Certificate algorithms

Certificate algorithms are cryptographic algorithms that describe the mathematical procedures that are used for creating key pairs and performing digital signature operations.

The Elliptic Curve Cryptographic (ECC) and RSA algorithms are the public key algorithms that are supported by DCM from which you can choose to generate the public-private key pair. The certificate contains information to specify which algorithm to use for the key. Certificates that contain an RSA public key are sometimes referred to as RSA certificates. Certificates that contain an ECC public key are referred to as ECDSA (Elliptic Curve Digital Signature Algorithm) certificates. DCM provides an option to select the public key algorithm to use when a certificate is created.

Note: ECC algorithms do not apply for certificates in the *SIGNING store or for user certificates. They are always RSA key pairs.

A public key algorithm along with a message digest algorithm describe the mathematical procedure for generating and verifying digital signatures. The certificate also contains information that specifies the public key algorithm and message digest algorithm that is used in creating that certificate's signature. DCM supports these message digest algorithms that are used in signature generation and verification: SHA1, SHA224, SHA256, SHA384, and SHA512. DCM also supports the MD2 and MD5 digest algorithm for signature verification only. DCM provides an option to select the message digest algorithm that is used together with the public key algorithm by the Local CA to sign certificates. This option is shown when a Local CA certificate is created.