Does Microsoft's CAPICOM ActiveX control support SHA-2?

Question

Our company is switching over from using SHA-1 certificates to SHA-2 certificates.

I noticed that CAPICOM only has a CAPICOM_CERTIFICATE_FIND_SHA1_HASH find method.

Will switching over from SHA-1 to SHA-2 mean we will need to switch to an alternative to CAPICOM for verifiying/encrypting/decrypting using these certificates?

Answer 1

CAPICOM_CERTIFICATE_FIND_SHA1_HASH - that's not about hash algorithm, used for signing, but about searching for certificate via fingerprint (i.e. hash of certificate data). Since CAPICOM uses Microsoft crypto providers, which supports CALG_SHA_256, Capicom should support them as well.

However, you can use other commercial solution, there is a bunch of them, available on the market (BouncCastle, /n software, SecureBlackbox).