Mentre leggevo alcune parti della specifica X.509 ho trovato la firma aggiunta due volte - prima in AttributeCertificate
come signatureAlgorithm
e la seconda in AttributeCertificateInfo
come signature
. Potresti spiegarmi perché? Lo stesso vale per i campi dei certificati di base.
signature:
This field MUST contain the same algorithm identifier as the signatureAlgorithm field in the sequence Certificate
AttributeCertificate ::= SEQUENCE {
acinfo AttributeCertificateInfo,
signatureAlgorithm AlgorithmIdentifier,
signatureValue BIT STRING
}
AttributeCertificateInfo ::= SEQUENCE {
version AttCertVersion, -- version is v2
holder Holder,
issuer AttCertIssuer,
signature AlgorithmIdentifier,
serialNumber CertificateSerialNumber,
attrCertValidityPeriod AttCertValidityPeriod,
attributes SEQUENCE OF Attribute,
issuerUniqueID UniqueIdentifier OPTIONAL,
extensions Extensions OPTIONAL
}