Using RSACryptoServiceProvider or RSAPKCS1SignatureFormatter to create digital signatures with SHA256 does not work on Windows Server 2008R2.
According to the following posts:
RSACryptoServiceProvider with SHA256 should be able to use SHA256 implementation of CSP or CNG. The last URL posted above also mentions that this issue would be fixed in .NET 4.0. Although, I am seeing this is NOT to be true.
The only SHA256 implementation I see working is SHA256Managed(). But, I am planning to use my application to run with the FIPS policy set to allow only FIPS validated algorithms to run. In such a case I am unable to use SHA256 for RSA signing purposes.
I should also mention this, creating SHA256 hashes from the implementation in CSP or CNG do work (in FIPS mode also). It is only when one passes SHA256 object to RSACryptoServiceProvider.SignData() function the problem re-surfaces.
Besides the codeplex workaround listed somewhere, is there any solution for creating RSA-SHA256 signatures in a FIPS validated manner on Windows Server 2008 R2?
(I would want to avoid running the codeplex workaround to the extent possible)