I'm wondering why there are two Algorithm Identifiers in a X509 certificate. One is in the "to be signed" part and the other one is at the end right before the actual signature.
Are they used for the same purpose? Do they have to be the same? Can implementations choose which of these two fields they evaluate?
I'm assuming you're talking about these two fields:
signaturesignatureAlgorithmfollowing the names defined in RFC 5280 section 4.1. And section 4.1.1.2 then goes on to state (for signatureAlgorithm):
This field MUST contain the same algorithm identifier as the signature field in the sequence tbsCertificate (Section 4.1.2.3).
So, yes, they have to be the same.
