Mapping Object Identifiers to Cryptography Algorithms

Note

This article is specific to .NET Framework. It doesn't apply to newer implementations of .NET, including .NET 6 and later versions.

Digital signatures ensure that data is not tampered with when it is sent from one program to another. Typically the digital signature is computed by applying a mathematical function to the hash of the data to be signed. When formatting a hash value to be signed, some digital signature algorithms append an ASN.1 Object Identifier (OID) as part of the formatting operation. The OID identifies the algorithm that was used to compute the hash. You can map algorithms to object identifiers to extend the cryptography mechanism to use custom algorithms. The following example shows how to map an object identifier to a new hash algorithm.

<configuration>
   <mscorlib>
      <cryptographySettings>
         <cryptoNameMapping>
            <cryptoClasses>
               <cryptoClass MyNewHash="MyNewHashClass, MyAssembly
                  Culture='en', PublicKeyToken=a5d015c7d5a0b012,
                  Version=1.0.0.0"/>
            </cryptoClasses>
            <nameEntry name="NewHash" class="MyNewHash"/>
         </cryptoNameMapping>
         <oidMap>
            <oidEntry OID="1.3.14.33.42.46"  name="NewHash"/>
         </oidMap>
      </cryptographySettings>
   </mscorlib>
</configuration>

The <oidEntry> element contains two attributes. The OID attribute is the object identifier number. The name attribute is the value of the name attribute from the <nameEntry> element. There must be a mapping from an algorithm name to a class before an object identifier can be mapped to a simple name.

See also