I've been using .NET for cryptographic purposes a bit. Up to now, I used 3DES (Oid 1.2.840.113549.3.7) in combination with rsaEncryption (Oid 1.2.840.113549.1.1.1, RSAES-PKCS1-v1_5). While the first one has now to be replaced by AES (Oid 2.16.840.1.101.3.4.1.42), I still have to use rsaEncryption / RSAES-PKCS1-v1_5, not RSAES-OAEP.
If I just pass an additional argument to the EnvelopedCMS constructor that I'm calling, I can switch from 3DES to AES:
ContentInfo plainContent = new ContentInfo(new Oid("1.2.840.113549.1.7.1"), data);
EnvelopedCms encryptedMessage = new EnvelopedCms(plainContent); // using 3DES
// EnvelopedCms encryptedMessage = new EnvelopedCms(plainContent, new AlgorithmIdentifier(new Oid("2.16.840.1.101.3.4.1.42"))); // for AES (id-aes256-CBC)
CmsRecipient recipient = new CmsRecipient(cert);
encryptedMessage.Encrypt(recipient);
byte[] encryptedBytes = encryptedMessage.Encode();
That's fine so far. Unfortunately, some recipients cannot decrypt my messages, althought they are able to decrypt AES. Looking at the ASN.1 structure tells me that not only 3DES changed to AES, but also rsaEncryption (1.2.840.113549.1.1.1) was replaced by RSAES-OAEP (1.2.840.113549.1.1.7). Can I somehow force to still use RSAES-PKCS1-v1_5 with EnvelopedCMS? Or do you see another problem in switching 3DES->AES?
Edit: In case I cannot change the padding that easily to v1.5, what other options do I have? Manually calling the CryptoServiceProviders and build up the PKCS#7 envelope on my own? Are there more elegant ways?