20

What's the difference between the "Signature Algorithm" and the "Signature Hash Algorithm" found in an X.509 certificate? Why does it need a "Signature Hash Algorithm"?

enter image description here

Edit:

I'm creating the X.509 cert with PHP 5.2. When I change the 'digest_alg' to 'md5', both properties of the Microsoft Cert Tool changes to md5. So, as mentioned in one answer below, it seems to be an issue/invention of the Microsoft Cert Tool.

Change to md5:

           $configs = array(
                            'config'             => 'test.cnf',
                            'digest_alg'         => 'md5',
                            'x509_extensions'    => 'v3_ca',
                            'req_extensions'     => 'v3_req',
                            'private_key_bits'   => 2048,
                            'private_key_type'   => OPENSSL_KEYTYPE_RSA,
                            'encrypt_key'        =>
                        );

Result:

enter image description here

SEJPM
  • 46,697
  • 9
  • 103
  • 214
HomeCoder
  • 343
  • 1
  • 2
  • 9

2 Answers2

12

This has more to do with how Microsoft decided to implemented their certificate inspection GUI, than about the actual fields of the certificate. Most signature algorithm identifiers present in contemporary certificates specify both the public key algorithm (RSA in this case) and the digest algorithm (SHA-1 in this case). The identifier "sha1RSA" is most likely inaccurate in so far that Microsoft has decided to use it for an identifier that is known as sha1WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 5 } in the standard.

The only semi-common standard signature algorithm I am aware of that actually separates the public key algorithm identifier from the digest algorithm identifier in the signature algorithm identifier of certificates, is PKCS#1 v2 RSASSA-PSS.

Edit:

Consequently, Microsoft follows conventions and the X.509 specification by letting "signature algorithm" mean a combination of a signature public key algorithm and signature hash algorithm, but, firstly, the identifiers they use for these combinations are non standard, and, secondly, adding a signature hash algorithm field is in most cases superfluous and doesn't usually reflect the actual X.509 format.

Community
  • 1
Henrick Hellström
  • 10,556
  • 1
  • 32
  • 59
6

I believe the SignatureAlgorithm is the algorithm used to sign the content using the private key, while the SignatureHashAlgorithm is used to hash the content before signing (so as to not sign as much data, which is a relatively slow process). In this case, it's easy enough to figure out that the SignatureHashAlgorithm is SHA1 because it's in the name of the SignatureAlgorithm, but I imagine there are cases where that isn't true.

mfsiega
  • 363
  • 2
  • 7