Certificates - Differences between "Signature algorithm" and "Signature Hash Algorithm" RRS feed

  • Question

  • Can someone explain me the differences between the attributes in certificates issued by microsoft CA: Signature Algorithm and Signature Hash Algorithm.

    For example Signature Algorithm: SHA256RSA

    and Signature Hash Algorithm: SHA256

    Can someone explain aslo how they are used please and when ?

    Glenn Camilleri

    Thursday, September 24, 2015 7:25 AM


  • They are used to determine the signature algorithm and hash function used to sign the certificate. This information is used by certificate chaining engine to validate the signature of the certificate. Certificate chaining engine calculates a hash over a certificate (signed part). Hash method is selected from Signature Hash Algorithm field. Then certificate chaining engine decodes attached signature by using signature algorithm specified in the Signature Algorithm field and recovers signed hash. If both hashes match, then signature is valid, if they differ, the signature is considered invalid.

    Vadims Podāns, aka PowerShell CryptoGuy
    My weblog: www.sysadmins.lv
    PowerShell PKI Module: pspki.codeplex.com
    Check out new: SSL Certificate Verifier
    Check out new: PowerShell File Checksum Integrity Verifier tool.

    • Proposed as answer by Steven_Lee0510 Sunday, October 11, 2015 2:39 PM
    • Marked as answer by Steven_Lee0510 Sunday, October 11, 2015 11:23 PM
    Thursday, September 24, 2015 5:51 PM