<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
The [{$pagename}] (Signature) field specifies the [algorithm] used by the [Certificate Issuer] to sign the certificate, and any parameters associated with the [algorithm].


!! [X.509 Style Guide]
Signature (as defined in[RFC 5280])

This __rather misnamed field__ contains the [{$pagename}] for the signature algorithm used by the [Certificate Authority] to sign the [certificate].  There doesn't seem to be much use for this field, although you should check that the [{$pagename}] matches the one of [SignatureAlgorithm] on the [Basic Certificate Fields] Even if someone can forge the [Digital Signature] on the [certificate] then they can also change the inner [{$pagename}], it's possible that this was included because of some obscure [attack] where someone who could convince (broken) [{$pagename}] A to produce the same signature value as (secure) algorithm B ([Cryptographic Collision]) could change the outer, unprotected [{$pagename}] from B to A, but couldn't change the inner [{$pagename}] without invalidating the [Digital Signature].  What this would achieve is unclear.

Be very careful with your use of [Object Identifiers].  In many cases there are a great many [OIDs] available for the same [{$pagename}], but the exact [OID] you're supposed to use varies somewhat.

Your best bet is to copy the [OIDs] everyone else uses and/or use the RSADSI or X9 [OIDs] (rather than the OSI or OIW or any other type of [OID]).  OTOH if you want to be proprietary while still pretending to follow a standard, use [OSI] [OID]'s which are often underspecified, so you can do pretty much whatever you want with things like [block] formatting and [padding|padded].

Another pitfall to be aware of is that [{$pagename}] which have no parameters have this specified as a [null] value rather than omitting the parameters field entirely.  The reason for this is that when the [1988|Year 1988] syntax for [AlgorithmIdentifier] was translated into the [1997|Year 1997] syntax, the [OPTIONAL] associated with the [AlgorithmIdentifier] parameters got lost.  Later it was recovered via a defect report, but by then everyone thought that [algorithm] parameters were mandatory.  Because of this the [algorithm] parameters should be specified as [null], regardless of what you read elsewhere.

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [4.1.1.2 Signature|https://tools.ietf.org/html/rfc5280#section-4.1.1.2|target='_blank'] - based on information obtained 2018-07-19 










































</pre>