1

Using pfx certificate to sign or cypher, the algorithm used (rsa-1_5, rsa-oaep-mgf1p, etc) is defined inside pfx certificate?

Certificate has information about algorithms used?

Or it's totally defined by software that uses these certificate?

1 Answers1

1

If I understand your question properly you are asking whether when a certificate (and private key) is used to sign or encrypt data, does that certificate contain the allowed algorithms for that signing or encrypting? The answer is not really.

Outside the specific type of public-key crypto implemented in the certs (usually RSA), you can integrate them with just about any type of encryption or digital signing algorithms. If you want to use AES to encrypt data you can do that and use the cert public key to encrypt the AES key. If you want to digitally sign a document you can use SHA-256 to hash the document and use your cert private key to encrypt the SHA-256 hash.

These algorithms can be just about anything you chose as long as any software intended to process the encrypted or signed documents is compatible.

If, instead, you're talking about the algorithm used to sign the certificate by the issuing CA, then yes, that is listed in the certificate.

PwdRsch
  • 8,361
  • 1
  • 28
  • 35
  • 1
    please don't use the term encryption for digital signatures. http://security.stackexchange.com/questions/87325/if-the-public-key-cant-be-used-for-decrypting-something-encrypted-by-the-privat/87373#87373 – Z.T. Aug 26 '15 at 20:45