamping should be assigned directly to the timestamping objects being involved in the timestamping before the timestamp is added: tspClient.HashAlgorithm = SBConstants.Unit.SB_ALGORITHM_DGST_SHA256; Note that you may use different hash algorithms for any of the above purposes. Besides, different archival timestamps attached to the same signature may (and not only may, but recommended to) use different algorithms too.

Discuss this help topic in SecureBlackbox Forum