2

I'm confused about algorithm selection for Cryptographic Message Syntax (a.k.a. CMS, PKCS#7) signed objects (RFC5652 Section 5.1).

The SignerInfo structure (RFC5652 Section 5.3) has two separate algorithm identifier fields:

  • digestAlgorithm for the digest (hash) algorithm and its associated parameters, and
  • signatureAlgorithm for the signature algorithm and its associated parameters.

(This is in contrast to certificates (RFC5280), CRLs (RFC5280), and certification requests (RFC2986, RFC4211) which don't have a separate digest algorithm field.)

For the signatureAlgorithm field, you can choose rsaEncryption (RFC3370 Section 3.2), or you can choose a variant that itself specifies a digest algorithm, e.g., sha1WithRSAEncryption or md5WithRSAEncryption.

What is the relationship between the signature algorithm's digest algorithm and the digest algorithm specified in the digestAlgorithm field?

Specific sub-questions:

  • Suppose digestAlgorithm contains sha-1 (RFC3370 Section 2.1). Is there any difference between choosing rsaEncryption vs. sha1WithRSAEncryption for the signatureAlgorithm field?

  • What happens if I put sha-1 in digestAlgorithm but choose md5WithRSAEncryption for signatureAlgorithm?

Community
  • 1
Richard Hansen
  • 376
  • 3
  • 13

0 Answers0