RSASSA-PSS in C#

Question

Does anyone know which signature algorithm is used for RSACryptoServiceProvider.SignHash? I believe it is RSAPKCS1, is that still secure?

Does anyone have an idea of

Answer 1

RSACryptoServiceProvider can only do PKCS-1 signatures.

In .NET 4.6 a new set of methods was added on the RSA base class which added an RSASignaturePadding parameter. The RSACng class can do RSASSA-PSS via the RSASignaturePadding.Pss value (PSS with MGF-1, MGF digest and PSS digest are both the message digest, and the salt size is the digest size).

.NET 4.6 also added better type-safety to getting keys from certificates, and the new approaches will most likely return RSACng:

using (RSA privateKey = cert.GetRSAPrivateKey())
{
    return privateKey.SignHash(hash, HashAlgorithmName.SHA256, RSASignaturePadding.Pss);
}