Sravan, the AlgorithmIdentifier in the Certificate definition tells you which algorithms have been used to produce and to verifify the certificate signature. The AlgorithmIdentifier in the TBSCertificate tells you which algorithms to use applying the key included.
regards Thomas > -----Ursprungliche Nachricht----- > Von: Sravan [mailto:[EMAIL PROTECTED] > Gesendet: Mittwoch, 17. November 2004 12:33 > An: [EMAIL PROTECTED] > Betreff: doubt regd X509 Certificate > > > Hello all, > I have a doubt regd. the format of X509 Certificate. I know that this > doubt is not at all related to OpenSSL but I can't find any > other place > where in I can get good replies for the doubt. So, here is it... > > The syntax of an X509Certificate is as follows : > > Certificate ::= SEQUENCE { > tbsCertificate TBSCertificate, > signatureAlgorithm AlgorithmIdentifier, > signatureValue BIT STRING } > > And 'TBSCertificate' is defined as > > TBSCertificate ::= SEQUENCE { > version [0] EXPLICIT Version DEFAULT v1, > serialNumber CertificateSerialNumber, > signature AlgorithmIdentifier, > issuer Name, > validity Validity, > subject Name, > subjectPublicKeyInfo SubjectPublicKeyInfo, > issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, > -- If present, version MUST be v2 or v3 > subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, > -- If present, version MUST be v2 or v3 > extensions [3] EXPLICIT Extensions OPTIONAL > -- If present, version MUST be v3 > } > > My doubt is, why the signatureAlgorithmIdentifier appears > twice(both in > TBSCertificate as 'signature' & Certificate as 'signatureAlgorithm') > > Sravan > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]