pkix-1----Page:5
1 2 3 4 5
|
Algorithm Agility Current certificate reference: ESSCertID ::= SEQUENCE { certHash Hash, issuerSerial IssuerSerial OPTIONAL } Hash ::= OCTET STRING -- SHA1 hash of -- entire certificate IssuerSerial ::= SEQUENCE { issuer GeneralNames, serialNumber CertificateSerialNumber } Alternative 1: AltCertID ::= SEQUENCE { certHash Hash, issuerSerial IssuerSerial OPTIONAL hashAlgorithm AlgorithmIdentifier DEFAULT { sha-1 } } Alternative 2 (from RFC 3126): OtherCertID ::= SEQUENCE { otherCertHash OtherHash, issuerSerial IssuerSerial OPTIONAL } OtherHash ::= CHOICE { sha1Hash OtherHashValue, -- This contains a SHA-1 hash otherHash OtherHashAlgAndValue } OtherHashValue ::= OCTET STRING OtherHashAlgAndValue ::= SEQUENCE { hashAlgorithm AlgorithmIdentifier, hashValue OtherHashValue } |