Robert Relyea wrote:
Because the CA's key determines the size and characteristic of it's signature. An RSA 1024 bit key can only produce RSA 1024-bit signature (not an RSA 2048, or a DSA, or ECDSA signature). NOTE, I did not say the subordinates' key size had to match the CA, only the signature on that subordinate must match the CA's key.
Right...
This is not true of the Hashing algorithm, which is (relatively) independent of the CA's key. If the (self-signed) CA is signed using SHA1, that doesn't prevent the CA from signing it's subordinate Certs with SHA-256....the previous message wasn't that clear, so I misunderstood. Thanks for the clarification.
-- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: [EMAIL PROTECTED] Phone: +1.213.341.0390
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
