Our company is switching over from using SHA-1 certificates to SHA-2 certificates.
I noticed that CAPICOM only has a CAPICOM_CERTIFICATE_FIND_SHA1_HASH find method.
Will switching over from SHA-1 to SHA-2 mean we will need to switch to an alternative to CAPICOM for verifiying/encrypting/decrypting using these certificates?
CAPICOM_CERTIFICATE_FIND_SHA1_HASH - that's not about hash algorithm, used for signing, but about searching for certificate via fingerprint (i.e. hash of certificate data). Since CAPICOM uses Microsoft crypto providers, which supports CALG_SHA_256, Capicom should support them as well.
However, you can use other commercial solution, there is a bunch of them, available on the market (BouncCastle, /n software, SecureBlackbox).
