On the Windows Server 2003 platform we were unable to perform PKCS#7 signatures with SHA256+, unable to perform PKCS#7 enveloped data with AES encryption, unable to perform RSA signatures with SHA256+ and unable to perform WCF SOAP signing with SHA256. All requirements by the way. We were able to perform PKCS#7 signatures up to SHA512 on Windows XP SP3 using CAPI, RSA worked out of the box up to SHA512, and WCF Soap signing with SHA256 with a machine.config tweak, but still not meeting the requirements for PKCS#7 enveloped data.