7

I work on an EBICS implementation in C# and I need to send to my bank the hash of my three certificates in SHA256 format in order to enable EBICS link with it.

I generated them in C# with BouncyCastle and now I have a X509Certificate2 object.

So to hash my certificate I used the following code : 

String HashCertificate = Certificat.GetCertHashString();

And he return me the following result :

21952A5F79CA3232A656794EE4532BECF5AE3960

But the length don't match with the lenght of the hash of the bank certificate :

57436AD3D09989ED74F4FCCDBF7668C43F8BF87C933F90B065ED442A22E5B0BF

So I think the GetCertHashString() function return the hash of the certificate in SHA1 format and I have no idea how I can hash it in SHA256.

Can you help me please ?

Thank you in advance

Thomas Rollet
  • 1,573
  • 4
  • 19
  • 33

1 Answers1

10

As MSDN says GetCertHashString method always

Returns the SHA1 hash value for the X.509v3 certificate as a hexadecimal string.

regardless of signature algorithm since it is Windows specific thumbprint used internally in certifcates store.

You can calculate any other hash by accessing certificate content from its RawData property, e.g. for SHA256:

using (var hasher = SHA256.Create())
{
    var hash = hasher.ComputeHash(cert.RawData);
    Console.WriteLine(BitConverter.ToString(hash));
}
dewaffled
  • 2,850
  • 2
  • 17
  • 30