I have a doubt regd. the format of X509 Certificate. I know that this doubt is not at all related to OpenSSL but I can't find any other place where in I can get good replies for the doubt. So, here is it...
The syntax of an X509Certificate is as follows :
Certificate ::= SEQUENCE {
tbsCertificate TBSCertificate,
signatureAlgorithm AlgorithmIdentifier,
signatureValue BIT STRING }And 'TBSCertificate' is defined as
TBSCertificate ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
serialNumber CertificateSerialNumber,
signature AlgorithmIdentifier,
issuer Name,
validity Validity,
subject Name,
subjectPublicKeyInfo SubjectPublicKeyInfo,
issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version MUST be v2 or v3
subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version MUST be v2 or v3
extensions [3] EXPLICIT Extensions OPTIONAL
-- If present, version MUST be v3
}My doubt is, why the signatureAlgorithmIdentifier appears twice(both in TBSCertificate as 'signature' & Certificate as 'signatureAlgorithm')
Sravan
smime.p7s
Description: S/MIME Cryptographic Signature
