6
votes

A X509 Digital Certificate signed by a CA contains these two amongst other fields. 1. Signature Algorithm 2. Signature Value I understand that the "Signature Algorithm" field contains the hash algorithm that was used by the CA to sign the certificate. And the "Signature Value" is the signature computed on the hash. My question is what is the data that is hashed ? Is it the public key that is part of the CSR(Certificate Signing Request) or the entire CSR?

1

1 Answers

7
votes

It is neither the public key on its own, nor the CSR that was used to request the certificate, that forms the signature input. According to RFC 5280 - Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile:

The signatureValue field contains a digital signature computed upon the ASN.1 DER encoded tbsCertificate. The ASN.1 DER encoded tbsCertificate is used as the input to the signature function.

The syntax of tbsCertificate (tbs = to be signed) is:

TBSCertificate  ::=  SEQUENCE  {
     version         [0]  EXPLICIT Version DEFAULT v1,
     serialNumber         CertificateSerialNumber,
     signature            AlgorithmIdentifier,
     issuer               Name,
     validity             Validity,
     subject              Name,
     subjectPublicKeyInfo SubjectPublicKeyInfo,
     issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
                          -- If present, version MUST be v2 or v3
     subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
                          -- If present, version MUST be v2 or v3
     extensions      [3]  EXPLICIT Extensions OPTIONAL
                          -- If present, version MUST be v3
     }

The DER encoding of this structure is the data over which the signature is computed.