http://blogs.msdn.com/shawnfa/archive/2008/08/25/using-rsacryptoserviceprovider-for-rsa-sha256-signatures.aspxEarlier this month, we released .NET 3.5 SP 1 .&#160; One of the new features available in this update is that RSACryptoServiceProvider has gained the ability to create and verify RSA-SHA256 signatures. Since RSACryptoServiceProvider relies on the underlyingen-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.msdn.com/shawnfa/archive/2008/08/25/using-rsacryptoserviceprovider-for-rsa-sha256-signatures.aspx#9581541Fri, 01 May 2009 02:41:24 GMT91d46819-8472-40ad-a661-2c78acb4018c:9581541Balazs<p>Could you tell me, why an actually existing private key wont't work with this method (on any current OS)</p> <p>X509Store _windowsStore = new X509Store( StoreName.My , StoreLocation.CurrentUser );</p> <p>_windowsStore.Open(OpenFlags.MaxAllowed); // for the sake of testing</p> <p>X509Certificate2 _cachedCert = _windowsStore.Certificates[0];</p> <p>RSACryptoServiceProvider _provider = null;</p> <p>byte[] data = new byte[] { 0, 1, 2, 3, 4, 5 };</p> <p>// CASE A, I'd like it to work</p> <p>if (_cachedCert.HasPrivateKey)</p> <p>{</p> <p> _provider = (RSACryptoServiceProvider)_cachedCert.PrivateKey;</p> <p> // This will throw {System.Security.Cryptography.CryptographicException}</p> <p> // &quot;Invalid algorithm specified.\r\n&quot;</p> <p> byte[] sigedBytes = _provider.SignData(data, &quot;SHA256&quot;);</p> <p>}</p> <p>// CASE B, This works, this was your example</p> <p>_provider = new RSACryptoServiceProvider();</p> <p>byte[] sigedBytes2 = _provider.SignData(data, &quot;SHA256&quot;);</p>http://blogs.msdn.com/shawnfa/archive/2008/08/25/using-rsacryptoserviceprovider-for-rsa-sha256-signatures.aspx#9627158Tue, 19 May 2009 10:19:31 GMT91d46819-8472-40ad-a661-2c78acb4018c:9627158Ronak jain <p>We can also print in a message box , why to use console ?</p>http://blogs.msdn.com/shawnfa/archive/2008/08/25/using-rsacryptoserviceprovider-for-rsa-sha256-signatures.aspx#9634324Fri, 22 May 2009 00:10:57 GMT91d46819-8472-40ad-a661-2c78acb4018c:9634324shawnfa<p>I tend to use the console in my sample code since it doesn't require any additional dependencies.</p> <p>-Shawn</p> http://blogs.msdn.com/shawnfa/archive/2008/08/25/using-rsacryptoserviceprovider-for-rsa-sha256-signatures.aspx#9634334Fri, 22 May 2009 00:16:49 GMT91d46819-8472-40ad-a661-2c78acb4018c:9634334shawnfa<p>You need to make sure that the RSA key is stored in the PROV_RSA_AES crypto service provider. &nbsp;If your certificate is using PROV_RSA_FULL, then that CSP doesn't understand SHA-256, and the signature process won't work.</p> <p>-Shawn</p> http://blogs.msdn.com/shawnfa/archive/2008/08/25/using-rsacryptoserviceprovider-for-rsa-sha256-signatures.aspx#9807544Sun, 28 Jun 2009 21:43:40 GMT91d46819-8472-40ad-a661-2c78acb4018c:9807544Pete R<p>Hi Shawn,</p> <p>It seems this might still run afoul of this knowledgebase issue with regard to delays incurred while calling the SignData method: <a rel="nofollow" target="_new" href="http://support.microsoft.com/kb/948080">http://support.microsoft.com/kb/948080</a>. I need to sign cookies for a very high-traffic website and such delays would be unacceptable. Is there a way to do RSA-SHA256 while still avoiding this issue? Thanks!</p>