SHA-256 and Cryptographic Service Provider Types

SHA-256, SHA-384 and SHA-512 XML signatures require the Microsoft Enhanced RSA and AES Cryptographic Provider. This provider’s type is 24.
More details about cryptographic service providers (CSPs) and their capabilities may be found at:
https://msdn.microsoft.com/en-us/library/windows/desktop/bb931357(v=vs.85).aspx
The following code displays various information about an X.509 certificate and its associated private key.

var x509Certificate = new X509Certificate2(“test.pfx”, “password”, X509KeyStorageFlags.Exportable);
Console.WriteLine(x509Certificate.ToString(true));

The output includes information about the cryptographic provider.
The following output shows the Microsoft Enhanced RSA and AES Cryptographic Provider (type 24) is used and this private key may be used to generate SHA-256, SHA-384 and SHA-512 XML signatures.

[Private Key]
Key Store: User
Provider Name: Microsoft Enhanced RSA and AES Cryptographic Provider
Provider type: 24
Key Spec: Exchange
Key Container Name:
Hardware Device: False
Removable: False

By comparison, the following output is for a private key that doesn’t support SHA-256 XML signatures although it may be used to generate SHA-1 XML signatures.

[Private Key]
Key Store: User
Provider Name: Microsoft Strong Cryptographic Provider
Provider type: 1
Key Spec: Exchange
Key Container Name:
Hardware Device: False
Removable: False

[quote]
ComponentSpace - 7/11/2015
SHA-256, SHA-384 and SHA-512 XML signatures require the Microsoft Enhanced RSA and AES Cryptographic Provider. This provider's type is 24.
More details about cryptographic service providers (CSPs) and their capabilities may be found at:
https://msdn.microsoft.com/en-us/library/windows/desktop/bb931357(v=vs.85).aspx
The following code displays various information about an X.509 certificate and its associated private key.

var x509Certificate = new X509Certificate2("test.pfx", "password", X509KeyStorageFlags.Exportable);
Console.WriteLine(x509Certificate.ToString(true));

The output includes information about the cryptographic provider.
The following output shows the Microsoft Enhanced RSA and AES Cryptographic Provider (type 24) is used and this private key may be used to generate SHA-256, SHA-384 and SHA-512 XML signatures.

[Private Key]
Key Store: User
Provider Name: Microsoft Enhanced RSA and AES Cryptographic Provider
Provider type: 24
Key Spec: Exchange
Key Container Name:
Hardware Device: False
Removable: False

By comparison, the following output is for a private key that doesn't support SHA-256 XML signatures although it may be used to generate SHA-1 XML signatures.

[Private Key]
Key Store: User
Provider Name: Microsoft Strong Cryptographic Provider
Provider type: 1
Key Spec: Exchange
Key Container Name:
Hardware Device: False
Removable: False
[/quote]

Do we need anything at the verification side as well? So after generating signature with provider type 24 Is there any setting required at signature verification party?

No. This shouldn’t have any impact on the partner site verifying the signatures. No changes are made to the private or public key. The cryptographic service provider type is a separate property stored in the PFX file.