Does Microsoft's CAPICOM ActiveX control support SHA-2?

Our company is switching over from using SHA-1 certificates to SHA-2 certificates.

I noticed that CAPICOM only has a CAPICOM_CERTIFICATE_FIND_SHA1_HASH find method.

Will switching over from SHA-1 to SHA-2 mean we wi开发者_开发百科ll need to switch to an alternative to CAPICOM for verifiying/encrypting/decrypting using these certificates?

CAPICOM_CERTIFICATE_FIND_SHA1_HASH - that's not about hash algorithm, used for signing, but about searching for certificate via fingerprint (i.e. hash of certificate data). Since CAPICOM uses Microsoft crypto providers, which supports CALG_SHA_256, Capicom should support them as well.

However, you can use other commercial solution, there is a bunch of them, available on the market (BouncCastle, /n software, SecureBlackbox).