Enveloped digital signature algorithm applied to Rivest, Shamir and Adleman (RSA) encrypted or signed content
View at oid-info.com
More information can be found in Recommendation ITU-T X.509 | ISO/IEC 9594-8 (2001) "Directory: Public-key and attribute certificate frameworks".
Defect report: (Email from Hoyt Kesterson, 21 March 2003) In the 1st edition of Rec. ITU-T X.509 (1988), an OID was assigned to the RSA encryption algorithm (2.5.8.1.1). However, the Public-Key Cryptography Standards (PKCS) #1 specification assigned a different OID to the RSA encryption algorithm (1.2.840.113549.1.1.1). The signature process defined by the use of the OID in the Rec. ITU-T X.509 Annex does not describe how to properly format the data, compute the message digest or otherwise process the signature beyond the basic mathematics of the RSA algorithm whereas the PKCS specification does. The PKCS#1 OID is the one that industry has adopted and profiled (e.g. in IETF RFC 3279, IETF RFC 3370) and there is a risk of interoperability problems if the Rec. ITU-T X.509-defined OID is used.
The defect report proposes that the algorithm specification be deprecated.
The specification in the annex was written to jump-start the creation of algorithm OIDs and to specify a signature mechanism using a hash algorithm we removed from the standard long ago. The other definitions in the annex have already been deprecated. We should really remove all these definitions and indicated that the OID values are reserved.
This Defect Report should have been resolved in a Draft Technical Corrigendum (DTC) to be circulated for approval.
rsa OBJECT IDENTIFIER ::= {encryptionAlgorithm 1}