Why does SignHash need to know what hash algorithm was used?

Question

This may be a question for http://crypto.stackexchange.com, but I thought I\'d try it here first as the answer may relate to .NET rather than the encryption algorithm itself

Answer 1

Thanks to Iridium for getting me thinking along the right lines here.

The recipient gets two things:

• The message
• The signature (encrypted by sender's private key)

To verify the message, the recipient is required to decrypt the signature using the sender's public key, and check that against the hash of the message.

If the hash algorithm isn't specified to the recipient, they have no way of knowing how to hash the message, so they can't verify it.

So the algorithm must be specified to the recipient.

In order for the hash algorithm to be specified by the sender (who knows how the signature was created), and not modifiable by anyone else, it needs to be included inside the signature, and encrypted alongside the hash.

So in order to create a useful signature, the hashing algorithm needs to be specified when encrypting the hash.

Answer 2

For example, PKCS#1 padding for RSA signature implies adding a hash function identifier to the hash value before signing.

As I see, you are using exactly this method. Try to set another algorithm with same digest length and you'll see that signatures are different.