+49 (0) 7245 919 581 info@eunetic.com
Login
  1. Home
  2. EuropeanSSL Knowledge Base
  3. EuropeanSSL CSR Generator
  4. What does key algorithm mean in relation to the generation of a CSR?
europeanSSL
Knowledge Base

What does key algorithm mean in relation to the generation of a CSR?

The key algorithm is a crucial component in the creation of a Certificate Signing Request (CSR). A CSR is a specially formatted and encrypted block of text that is created by an entity (for example, a website or a person) to obtain a digital certificate from a certification authority (CA). The key algorithm defines how the cryptographic key that secures the certificate is generated.


What is a signature procedure?

A signature procedure is a cryptographic process in which a digital signature is created and verified. This digital signature is used to guarantee the authenticity, integrity and origin of electronic data. Essentially, the digital signature is the digital equivalent of a handwritten signature or seal in the physical world.

Here are the basic steps involved in a signature process:

  • Generating a digital signature
    The sender of a document or message uses a cryptographic key to generate a unique digital signature. This key can be private and is used to create the signature, which can only be verified with the matching public key.
  • Attaching the signature to the data
    The digital signature is attached to the electronic data, be it an email, a file or any other form of digital content. The signature acts as proof of the authenticity of the sender and the integrity of the transmitted information.
  • Verification of the digital signature
    The recipient of the data uses the sender's public key to verify the digital signature. If the signature is successfully verified, the recipient can be sure that the data is unchanged and originates from the specified sender.

What is a digital signature in the context of SSL, S/MIME and code signing certificates?

An electronic signature in the context of SSL, S/MIME and code signing certificates refers to the use of digital signatures to ensure the authenticity, integrity and origin of electronic data in various application areas. It is used to create trust in digital interactions by authenticating the identity of the sender and ensuring that the transmitted data has not been tampered with. This helps to ensure the security and integrity of online communications and digital transactions. Here is a specific consideration for each of the use cases mentioned:

  • SSL certificates (Secure Sockets Layer)
    SSL certificates are used to encrypt data transmission between a web browser and a web server. They ensure the security of online transactions and protect against man-in-the-middle attacks. The SSL certificate contains a digital signature that is created by a trusted certification authority (CA). This signature confirms that the certificate is valid and that the website using the certificate is the actual owner.
  • S/MIME certificates (Secure/Multipurpose Internet Mail Extensions)
    S/MIME certificates are used to secure e-mails by enabling the encryption and digital signing of messages. When an e-mail is sent, the message is signed with the sender's private key. The recipient can verify the signature with the sender's public key and thus ensure that the email is authentic and unchanged.
  • Code signing certificates
    Code signing certificates are used to ensure that software and applications are authentic and have not been tampered with. When signing software code, a digital signature based on the code signing certificate is used. Users who download the software can verify the signature to ensure that the software comes from a trusted developer and has not been modified during the download.

What do the RSA, RSASSA-PSS and EdDSA (ED25519) methods mean?

These methods are different algorithms that are used to create cryptographic keys and digital signatures.

  • RSA (Rivest-Shamir-Adleman)
    A commonly used asymmetric encryption method used for SSL and code signing certificates.
  • RSASSA-PSS (RSA Signature Scheme with Appendix - Probabilistic Signature Scheme)
    A special signature method that is based on RSA and offers improved security features. Often used for SSL certificates.
  • EdDSA (Edwards-curve Digital Signature Algorithm) with the Curve ED25519
    A modern algorithm for digital signatures. Increasingly popular for its efficiency and security in various applications, including SSL and code signing.

What are RSA, RSASSA-PSS and EdDSA (ED25519) used for?

The RSA, RSASSA-PSS and EdDSA (ED25519) algorithms are cryptographic key algorithms used in various contexts for securing digital information. Here are the main applications for each of these algorithms:

  • RSA (Rivest-Shamir-Adleman)
    RSA is commonly used for encrypting data transmissions between web browsers and web servers, especially for secure online transactions. The algorithm is also used for digital signatures in various applications such as code signing certificates, S/MIME certificates and other electronic signatures. RSA is based on the difficulty of factoring large numbers and provides both encryption and signature functionalities.
  • RSASSA-PSS (RSA Signature Scheme with Appendix - Probabilistic Signature Scheme)
    RSASSA-PSS is a special signature method that is based on the RSA algorithm and offers improved security features. Frequently used for digital signatures, especially in SSL/TLS certificates. Since 2018, this algorithm has also been mandatory for the communication of EDIFACT data between participants in the electricity/gas market. The algorithm offers improved security compared to older RSA signature methods by using probabilistic techniques for signature generation. 
  • EdDSA (Edwards-curve Digital Signature Algorithm) with the curve ED25519
    EdDSA, especially in the variant ED25519, is used for digital signatures and is gaining popularity due to its efficiency and security. Commonly used in various applications such as SSL/TLS certificates, code signing and other cryptographic protocols. EdDSA is based on elliptic curves and offers high security while consuming fewer resources compared to older algorithms such as RSA.

The choice between these algorithms often depends on the specific requirements of an application, including security level, speed requirements and resource constraints. More recently, many experts tend to favor EdDSA, especially ED25519, due to its modern security features and efficiency.

Back to the index...
Was this article helpful?
No Yes
We use cookies for the technical functionality of this website. With your consent, we also collect page views and other statistical data in anonymized form.

Only required
Accept all
Select individually
Cookie Settings
Read Privacy Statement