.NET 7 doesn't support non-Microsoft hash algorithms, and, may be, assymetric algorithms too. This can be a problem for Russia, Kazakhstan and other countries, where national cryptographic algorithms are obligatory.
In the older .NET Framework that stuff works fine, but the .NET Team, I guess, hasn't had enough motivation to fix it in new version of the framework. See dotnet/runtime#26053 for details.
So, there are examples of using WinAPI functions as a workaround +for CMS signing and verifying.
For signing data use the following code snippet:
var certificate = new X509Certificate(...);
var data = Encoding.UTF8.GetBytes("Test");
Oid digestOid;
if (certificate.PublicKey.Oid.Value == GostOids.id_tc26_gost3410_12_256.Value)
digestOid = GostOids.id_tc26_gost3411_12_256;
else if (certificate.PublicKey.Oid.Value == GostOids.id_tc26_gost3410_12_512.Value)
digestOid = GostOids.id_tc26_gost3411_12_512;
else
digestOid = OiwOids.id_sha1;
var signedCms = CmsHelper.Sign(data, true, certificate, digestOid, true, "12345678");For verifiying the previously signed data use the following code:
CmsHelper.Verify(signedCms, true, data, true, X509RevocationMode.Online, X509RevocationFlag.ExcludeRoot);This repo is licensed under the MIT license.