On 7/15/10 11:47 AM, Mark Bishop wrote: > Where can I find out the details on how a signature is created for a > certificate and how it differs from creating a signature on a data file? > > Is it as simple as running MD5, SHA-1, SHA-256, etc on the cert, > encrypting the hash with the private key and sticking the results on > the end of the cert (X509)? Or am I missing a key concept? > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org You are looking for something called X.509 (available from itu.int, the 09/2005 edition is available for free) and for the Internet Profile for PKI (PKIX, most lately in RFC5280).
What you do is this: You create something called a 'tbsCertificate'
structure ('tbs' means 'to be signed'). Then, you follow the rules
defined to specify the hash function in use (and its context/semantics);
create the hash using those semantics; and encrypt it with the private
key used as the Authority which signed it.
There's a fair amount of voodoo that must happen to make it work, so you
will really have to look at the standards to see the precise order of steps.
-Kyle H
smime.p7s
Description: S/MIME Cryptographic Signature
