> > Sravan, > > the AlgorithmIdentifier in the Certificate definition tells you which > algorithms have been used to produce and to verifify the certificate > signature. The AlgorithmIdentifier in the TBSCertificate tells you which > algorithms to use applying the key included. >
No. eys to be used for encryption have no signature. 3280: 4.1.1.2 signatureAlgorithm ... This field MUST contain the same algorithm identifier as the signature field in the sequence tbsCertificate (section 4.1.2.3). .. 4.1.2.3 Signature This field contains the algorithm identifier for the algorithm used by the CA to sign the certificate. This field MUST contain the same algorithm identifier as the signatureAlgorithm field in the sequence Certificate (section 4.1.1.2). The 'outer' field occurs before the field that is signed allowing to initialise you hash algorithm machine in a one pass logic. The 'inner' ... well left as an excercise. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
