[Top] [All Lists]

[smime] CMS signed object algorithm selection question

2015-05-20 12:49:29
Hi all,

Is this the right place to ask a question about the Cryptographic
Message Syntax signed object spec (RFC5652 Section 5)?  (I'm interested
in understanding the RFC author's intentions, not what implementations
currently do.)

I am reviewing draft-ietf-sidr-rfc6485bis for the sidr working group and
am confused about SignerInfo algorithm selection, specifically the
relationship between the digestAlgorithm and signatureAlgorithm fields.

RFC3370 defines the digest algorithm OIDs sha-1 and md5.  It also
defines the signature algorithm OIDs rsaEncryption,
sha1WithRSAEncryption, and md5WithRSAEncryption.  This leads me to wonder:

  * Suppose digestAlgorithm contains sha-1. Is there any functional
    difference between choosing rsaEncryption vs. sha1WithRSAEncryption
    for the signatureAlgorithm field?

  * What happens if I put sha-1 in digestAlgorithm but choose
    md5WithRSAEncryption for signatureAlgorithm?

  * In general, what is the relationship between the digest algorithm
    associated with the chosen signatureAlgorithm and the chosen


smime mailing list