Compartilhar via


SHA2 and Windows

UPDATE (2/8):   Based on some recent questions, additional information has been posted about SHA2 and Windows.

Introduction

We’ve recently received a couple of requests from customers around the functionality of SHA-256 when running on Windows XP and 2003. This has been more important recently, as NIST has recommended the migration off of SHA-1 by end of the year. More details about the NIST recommendation can be found in SP 800-78-2 and SP 800-57. Hopefully this blog post can help clear up the confusion surrounding scenarios that work and the ones that don’t.

Windows XP Support

Prior to Windows XP Service Pack 3, there was no SHA2 functionality within Windows XP. With the release of Service Pack 3 some limited functionality was added to the crypto module rsaenh.dll. This includes the following SHA2 hashes: SHA-256, SHA-384, SHA-512. SHA-224 was not included.

Windows Server 2003 Support

Windows Server 2003 Service Pack 2 does not ship with support for SHA2. This limitation can become an important concern when processing smart card logons and for mutual TLS authentications to web servers. As unlike other technologies, smart card logon and mutual TLS both use strict revocation checking; so should either the certificate itself or the revocation information (CRL/OCSP) use SHA2, the logon would fail.

KB 938397

Though support SHA2 is not included in Windows Server 2003 Service Pack 2, it is available for download. KB 938397 will bring Windows Server 2003 to the same level of functionality as Windows XP with Service Pack 3. KB 938397 is not available via Windows Update; it needs to be requested via the “View and request hotfix downloads” link on the support page. Note, KB 938397 is also offered for Windows Server 2003 Service Pack 1.

KB 968730

With the release of Windows Server 2008 it was found that Windows XP Service Pack 3 and Windows Server 2003 Service Pack 2 with KB 938397 were unable to request certificates from a Windows Server 2008 (and 2008 R2) certificate authority (CA) who’s certificate was signed with a SHA2 hash. KB 968730 was release to address this issue. Incidentally, KB 968730 completely supersedes KB 938397; so if a Windows Server 2003 Service Pack 2 system would need to both enroll from a SHA2 certificate authority and process SHA2 certificates, only KB 968730 would need to be installed. As before, KB 968730 is not available via Windows Update; it needs to be requested via the “View and request hotfix downloads” link on the support page. Note, KB 968730 is not offered for Windows Server 2003 Service Pack 1.

Windows Vista, 7, Server 2008, and Server 2008 R2

Starting with Windows Vista and Server 2008, the Cryptography Next Generation (CNG) Suite B algorithms (including SHA2) are included in the operating system. It is worth noting that even though the algorithms are available, it is up to the individual applications to implement support.

Outlook and S/MIME

Besides logon, another very popular use for smart cards is S/MIME. But before diving into Outlook and S/MIME, the following warning should be given: Regardless of the functionality Windows and Outlook provide; in order for mail to be delivered between two users, there are any number of spam filters, relays, mailboxes, etc between sender and recipient. Each of these can be made by a wide range of vendors; running on a wide range of platforms. So before deploying SHA2, testing should be done against one’s own email infrastructure, in addition to the email infrastructure of external organizations from whom S/MIME signed mail needs to be exchanged with.

All those warnings aside, the basic functionality for Outlook is a follows. Outlook 2003, 2007, and 2010 running on Windows XP Service Pack 3 can sign and validate certificates when that certificate itself is SHA2 signed. Outlook 2003, 2007, and 2010 running on Windows XP Service Pack 3 cannot validate email messages when the message itself is SHA2 signed (regardless of the certificate used). Outlook 2003, 2007, and 2010 running on Windows XP Service Pack 3 cannot sign a message with SHA2; only SHA-1 and MD5 are available.

In order to validate SHA2 messages, Windows Vista with Outlook 2003 (or newer) is needed. In order to both sign and validate SHA2 messages, Windows Vista or 7 with Outlook 2007 or 2010 is needed.

Recommendations

For organizations looking to deploy SHA2 or organizations that interact with 3rd parties that will soon begin using SHA2, the following is recommended.

  • If Windows XP is used in the environment, Service Pack 3 should be deployed. In addition to SHA2 functionality, Service Pack 3 is currently the only Windows XP service pack that is supported.
  • If Windows XP systems would need to enroll in certificates from a SHA2 certificate authority, KB 968730 should be deployed.
  • If Windows Server 2003 is used in the environment, Service Pack (1 or 2) and KB 938397 should be deployed.
  • If Windows Server 2003 would need to enroll in certificates from a SHA2 certificate authority, Service Pack 2 and KB 968730 should be deployed. If planning on deploying KB 968730, installing KB 938397 is not necessary.
  • If S/MIME using SHA2 signing for the message body is needed, workstations should be upgraded to at least Windows Vista running Office 2003.

Summary Chart

XP SP3

XP SP3 with KB968730

2003 R2 SP2

2003 R2 SP2 with KB968730

Windows Vista, 7, 2008, 2008 R2

Browsing a website using SHA2 certificate

Works

Works

Unable to validate certificate

Works

Works

Open a certificate and viewing properties

Works

Works

Unable to validate certificate

Works

Works

Client with SHA2 certificate; server with SHA1 certificate

Works

Works

Works

Works

Works

Client with SHA2 certificate; server with SHA2 certificate

Works

Works

Unable to login

Works

Works

Client with SHA2 certificate; server with SHA1 certificate

N/A

N/A

Unable to login

Works

Works

V3 certificate template enrollment from any type of root

Unable to select template

Unable to select template

Unable to select template

Unable to select template

Works

V2 certificate template enrollment from SHA2 root

Request fails

Works

Request fails

Works

Works

Validate and sign to a SHA2 certificate

Works

Works

N/A

N/A

Works

Validate message body signed with SHA2

Unable to validate certificate

Unable to validate certificate

N/A

N/A

Works

Sign message body with SHA2

Not an available option

Not an available option

N/A

N/A

Not an available option

Validate and sign to a SHA2 certificate using SHA-1 for the message signature

Works

Works

N/A

N/A

Works

Validate message body signed with SHA2

Unable to validate certificate

Unable to validate certificate

N/A

N/A

Works

Sign message body with SHA2

Not an available option

Not an available option

N/A

N/A

Works

-Adam Stasiniewicz

 

UPDATE (2/8):   Based on some recent questions, additional information has been posted about SHA2 and Windows.

Comments

  • Anonymous
    January 01, 2003
    @Andi: We are talking about SHA2 functionality in Windows.  What a smart card can/cannot do in it's internal hardware is a question for the card manufacturer.

  • Anonymous
    January 01, 2003
    I am wondering why when microsoft is moving to SHA-2 only supported CA's is the fix only available as a hotfix and not available as part of a normal windows update. It has been this way since the initial patch was released.

  • Anonymous
    January 01, 2003
    Hello; the two primary sources I used were KB 938397 & KB 968730.  The rest was based on my own testing. Hope that clears things up, Adam

  • Anonymous
    January 01, 2003
    thumbs up.

  • Anonymous
    January 01, 2003
    @Anonymous: For basic SHA2 support, Windows XP SP3 includes the needed code. A hotfix is only needed on XP if auto-enrollment is used. Please remember, both XP and Server 2003 are rapidly approaching their End-Of-Life.

  • Anonymous
    January 01, 2003
    @ Adriano:  Since XP SP2 is no longer supported, we no longer are releasing security updates for it.  I would strongly urge you to upgrade your XP systems to SP3 (or to a newer version of Windows).  The risk of using an unpatched system is far higher than the risk of cryptographic weakness in SHA-1.

  • Anonymous
    January 01, 2003
    Good information

  • Anonymous
    January 01, 2003
    Good information

  • Anonymous
    October 01, 2010
    Thanks for this really interesting article Adam! That was helpful.

  • Anonymous
    May 05, 2011
    I really appreciate you taking the time to post this information on SHA-256.  Can you cite some of your resources?  This would also be enormously helpful, as many people who could make the best use of your information would have to also get more granular information as well. Thanks again for the enormous help.

  • Anonymous
    June 20, 2011
    What about the userPassword attribute in AD-LDS? I don't find any informations, wheather I can save the passwords as SHA2 hashes or not. Thank you, with kind regards Heiko

  • Anonymous
    December 07, 2011
    SHA Client requirement? please

  • Anonymous
    January 16, 2012
    Just relaying information requested and answered regarding this blog: Windows 2003 still doesn’t recognizing certificates, signed by SHA 256 (Algorithm ObjectId: 1.2.840.113549.1.1.10 RSASSA-PSS); Premier support replies with the statement,: it’s never supported. Correct, we don’t support RSASSA-PSS in 2003.  RSASSA-PSS is different from the basic SHA-256.  Generally you see this when you install ADCS with AlternateSignatureAlgorithm=1 in the CAPolicy.inf.

  • Anonymous
    March 31, 2012
    Hi I am getting the below error Invalid algorithm specified.    at System.Security.Cryptography.Pkcs.SignerInfo.Verify(X509Certificate2Collection extraStore, X509Certificate2 certificate, Boolean verifySignatureOnly) in wIn2k3 SP2 , i am using vb.net to verify the signature here is the pice of code Dim message As String            Dim signature As String            Dim base64Signature As String            Dim messageBytes() As Byte            Dim signatureBytes() As Byte            message = Regex.Match(messageWithSignature, "(?>({4:)).?(-})", RegexOptions.Singleline).Value            signature = Regex.Match(messageWithSignature, "(?<=({UMAC:)).[^}]", RegexOptions.Singleline).Value            'base64Signature = signature.Replace(PKCS7_HEADER, "")            'base64Signature = base64Signature.Replace(PKCS7_FOOTER, "")            base64Signature = signature            base64Signature = Regex.Replace(base64Signature, "[^A-Za-z0-9+-/= ]", "")            base64Signature = Regex.Replace(base64Signature, "-----BEGIN PKCS7-----", "")            base64Signature = Regex.Replace(base64Signature, "-----END PKCS7-----", "")            messageBytes = _encoding.GetBytes(message)            signatureBytes = Convert.FromBase64String(base64Signature)            Dim ooid As New Oid            ooid.FriendlyName = "System.Security.Cryptography.SHA256Managed"            ooid.Value = "SHA256"            Dim content As New Pkcs.ContentInfo(ooid, messageBytes)            Dim cmsign As New Pkcs.CmsSigner(_signerCertificate)            cmsign.DigestAlgorithm = ooid            cmsign.IncludeOption = X509Certificates.X509IncludeOption.EndCertOnly            Dim signed As New Pkcs.SignedCms(content, True)            signed.Decode(signatureBytes)            signed.CheckSignature(New X509.X509Certificate2Collection(_signerCertificate), True)            Return True

  • Anonymous
    April 19, 2012
    The comment has been removed

  • Anonymous
    May 11, 2012
    There is stil a lot of people out there using Windows XP SP2 but needing SHA2. Of course we cannot ask them to install SP3 (more than 500 MB) if they have not already done so. There is a simple fix for that problem, just a couple of system DLLs to be updated. Unfortunately, releasing a hotfix would require a lot of non-regression testing by Microsoft. They are not going to do that, I guess, since Windows XP SP2 is out of support since 2010. I can provide such a fix made by me, "AS IS", without any guarantee, to anybody interested. If you want it, get me your email.

    • Anonymous
      August 31, 2016
      The comment has been removed
  • Anonymous
    May 25, 2012
    The comment has been removed

  • Anonymous
    September 02, 2012
    @ Adam : Really a helpful information ...Thanks

  • Anonymous
    December 11, 2012
    Hi when we are talking about a SHA2 certificates it means that the corresponding key (stored inside the smart card) is able to sign a  message based on SHA2RSA? Thanks

  • Anonymous
    January 03, 2013
    Preciso baixar este programa para poder baixar meu certificado digital. Como posso baixa-lo??? Obrigado se puder me informar

  • Anonymous
    April 19, 2013
    when we are talking about a SHA2 certificates it means that the corresponding key (stored inside the smart card) is able to sign a  message based on SHA2RSA? Thanks

  • Anonymous
    April 25, 2013
    KB2661254 supersedes both older hotfixes!

  • Anonymous
    September 11, 2013
    Hi, Windows 7 64bits, outlook 2010, sgntaure with sha2 certificate doesn't work . have you a solution please ? thanks.

  • Anonymous
    November 27, 2013
    Nice article. Is there also an overview of signing with other Microsoft products such as BizTalk 2010 server with AS2-adapter?

  • Anonymous
    January 22, 2014
    Hi,Currently my application is using SHA1 algoritham for password in membership provider.Framework I am using in 3.5SP1.This application is in production.Now we are working on some change requests and one of the request from client is to upgrade hashing algoritham from SHA1 to SHA3. So can you please guide me how to upgrade this using the same.Also does 3.5SP1 support SHA3? Thanks.

  • Anonymous
    February 11, 2014
    Other than above listed, is there any other application still using SHA-1?

  • Anonymous
    February 11, 2014
    Other than above listed, is there any other application still using SHA-1?

  • Anonymous
    February 25, 2014
    What is the impact to a user of Windows XP SP 2? What behavior would the experience visiting a website with a SHA-2 signed certificate? Would it provide a certificate cannot be verified do you accept the risk, or does it break the request?

  • Anonymous
    March 07, 2014
    Hi i want to know which certificate i am having,whether SHA1 or SHA 256,we are using Windows 7,its Purchased on last year.please help me.
    Thx

  • Anonymous
    March 21, 2014
    b/ca-upb14010 szdk2013

  • Anonymous
    May 29, 2014
    Pingback from iOS, Android, and OS X SHA-2 support (in the context of SSL/TLS certificates) - FAQs System

  • Anonymous
    June 11, 2014
    @Robert: so a user using XP SP2 for internet browsing in 2014 is more likely to be a zombie host than worried about SHA2 support.

  • Anonymous
    November 04, 2014
    please share a link for the fix for a 32bit win2003 platform. I only get for 64bit

  • Anonymous
    November 05, 2014
    Celková bezpečnost, kterou PKI IT systémům může poskytovat, je primárně závislá

  • Anonymous
    January 06, 2015
    is possible connect a windows 2000m server as client to a server with Sha2 certificate?

    Regards

  • Anonymous
    January 07, 2015
    @Cristian - There is no support in Windows 2000, earliest support is Windows 2003 SP2/Windows XP SP3.

  • Anonymous
    January 19, 2015
    Is the KB 938397 applicable for Windows server 2003 R2 as well?

  • Anonymous
    February 04, 2015
    Stupid sight no plazce to get the download

  • Anonymous
    February 27, 2015
    Win2003 no longer need manual patch due to the mentioned KBs (938397and 968730) are overruled by MS13-095 (and MS14-049 which superseed MS13-095)

  • Anonymous
    March 03, 2015
    CSS has a solution, www.css-security.com/cms

  • Anonymous
    March 16, 2015
    Thank you for the valuable information you have provided. I have a question: The Summary Chart is the result of your testings using IE or Chrome? Please clarify.

    Thanks.

  • Anonymous
    June 22, 2015
    Will KB 938397 work the same for Windows Pocket PC 2003?

  • Anonymous
    July 16, 2015
    Die

  • Anonymous
    September 10, 2015
    I have no idea what I just read - do I need to do something to have my Papal account work?

  • Anonymous
    September 17, 2015
    In our office we are not using server but for outlook we are getting " The Integrity of this Certificate cannot be guaranteed. The Certificate may be corrupted or may have been altered"


    Can anyone give the solution for this ? ? ? ?

  • Anonymous
    September 18, 2015
    KB968730 only provides a download link for 64-bit Server 2003. Where is the link for XP?

  • Anonymous
    October 28, 2015
    Click on Show hotfixes for all platforms and languages.

  • Anonymous
    July 21, 2016
    Very useful page, and it quickly solved my problem