Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. DigestInfo is missing in a CSR when SHA-1 is used in a signature algorithm

DigestInfo is missing in a CSR when SHA-1 is used in a signature algorithm

View products that this article applies to.

Symptoms

When you use the certutil.exe tool to verify certificate signing requests (CSRs), certutil.exe returns the following message, even though the CSRs contain only a signed hash value (without the DigestInfo ASN.1 structure):
Signature matches Public Key

Notes
  • Certutil.exe should not validate CSRs with only a signed hash value, because the expected DigestInfo ASN.1 structure contains more than only hash data.
  • Other tools, such as openssl, mark the CSRs as invalid.
This problem occurs when SHA-1 is used in a signature algorithm, such as "1.2.840.113549.1.1.5 sha1RSA."

When CSR is signed by using SHA-2, as in "1.2.840.113549.1.1.11 sha256RSA," certutil.exe returns the following expected error:

0xc000a000 (NT: 0xc000a000 STATUS_INVALID_SIGNATURE)

Note This problem is limited to signatures that are created by SHA-1.

↑ Back to the top

Cause

This problem occurs because of the different methods that CAPI2 uses to interact with the underlying components in the CryptoAPI stack. The methods include the following:
  • CAPI 2 uses legacy Cryptography API 1 (CAPI 1) for SHA-1, and CAPI 1 allows the DigestInfo to be missing.
  • CAPI 2 uses Cryptography API Next Generation (CNG) for SHA-2, and CNG does not allow DigestInfo to be missing.  
Note Although this article describes only problems that occur when certutil.exe is used, any application that uses CryptoAPI will work exactly as certutil.exe does. 

↑ Back to the top

More Information

Verifying a CSR that's signed with "1.2.840.113549.1.1.5 sha1RSA" and without DigestInfo:

PKCS10 Certificate Request: 
Version: 1 
Subject: 
CN=Test User 


Signature Algorithm: 
Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA 
Algorithm Parameters: 
05 00 
Signature: UnusedBits=0 
0000 88 fc ea 9b cb 35 17 b8 3c 4a be e1 c9 94 23 e3 

00f0 71 5c 8f 81 5f 24 bd af 4b 00 ea e2 b4 08 6f 3f 
Signature matches Public Key 
Key Id Hash(rfc-sha1): b3 1c 76 1c d9 67 d2 8d 62 15 4a 1c 47 4d dd a6 65 03 9d 5d 
Key Id Hash(sha1): fb b1 8f 14 39 5c fb 63 81 90 56 e8 37 e1 9b bd e2 a6 79 64 
CertUtil: -dump command completed successfully.

Verifying a CSR that's signed with "1.2.840.113549.1.1.11 sha256RSA" and without DigestInfo:

PKCS10 Certificate Request: 
Version: 1 
Subject: 
CN=Test User 

Signature Algorithm: 
Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA 
Algorithm Parameters: 
05 00 
Signature: UnusedBits=0 
0000 2c 23 b3 36 f4 10 10 94 99 02 95 8f 64 1d 71 0c 

00f0 6c f4 13 ae 0e 6b b1 ef c4 1e 10 c0 1f 34 4d 16 
Signature does not match Public key: c000a000 
Cannot decode object: The cryptographic signature is invalid. 0xc000a000 (NT: 0xc000a000 STATUS_INVALID_SIGNATURE) 
CertUtil: -dump command FAILED: 0xc000a000 (NT: 0xc000a000 STATUS_INVALID_SIGNATURE) 
CertUtil: The cryptographic signature is invalid.


↑ Back to the top

Keywords: kbsurveynew, kbexpertiseadvanced, kbprb, kbtshoot, kb

↑ Back to the top

Article Info
Article ID : 3080171
Revision : 1
Created on : 1/7/2017
Published on : 12/3/2015
Exists online : False
Views : 1049