This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Certificate Algorithm ID
Certificate Algorithm ID

Version management

Difference between version and

At line 1 added 62 lines
!!! Overview
The [{$pagename}] (Signature) field specifies the [algorithm] used by the [Certificate Issuer] to sign the certificate, and any parameters associated with the [algorithm].
!! [X.509 Style Guide]
Signature (as defined in[RFC 5280])
This __rather misnamed field__ contains the [{$pagename}] for the signature algorithm used by the [Certificate Authority] to sign the [certificate]. There doesn't seem to be much use for this field, although you should check that the [{$pagename}] matches the one of [SignatureAlgorithm] on the [Basic Certificate Fields] Even if someone can forge the [Digital Signature] on the [certificate] then they can also change the inner [{$pagename}], it's possible that this was included because of some obscure [attack] where someone who could convince (broken) [{$pagename}] A to produce the same signature value as (secure) algorithm B ([Cryptographic Collision]) could change the outer, unprotected [{$pagename}] from B to A, but couldn't change the inner [{$pagename}] without invalidating the [Digital Signature]. What this would achieve is unclear.
Be very careful with your use of [Object Identifiers]. In many cases there are a great many [OIDs] available for the same [{$pagename}], but the exact [OID] you're supposed to use varies somewhat.
Your best bet is to copy the [OIDs] everyone else uses and/or use the RSADSI or X9 [OIDs] (rather than the OSI or OIW or any other type of [OID]). OTOH if you want to be proprietary while still pretending to follow a standard, use [OSI] [OID]'s which are often underspecified, so you can do pretty much whatever you want with things like [block] formatting and [padding|padded].
Another pitfall to be aware of is that [{$pagename}] which have no parameters have this specified as a [null] value rather than omitting the parameters field entirely. The reason for this is that when the [1988|Year 1988] syntax for [AlgorithmIdentifier] was translated into the [1997|Year 1997] syntax, the [OPTIONAL] associated with the [AlgorithmIdentifier] parameters got lost. Later it was recovered via a defect report, but by then everyone thought that [algorithm] parameters were mandatory. Because of this the [algorithm] parameters should be specified as [null], regardless of what you read elsewhere.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [4.1.1.2 Signature|https://tools.ietf.org/html/rfc5280#section-4.1.1.2|target='_blank'] - based on information obtained 2018-07-19
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop