SSL3 Client Authentication Algorithm
This algorithm is used for SSL3 client authentication. In the SSL3 protocol, a concatenation of an MD5 hash and an SHA hash is signed with an RSA private key. CryptoAPI and the Microsoft Base and Enhanced Cryptographic Providers support this with the hash type CALG_SSL3_SHAMD5.
To create a CALG_SSL3_SHAMD5 hash
-
Using standard CryptoAPI methodology, create MD5 and SHA hashes of the target data.
-
Concatenate the two hashes, with the MD5 value leftmost and the SHA value rightmost. This results in a 36 byte value (16 bytes + 20 bytes).
-
Get a handle to a hash object by calling CryptCreateHash with CALG_SSL3_SHAMD5 passed in the Algid argument.
-
Set the hash value with a call to CryptSetHashParam. The concatenated hash values are passed as a BYTE* in the pbData argument, and the HP_HASHVAL value must be passed in the dwParam argument. Note that CryptHashData should not be called using the handle returned by CryptCreateHash in step 3. Such a call will fail.
-
Call CryptSignHash to generate the signature.
-
Call CryptDestroyHash to destroy the hash object.
CSPs that are intended to be compatible with the Microsoft RSA Providers, rsabase.dll and rsaenh.dll, must implement this functionality. This ALG_ID is used by the Microsoft schannel.dll when performing client authentication with SSL3 in the Microsoft Internet Explorer.