1

I am a beginner to understand the digital signature and digital certificate mechanisms, how they work etc. A certificate contains users' identification information, the public key and the digital signature of CA that signed the certificate. So my question is that What content does CA sign and that is so to speak is digital signature I mean to say what is the information that CA signs by generating cryptographic hash function and then encrypting it using CA private key and sent to the server such that server can validate the digital signature by comparing and generating hash of the information. So the question is what information does CA signs?

user9261559
  • 35
  • 6

1 Answers1

0

See RFC5280 Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile

4.1.1.3 SignatureValue

The signatureValue field contains a digital signature computed upon the ASN.1 DER encoded tbsCertificate.

And

4.1.1.1 tbscertificate

The field contains the names of the subject and issuer, a public key associated with the subject, a validity period, and other associated information.

Community
  • 1
  • 1
pedrofb
  • 37,271
  • 5
  • 94
  • 142
  • thank you so much so can I say the CSR request generated, which has to be sent to the Certificate authority that CSR all information is signed and that would be the signature value? – user9261559 Oct 16 '19 at 15:11
  • No. They are different things. A CSR is a message to request a X509 Certificate to a CA. The CSR contains user's public key and is signed with user's private key. The certificate is signed with CA's private key. See https://stackoverflow.com/a/37898553/6371459 – pedrofb Oct 16 '19 at 16:29
  • If you want to summarize: the CA signs the full content of the certificate. – pedrofb Oct 16 '19 at 17:34
  • thank you so much for your answers last but not least , is this all the information that is signed i took details from above mentioned website. The sequence TBSCertificate contains information associated with the subject of the certificate and the CA that issued it. Every TBSCertificate contains the names of the subject and issuer, a public – user9261559 Oct 16 '19 at 21:11
  • And can I in the nutshell say that CA Signs the Identification information of the subject who requested for certificate along with subject public key? am I right? – user9261559 Oct 16 '19 at 21:12
  • Hi @user9261559, is your question answered? Do you need any other additional information about it? – pedrofb Oct 22 '19 at 12:33