Choose hash algorithms for CAdES signature
Different environments may impose different requirements on hash algorithm(s) used during signing. During a typical signing routine several different hashes are calculated for different purposes. For each of them, the hash algorithm can be adjusted individually.
The first hash is calculated over the message being signed.
It is included in the signature and then signed with the signer's private key.
Essentially, this is the most important message digest, cracking it may result in signature forfeiture.
The algorithm used for calculating this hash is defined by TElCMSSignature.DigestAlgorithm property.
It is a good idea to use at least SHA256:
sig.DigestAlgorithm = SBConstants.Unit.SB_ALGORITHM_DGST_SHA256;
Another hash is used to confirm the integrity of the signed certificate.
Each CAdES-compliant signature generator must include the SigningCertificate attribute containing the hash of the signing certificate into its signatures (TElCAdESSignatureProcessor adds it automatically)
This prevents simple certificate substitution and re-issue attacks.
This hash algorithm is specified by the FingerprintAlgorithm property:
sig.FingerprintAlgorithm = SBConstants.Unit.SB_ALGORITHM_DGST_SHA256;
Most signature policies require the fingerprint algorithm to be SHA256 (with SigningCertificateV2 attribute).
Finally, there is yet another hash algorithm used to create timestamps over signatures.
It concerns signature timestamps, content timestamps and archival timestamps.
Hash algorithm used for timestamping should be assigned directly to the TSP client before the timestamp is generated:
tspClient.HashAlgorithm = SBConstants.Unit.SB_ALGORITHM_DGST_SHA256;
You can use different hash algorithms for any of the above purposes. Besides, different archival timestamps attached to the same signature may (and are recommended to) use different hash algorithms.