SHA256CryptoServiceProvider and related possible to use on WinXP?
https://stackoverflow.com/questions/1293905
-
18-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Is it possible to use SHA256CryptoServiceProvider and related SHA2 providers on Windows XP? I know the providers use the cryptography services that are included in Vista and above is it possible to install these services in XP from Microsoft?
EDIT: I should've provided more information the documentation on the MSDN is wrong in regards to this being supported in Windows XP. See http://connect.microsoft.com/VisualStudio/feedback/ViewFeedback.aspx?FeedbackID=355031 where this is acknowledged and accepted by Microsoft as by design. However there is no work around listed anywhere (that I saw) so I wasn't sure if it's possible to install the services this requires to work properly or if it's like tilting at windwills trying to install IIS 6 or 7 on WinXP.
Solution
It seems that MSDN documentation is right in the sense that it should be supported in XP SP3 by design, and if it is not, it's only because of a bug in .NET 3.5.
Both AesCryptoServiceProvider and SHA256CryptoServiceProvider use the same cryptograhics service named "Microsoft Enhanced RSA and AES Cryptographic Provider". Under XP, the name of the service is slightly different: "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)". The constructor of AesCryptoServiceProvider performs a simple check:
string providerName = "Microsoft Enhanced RSA and AES Cryptographic Provider";
if(Environment.OSVersion.Version.Major == 5 && Environment.OSVersion.Version.Minor == 1)
{
providerName = "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)";
}
The constructors of SHAxxxCryptoServiceProvider classes do not check the (Prototype) name, and this is why they fail in XP. If they did, they would succeed.
There is a simple workaround on a given PC. Go to registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider, find its subkey named "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)", export it to .reg, edit this .reg and delete " (Prototype)" from its name. When you import it back, the original key will be duplicated to the new key without (Prototype), with the same contents. From now on, SHA256CryptoServiceProvider will work on this XPSP3 machine.
OTHER TIPS
I've had success with the following snippet, although I'm not really satisfied with it and nearly posted an SO question concerning the various seemingly haphazard ways to instantiate SHA512 at the time. This is tested on Windows XP, 7, and possibly Vista (can't remember).
using System.Security.Cryptography;
SHA512 hash;
try
{
hash = new SHA512Cng( );
}
catch ( PlatformNotSupportedException )
{
hash = SHA512.Create( );
}
I think this should work the same with SHA256.
Also, comparing the output of both versions with a unix sha2 utility suggested that they both correctly implement SHA512.
From MSDN: SHA256CryptoServiceProvider Class
Platforms: Windows Vista, Windows XP SP2, Windows Server 2003
