EldoS | Feel safer!

Software components for data protection, secure storage and transfer

TSBASSignatureDigestAlgorithm and support for SHA2 2048 in AS2?

Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.
Posted: 12/22/2014 10:10:06
by Ivan Demkovitch (Standard support level)
Joined: 11/10/2013
Posts: 23

We are using SecureBlackBox v11 and specifically we use it for AS2 EDI protocol.

One of our partners switching to SHA2 2048 bit and we need to support it. I setup hashing algorithm by using TSBASSignatureDigestAlgorithm enum. I downloaded latest v11 build that supposed to support SHA2 but don't see appropriate signing values under this enum.

What should I do?
Posted: 12/22/2014 10:22:30
by Eugene Mayevski (EldoS Corp.)

SHA2 is 256/384/512. Where did you find 2048-bit SHA? I guess that maybe they meant RSA2048/SHA2 - that's a totally different story.

Sincerely yours
Eugene Mayevski
Posted: 12/22/2014 10:27:44
by Ivan Demkovitch (Standard support level)
Joined: 11/10/2013
Posts: 23

Hm... This is what they say in email:

Please note our new cert is SHA-2 / 2048 bit with an issuing authority of Comodo and make sure your software is able to handle SHA-2 and 2048 bit.

I'm also attaching cert they sent me..

[ Download ]
Posted: 12/22/2014 10:39:41
by Eugene Mayevski (EldoS Corp.)

As I understand that's about certificates used in TLS, and indeed that's about RSA2048-SHA2 rather than SHA2048. The Subject property of their certificate is misleading.

SecureBlackbox handled such certificates since the beginning (of SHA2).

Sincerely yours
Eugene Mayevski
Posted: 12/22/2014 10:45:18
by Ivan Demkovitch (Standard support level)
Joined: 11/10/2013
Posts: 23

I'm confused now. The only "SHA1" I know of is hashing algorithm for message signing.

Should I use SHA2 now? And if so, what TSBASSignatureDigestAlgorithm is should be? There is no SHA2 selection there..

Or.. I shouldn't even touch anything and feed this new cert to TElX509Certificate and leave everything else alone?
Posted: 12/22/2014 10:48:08
by Alexander Ionov (EldoS Corp.)

The attached certificate uses SHA-256 digest with RSA 2048. But this does not mean that you have to use ONLY SHA-256 digest to sign your outgoing AS2 messages. You can use any digest algorithm from the supported algorithms list on your own.

Best regards,
Alexander Ionov
Posted: 12/22/2014 10:53:43
by Ivan Demkovitch (Standard support level)
Joined: 11/10/2013
Posts: 23

Thanks a lot! I got it.
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.



Topic viewed 820 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!