The default signing hash algorithm for certain certificates has changed. SIGNALG is a new parameter on the GENCERT command that allows the user to specify the algorithm that they wish to use.
Valid values for SIGNALG are SHA1 and SHA256. For RSA certificates with key size 2048 or larger, the default is SHA256. Otherwise, the default is SHA1.
Note the following:
The following table indicates the default signing algorithm used when SIGNALG is not specified.
|
Signing Algorithm |
Keysize (in bit) of Signing Certificate |
||
|---|---|---|---|
|
RSA |
NISTECC |
BPECC |
|
|
SHA-1 |
Less than 2048 |
|
|
|
SHA-256 |
2048 or more |
192, 224 |
160, 192, 224 |
|
SHA-256 |
|
256 |
256, 320 |
|
SHA-384 |
|
384 |
384 |
|
SHA-512 |
|
521 |
512 |
Note: For more information about this enhancement, see the Command Functions Guide.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|