EldoS | Feel safer!

Software components for data protection, secure storage and transfer

TSBASSignatureDigestAlgorithm and support for SHA2 2048 in AS2?

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
Posted: 12/22/2014 10:10:06
by Ivan Demkovitch (Standard support level)
Joined: 11/10/2013
Posts: 23

We are using SecureBlackBox v11 and specifically we use it for AS2 EDI protocol.

One of our partners switching to SHA2 2048 bit and we need to support it. I setup hashing algorithm by using TSBASSignatureDigestAlgorithm enum. I downloaded latest v11 build that supposed to support SHA2 but don't see appropriate signing values under this enum.

What should I do?
Posted: 12/22/2014 10:22:30
by Eugene Mayevski (Team)

SHA2 is 256/384/512. Where did you find 2048-bit SHA? I guess that maybe they meant RSA2048/SHA2 - that's a totally different story.

Sincerely yours
Eugene Mayevski
Posted: 12/22/2014 10:27:44
by Ivan Demkovitch (Standard support level)
Joined: 11/10/2013
Posts: 23

Hm... This is what they say in email:

Please note our new cert is SHA-2 / 2048 bit with an issuing authority of Comodo and make sure your software is able to handle SHA-2 and 2048 bit.

I'm also attaching cert they sent me..

[ Download ]
Posted: 12/22/2014 10:39:41
by Eugene Mayevski (Team)

As I understand that's about certificates used in TLS, and indeed that's about RSA2048-SHA2 rather than SHA2048. The Subject property of their certificate is misleading.

SecureBlackbox handled such certificates since the beginning (of SHA2).

Sincerely yours
Eugene Mayevski
Posted: 12/22/2014 10:45:18
by Ivan Demkovitch (Standard support level)
Joined: 11/10/2013
Posts: 23

I'm confused now. The only "SHA1" I know of is hashing algorithm for message signing.

Should I use SHA2 now? And if so, what TSBASSignatureDigestAlgorithm is should be? There is no SHA2 selection there..

Or.. I shouldn't even touch anything and feed this new cert to TElX509Certificate and leave everything else alone?
Posted: 12/22/2014 10:48:08
by Alexander Ionov (Team)

The attached certificate uses SHA-256 digest with RSA 2048. But this does not mean that you have to use ONLY SHA-256 digest to sign your outgoing AS2 messages. You can use any digest algorithm from the supported algorithms list on your own.

Best regards,
Alexander Ionov
Posted: 12/22/2014 10:53:43
by Ivan Demkovitch (Standard support level)
Joined: 11/10/2013
Posts: 23

Thanks a lot! I got it.
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.



Topic viewed 866 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!