We have an application that signs and verifies messages with SHA1 hashes using CryptoApi. It has worked perfectly for many years under WindowsXP up to Windows 8. It no longer works on Windows 8.1. CryptSignHash fails with error code 87 (Invalid Parameter). CryptVerifySignature does not fail but returns NTE_BAD_SIGNATURE (for valid signatures created on Windows 8). We have tested everything we can .. it works on Windows 8 and below, fails on Windows 8.1.
Do you have any ideas on how to debug this further? We exported the imported public and private keys again and verified that they are correct. We skipped using 'our' keys and generated new keys -> signing fails also with error 87 We generated new keys and encrypted/decrypted a message with them using RSA_FULL and DES -> no problem, works as expected. We checked the version of the RSA_FULL provider. It is 2.0 on both Windows 8 and Windows 8.1. We tried explicitly specifying the provider name: Microsoft Base Cryptographic Provider v1.0
Does signing work for any of you on Windows 8.1.?
Is there anything else that is new on Windows 8.1. that could prevent signing from working? Has something changed with respect to the providers or algorithms that we should know?
The application is written in Delphi, uses approximately the following flow:
//Setup crypto provider
CryptAcquireContext(@fhCryptProv, nil, nil, cptRSAFull, [ccVerify, ccMachineKeySet]);
//Create a hash structure
CryptCreateHash( fProvider.GetProviderHandle, chtSHA1, 0, 0, @fhHash);
//Import the private key for signing
CryptImportKey( fProvider.GetProviderHandle, @buff[0], len, 0, CRYPT_EXPORTABLE, @fKey);
//Hash the message
CryptHashData(fhHash, @aPlainText[1], length(aPlainText) * 2, 0);
//Sign the message
CryptSignHash(fhHash, AT_SIGNATURE, nil, CRYPT_NOHASHOID OR CRYPT_X931_FORMAT, @buff, @len);
