HMACSHA1 --> HMACSHA256 #4411
HMACSHA1 --> HMACSHA256 #4411
Conversation
The second argument is ignored in .NET Core, just replace it with |
I took another look at this code file, and it specifies SHA1 in several places, not just by using HMACSHA1. One that it's not obvious how to fix is where it defines a URI for SHA1: In the other place where it specifies SHA1 the equivalent SHA256 values are clear. Also, it turns out that the parts of the code file that specify SHA1 are not included in any snippet shown on the site. Only a small portion of this very large file is shown, as seen here. |
Fixes dotnet/docs#10203
From the issue:
Notes:
No uses of RIPEMD160 or MacTripleDes found outside of the types themselves and lists of options.
Replaced HMACSHA1 with HMACSHA256 in code examples except where constructor that takes two arguments is called
This is in code files samples\snippets\csharp\VS_Snippets_CFX\samlattribute\cs\source.cs and samples\snippets\visualbasic\VS_Snippets_CFX\samlattribute\vb\source.vb
The list of supported algorithms for x509asymmetricsecuritykey.issymmetricalgorithm and inmemorysymmetricsecuritykey.issupportedalgorithm includes HmacSha1Signature but not HmacSha256Signature.
The list of options for signedinfo.signaturemethod includes HMACSHA1 but not HMACSHA256.
Exception remarks for CryptographicException under SignedXml.ComputeSignature(KeyedHashAlgorithm) say the algorithm must be HMACSHA1.
The default symmetric signature algorithm is said to be HMACSHA1 for basic128securityalgorithmsuite, basic192securityalgorithmsuite, basic256securityalgorithmsuite, and tripledessecurityalgorithmsuite, but the Remarks recommend HMACSHA256.