Oaep with rsa 256 #2
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 5 commits
December 26, 2025 15:11
This is a first push. Some clean up included. I am testing this on a Windows 11 machine and the expected PKCS#1 v1.5 padding was expected with the original SMIMECryptographer. But it is not. There is a suspicion that new Windows fixes the NIST 800-131A rev 2 recomendation. I am going to now test this on an older Windows version.
Now I need to decide if I use the new BcSMIMECryptographer, or I change the SMIMECryptographer and then produce a LegacySMIMECryptographer, so I have something to show that I can accept SHA-1 for some time.
The previous guidance was to set the default in the smtpagentconfig.xml file but you could still use SHA1. That has now been removed and receiving a SHA1 signed CMS will fail.
It runs again.
Just copied the old SMIMECryptographer to the LegacySMIMECryptographer class, to aid in unit tests. This will have the least effect on the existing install base.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As technology and security requirements evolved over time, the Direct RI needs to support contemporary options to meet industry standards. This enhancement updates support for OAEP asymmetric encryption algorithms to encrypt the symmetric key used in SMIME operations where the padding is updated from SHA-1 to SHA-256.
The enhancement should use OAEP as the default algorithm when sending messages, but passively support accepting messages that still use PKCS 1.5 and OAEP with SHA-1
In addition:
The preceeding PR Dotnet-4.8-udpdate included updates to .NET 4.8 and the inno installer. 99% of the effort to update this repo was just getting the code updated and capable of working with newer tooling and operating sytems updates.
This pull request also makes significant changes to the
AdminMvcproject, primarily converting the project file from the newer SDK-style format to the older, more explicit MSBuild format, and removing dependencies on theMvcContriblibrary in the views. The update includes explicit file inclusions, restores classic Visual Studio web project settings, and rewrites the grid and pagination logic in the relevant views to use custom HTML and server-side logic instead ofMvcContribhelpers.