Hi, first of all thnx for the reply. but what you say seems to contradict what the rfc says... here are the definitions from the rfc...
this is for the field in the Certificate....
The signatureAlgorithm field contains the identifier for the cryptographic algorithm used by the CA to sign this certificate. An algorithm identifier is defined by the following ASN.1 structure:
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL }The algorithm identifier is used to identify a cryptographic algorithm. The OBJECT IDENTIFIER component identifies the algorithm (such as DSA with SHA-1). The contents of the optional parameters field will vary according to the algorithm identified.
This field MUST contain the same algorithm identifier as the signature field in the sequence tbsCertificate (section 4.1.2.3).
this is for the field in the TBSCertificate....
This field contains the algorithm identifier for the algorithm used
by the CA to sign the certificate.This field MUST contain the same algorithm identifier as the signatureAlgorithm field in the sequence Certificate.
hope my point is clear...
Sravan
[EMAIL PROTECTED] wrote:
Sravan,
the AlgorithmIdentifier in the Certificate definition tells you which algorithms have been used to produce and to verifify the certificate signature. The AlgorithmIdentifier in the TBSCertificate tells you which algorithms to use applying the key included.
regards
Thomas
smime.p7s
Description: S/MIME Cryptographic Signature
