First published on TECHNET on Sep 30, 2010
UPDATE (2/8): Based on some recent questions, additional information has been posted about SHA2 and Windows.
Introduction
We’ve recently received a couple of requests from customers around the functionality of SHA-256 when running on Windows XP and 2003. This has been more important recently, as NIST has recommended the migration off of SHA-1 by end of the year. More details about the NIST recommendation can be found in SP 800-78-2 and SP 800-57 . Hopefully this blog post can help clear up the confusion surrounding scenarios that work and the ones that don’t.
Windows XP Support
Prior to Windows XP Service Pack 3, there was no SHA2 functionality within Windows XP. With the release of Service Pack 3 some limited functionality was added to the crypto module rsaenh.dll. This includes the following SHA2 hashes: SHA-256, SHA-384, SHA-512. SHA-224 was not included.
Windows Server 2003 Support
Windows Server 2003 Service Pack 2 does not ship with support for SHA2. This limitation can become an important concern when processing smart card logons and for mutual TLS authentications to web servers. As unlike other technologies, smart card logon and mutual TLS both use strict revocation checking; so should either the certificate itself or the revocation information (CRL/OCSP) use SHA2, the logon would fail.
KB 938397
Though support SHA2 is not included in Windows Server 2003 Service Pack 2, it is available for download. KB 938397 will bring Windows Server 2003 to the same level of functionality as Windows XP with Service Pack 3. KB 938397 is not available via Windows Update; it needs to be requested via the “View and request hotfix downloads” link on the support page . Note, KB 938397 is also offered for Windows Server 2003 Service Pack 1.
KB 968730
With the release of Windows Server 2008 it was found that Windows XP Service Pack 3 and Windows Server 2003 Service Pack 2 with KB 938397 were unable to request certificates from a Windows Server 2008 (and 2008 R2) certificate authority (CA) who’s certificate was signed with a SHA2 hash. KB 968730 was release to address this issue. Incidentally, KB 968730 completely supersedes KB 938397; so if a Windows Server 2003 Service Pack 2 system would need to both enroll from a SHA2 certificate authority and process SHA2 certificates, only KB 968730 would need to be installed. As before, KB 968730 is not available via Windows Update; it needs to be requested via the “View and request hotfix downloads” link on the support page . Note, KB 968730 is not offered for Windows Server 2003 Service Pack 1.
Windows Vista, 7, Server 2008, and Server 2008 R2
Starting with Windows Vista and Server 2008, the Cryptography Next Generation (CNG) Suite B algorithms (including SHA2) are included in the operating system. It is worth noting that even though the algorithms are available, it is up to the individual applications to implement support.
Outlook and S/MIME
Besides logon, another very popular use for smart cards is S/MIME. But before diving into Outlook and S/MIME, the following warning should be given: Regardless of the functionality Windows and Outlook provide; in order for mail to be delivered between two users, there are any number of spam filters, relays, mailboxes, etc between sender and recipient. Each of these can be made by a wide range of vendors; running on a wide range of platforms. So before deploying SHA2, testing should be done against one’s own email infrastructure, in addition to the email infrastructure of external organizations from whom S/MIME signed mail needs to be exchanged with.
All those warnings aside, the basic functionality for Outlook is a follows. Outlook 2003, 2007, and 2010 running on Windows XP Service Pack 3 can sign and validate certificates when that certificate itself is SHA2 signed. Outlook 2003, 2007, and 2010 running on Windows XP Service Pack 3 cannot validate email messages when the message itself is SHA2 signed (regardless of the certificate used). Outlook 2003, 2007, and 2010 running on Windows XP Service Pack 3 cannot sign a message with SHA2; only SHA-1 and MD5 are available.
In order to validate SHA2 messages, Windows Vista with Outlook 2003 (or newer) is needed. In order to both sign and validate SHA2 messages, Windows Vista or 7 with Outlook 2007 or 2010 is needed.
Recommendations
For organizations looking to deploy SHA2 or organizations that interact with 3 rd parties that will soon begin using SHA2, the following is recommended.
- If Windows XP is used in the environment, Service Pack 3 should be deployed. In addition to SHA2 functionality, Service Pack 3 is currently the only Windows XP service pack that is supported.
- If Windows XP systems would need to enroll in certificates from a SHA2 certificate authority, KB 968730 should be deployed.
- If Windows Server 2003 is used in the environment, Service Pack (1 or 2) and KB 938397 should be deployed.
- If Windows Server 2003 would need to enroll in certificates from a SHA2 certificate authority, Service Pack 2 and KB 968730 should be deployed. If planning on deploying KB 968730, installing KB 938397 is not necessary.
- If S/MIME using SHA2 signing for the message body is needed, workstations should be upgraded to at least Windows Vista running Office 2003.
Summary Chart
XP SP3 |
XP SP3 with KB968730 |
2003 R2 SP2 |
2003 R2 SP2 with KB968730 |
Windows Vista, 7, 2008, 2008 R2 |
||
Basic Functionality |
||||||
Browsing a website using SHA2 certificate |
Works |
Works |
Unable to validate certificate |
Works |
Works |
|
Open a certificate and viewing properties |
Works |
Works |
Unable to validate certificate |
Works |
Works |
|
Interactive logon and mutual TLS (client system) |
||||||
Client with SHA2 certificate; server with SHA1 certificate |
Works |
Works |
Works |
Works |
Works |
|
Client with SHA2 certificate; server with SHA2 certificate |
Works |
Works |
Unable to login |
Works |
Works |
|
Interactive logon and mutual TLS (domain controller / IIS server) |
||||||
Client with SHA2 certificate; server with SHA1 certificate |
N/A |
N/A |
Unable to login |
Works |
Works |
|
Certificate Enrollment |
||||||
V3 certificate template enrollment from any type of root |
Unable to select template |
Unable to select template |
Unable to select template |
Unable to select template |
Works |
|
V2 certificate template enrollment from SHA2 root |
Request fails |
Works |
Request fails |
Works |
Works |
|
S/MIME (Outlook 2003) |
||||||
Validate and sign to a SHA2 certificate |
Works |
Works |
N/A |
N/A |
Works |
|
Validate message body signed with SHA2 |
Unable to validate certificate |
Unable to validate certificate |
N/A |
N/A |
Works |
|
Sign message body with SHA2 |
Not an available option |
Not an available option |
N/A |
N/A |
Not an available option |
|
S/MIME (Outlook 2007 and 2010) |
||||||
Validate and sign to a SHA2 certificate using SHA-1 for the message signature |
Works |
Works |
N/A |
N/A |
Works |
|
Validate message body signed with SHA2 |
Unable to validate certificate |
Unable to validate certificate |
N/A |
N/A |
Works |
|
Sign message body with SHA2 |
Not an available option |
Not an available option |
N/A |
N/A |
Works |
-Adam Stasiniewicz
UPDATE (2/8): Based on some recent questions, additional information has been posted about SHA2 and Windows.
Updated Feb 21, 2020
Version 3.0MS2065
Microsoft
Joined January 09, 2020
Core Infrastructure and Security Blog
Follow this blog board to get notified when there's new activity