summary refs log tree commit diff
path: root/crypto/test/src
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@gmail.com>2022-06-22 14:25:40 +0700
committerPeter Dettman <peter.dettman@gmail.com>2022-06-22 14:25:40 +0700
commitd2c5b877bf9dad0ef9b393af2c17a6445780f0c4 (patch)
treeb95ffdebbb8dcfc175530d9281baa1b77b035e9b /crypto/test/src
parentObsoleteAttribute cleanup (diff)
downloadBouncyCastle.NET-ed25519-d2c5b877bf9dad0ef9b393af2c17a6445780f0c4.tar.xz
ObsoleteAttribute cleanup
Diffstat (limited to 'crypto/test/src')
-rw-r--r--crypto/test/src/cmp/test/ProtectedMessageTest.cs3
-rw-r--r--crypto/test/src/cms/test/CMSTestUtil.cs111
-rw-r--r--crypto/test/src/ocsp/test/OCSPTestUtil.cs9
-rw-r--r--crypto/test/src/pkcs/examples/PKCS12Example.cs23
-rw-r--r--crypto/test/src/pkcs/test/PKCS12StoreTest.cs7
-rw-r--r--crypto/test/src/security/test/TestDotNetUtil.cs6
-rw-r--r--crypto/test/src/test/AttrCertSelectorTest.cs4
-rw-r--r--crypto/test/src/test/AttrCertTest.cs15
-rw-r--r--crypto/test/src/test/CertTest.cs58
-rw-r--r--crypto/test/src/test/ECEncodingTest.cs5
-rw-r--r--crypto/test/src/test/GOST3410Test.cs13
-rw-r--r--crypto/test/src/test/PkixPolicyMappingTest.cs13
-rw-r--r--crypto/test/src/test/TestUtilities.cs45
-rw-r--r--crypto/test/src/tsp/test/TSPTestUtil.cs7
-rw-r--r--crypto/test/src/x509/test/TestCertificateGen.cs23
15 files changed, 137 insertions, 205 deletions
diff --git a/crypto/test/src/cmp/test/ProtectedMessageTest.cs b/crypto/test/src/cmp/test/ProtectedMessageTest.cs
index 22e4b1c85..d28984af6 100644
--- a/crypto/test/src/cmp/test/ProtectedMessageTest.cs
+++ b/crypto/test/src/cmp/test/ProtectedMessageTest.cs
@@ -402,9 +402,8 @@ namespace Org.BouncyCastle.Cmp.Tests
             }
 
             certGen.SetPublicKey(PublicKey);
-            certGen.SetSignatureAlgorithm(SignatureAlgorithm);
 
-            return certGen.Generate(privateKey);
+            return certGen.Generate(new Asn1SignatureFactory(SignatureAlgorithm, privateKey, null));
         }
     }
 }
diff --git a/crypto/test/src/cms/test/CMSTestUtil.cs b/crypto/test/src/cms/test/CMSTestUtil.cs
index ca94959d7..242d7e8cf 100644
--- a/crypto/test/src/cms/test/CMSTestUtil.cs
+++ b/crypto/test/src/cms/test/CMSTestUtil.cs
@@ -6,6 +6,7 @@ using System.Text;
 using Org.BouncyCastle.Asn1.CryptoPro;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Crypto.Operators;
 using Org.BouncyCastle.Crypto.Parameters;
 using Org.BouncyCastle.Math;
 using Org.BouncyCastle.Security;
@@ -19,7 +20,8 @@ namespace Org.BouncyCastle.Cms.Tests
 {
 	public class CmsTestUtil
 	{
-		public static SecureRandom rand;
+		public static readonly SecureRandom Random = new SecureRandom();
+
 		private static IAsymmetricCipherKeyPairGenerator kpg;
 		private static IAsymmetricCipherKeyPairGenerator gostKpg;
 		private static IAsymmetricCipherKeyPairGenerator dsaKpg;
@@ -85,7 +87,7 @@ namespace Org.BouncyCastle.Cms.Tests
 				{
 					kpg = GeneratorUtilities.GetKeyPairGenerator("RSA");
 					kpg.Init(new RsaKeyGenerationParameters(
-						BigInteger.ValueOf(17), rand, 1024, 25));
+						BigInteger.ValueOf(17), Random, 1024, 25));
 				}
 
 				return kpg;
@@ -101,7 +103,7 @@ namespace Org.BouncyCastle.Cms.Tests
 					gostKpg = GeneratorUtilities.GetKeyPairGenerator("GOST3410");
 					gostKpg.Init(
 						new Gost3410KeyGenerationParameters(
-							rand,
+							Random,
 							CryptoProObjectIdentifiers.GostR3410x94CryptoProA));
 				}
 
@@ -120,7 +122,7 @@ namespace Org.BouncyCastle.Cms.Tests
 						new BigInteger("1138656671590261728308283492178581223478058193247"),
 						new BigInteger("4182906737723181805517018315469082619513954319976782448649747742951189003482834321192692620856488639629011570381138542789803819092529658402611668375788410"));
 					dsaKpg = GeneratorUtilities.GetKeyPairGenerator("DSA");
-					dsaKpg.Init(new DsaKeyGenerationParameters(rand, dsaSpec));
+					dsaKpg.Init(new DsaKeyGenerationParameters(Random, dsaSpec));
 				}
 
 				return dsaKpg;
@@ -151,7 +153,7 @@ namespace Org.BouncyCastle.Cms.Tests
 				if (ecDsaKpg == null)
 				{
 					ecDsaKpg = GeneratorUtilities.GetKeyPairGenerator("ECDSA");
-					ecDsaKpg.Init(new KeyGenerationParameters(rand, 239));
+					ecDsaKpg.Init(new KeyGenerationParameters(Random, 239));
 				}
 
 				return ecDsaKpg;
@@ -162,25 +164,23 @@ namespace Org.BouncyCastle.Cms.Tests
 		{
 		    try
 		    {
-		        rand = new SecureRandom();
-
 				aes192kg = GeneratorUtilities.GetKeyGenerator("AES");
-				aes192kg.Init(new KeyGenerationParameters(rand, 192));
+				aes192kg.Init(new KeyGenerationParameters(Random, 192));
 
 		        desede128kg = GeneratorUtilities.GetKeyGenerator("DESEDE");
-				desede128kg.Init(new KeyGenerationParameters(rand, 112));
+				desede128kg.Init(new KeyGenerationParameters(Random, 112));
 
 				desede192kg = GeneratorUtilities.GetKeyGenerator("DESEDE");
-				desede192kg.Init(new KeyGenerationParameters(rand, 168));
+				desede192kg.Init(new KeyGenerationParameters(Random, 168));
 
 				rc240kg = GeneratorUtilities.GetKeyGenerator("RC2");
-				rc240kg.Init(new KeyGenerationParameters(rand, 40));
+				rc240kg.Init(new KeyGenerationParameters(Random, 40));
 
 				rc264kg = GeneratorUtilities.GetKeyGenerator("RC2");
-				rc264kg.Init(new KeyGenerationParameters(rand, 64));
+				rc264kg.Init(new KeyGenerationParameters(Random, 64));
 
 				rc2128kg = GeneratorUtilities.GetKeyGenerator("RC2");
-				rc2128kg.Init(new KeyGenerationParameters(rand, 128));
+				rc2128kg.Init(new KeyGenerationParameters(Random, 128));
 
 				aesKg = GeneratorUtilities.GetKeyGenerator("AES");
 
@@ -291,7 +291,7 @@ namespace Org.BouncyCastle.Cms.Tests
 		public static KeyParameter MakeAesKey(
 			int keySize)
 		{
-			aesKg.Init(new KeyGenerationParameters(rand, keySize));
+			aesKg.Init(new KeyGenerationParameters(Random, keySize));
 
 			return ParameterUtilities.CreateKeyParameter("AES", aesKg.GenerateKey());
 		}
@@ -299,7 +299,7 @@ namespace Org.BouncyCastle.Cms.Tests
 		public static KeyParameter MakeCamelliaKey(
 			int keySize)
 		{
-			camelliaKg.Init(new KeyGenerationParameters(rand, keySize));
+			camelliaKg.Init(new KeyGenerationParameters(Random, keySize));
 
 			return ParameterUtilities.CreateKeyParameter("CAMELLIA", camelliaKg.GenerateKey());
 		}
@@ -323,8 +323,10 @@ namespace Org.BouncyCastle.Cms.Tests
 			AsymmetricKeyParameter issPriv = issKP.Private;
 			AsymmetricKeyParameter issPub = issKP.Public;
 
-			X509V1CertificateGenerator v1CertGen = new X509V1CertificateGenerator();
+			string signatureAlgorithm = GetSignatureAlgorithm(issPub);
+			ISignatureFactory signatureFactory = new Asn1SignatureFactory(signatureAlgorithm, issPriv, Random);
 
+			X509V1CertificateGenerator v1CertGen = new X509V1CertificateGenerator();
 			v1CertGen.Reset();
 			v1CertGen.SetSerialNumber(AllocateSerialNumber());
 			v1CertGen.SetIssuerDN(new X509Name(_issDN));
@@ -332,33 +334,7 @@ namespace Org.BouncyCastle.Cms.Tests
 			v1CertGen.SetNotAfter(DateTime.UtcNow.AddDays(100));
 			v1CertGen.SetSubjectDN(new X509Name(_subDN));
 			v1CertGen.SetPublicKey(subPub);
-
-			if (issPub is RsaKeyParameters)
-			{
-				v1CertGen.SetSignatureAlgorithm("SHA1WithRSA");
-			}
-			else if (issPub is DsaPublicKeyParameters)
-			{
-				v1CertGen.SetSignatureAlgorithm("SHA1withDSA");
-			}
-			else if (issPub is ECPublicKeyParameters)
-			{
-				ECPublicKeyParameters ecPub = (ECPublicKeyParameters)issPub;
-				if (ecPub.AlgorithmName == "ECGOST3410")
-				{
-					v1CertGen.SetSignatureAlgorithm("GOST3411withECGOST3410");
-				}
-				else
-				{
-					v1CertGen.SetSignatureAlgorithm("SHA1withECDSA");
-				}	
-			}
-			else
-			{
-				v1CertGen.SetSignatureAlgorithm("GOST3411WithGOST3410");
-			}
-
-			X509Certificate _cert = v1CertGen.Generate(issPriv);
+			X509Certificate _cert = v1CertGen.Generate(signatureFactory);
 
 			_cert.CheckValidity(DateTime.UtcNow);
 			_cert.Verify(issPub);
@@ -374,8 +350,10 @@ namespace Org.BouncyCastle.Cms.Tests
 			AsymmetricKeyParameter issPriv = issKP.Private;
 			AsymmetricKeyParameter issPub = issKP.Public;
 
-			X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
+			string signatureAlgorithm = GetSignatureAlgorithm(issPub);
+			ISignatureFactory signatureFactory = new Asn1SignatureFactory(signatureAlgorithm, issPriv, Random);
 
+			X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
 			v3CertGen.Reset();
 			v3CertGen.SetSerialNumber(AllocateSerialNumber());
 			v3CertGen.SetIssuerDN(new X509Name(_issDN));
@@ -384,27 +362,6 @@ namespace Org.BouncyCastle.Cms.Tests
 			v3CertGen.SetSubjectDN(new X509Name(_subDN));
 			v3CertGen.SetPublicKey(subPub);
 
-			if (issPub is RsaKeyParameters)
-			{
-				v3CertGen.SetSignatureAlgorithm("SHA1WithRSA");
-			}
-			else if (issPub is ECPublicKeyParameters)
-			{
-				ECPublicKeyParameters ecPub = (ECPublicKeyParameters) issPub;
-				if (ecPub.AlgorithmName == "ECGOST3410")
-				{
-					v3CertGen.SetSignatureAlgorithm("GOST3411withECGOST3410");
-				}
-				else
-				{
-					v3CertGen.SetSignatureAlgorithm("SHA1withECDSA");
-				}
-			}
-			else
-			{
-				v3CertGen.SetSignatureAlgorithm("GOST3411WithGOST3410");
-			}
-
 			v3CertGen.AddExtension(
 				X509Extensions.SubjectKeyIdentifier,
 				false,
@@ -420,7 +377,7 @@ namespace Org.BouncyCastle.Cms.Tests
 				false,
 				new BasicConstraints(_ca));
 
-			X509Certificate _cert = v3CertGen.Generate(issPriv);
+			X509Certificate _cert = v3CertGen.Generate(signatureFactory);
 
 			_cert.CheckValidity();
 			_cert.Verify(issPub);
@@ -438,20 +395,36 @@ namespace Org.BouncyCastle.Cms.Tests
 
 			crlGen.SetThisUpdate(now);
 			crlGen.SetNextUpdate(now.AddSeconds(100));
-			crlGen.SetSignatureAlgorithm("SHA256WithRSAEncryption");
 
 			crlGen.AddCrlEntry(BigInteger.One, now, CrlReason.PrivilegeWithdrawn);
 
 			crlGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.Public));
 
-			return crlGen.Generate(pair.Private);
+			return crlGen.Generate(new Asn1SignatureFactory("SHA256WithRSAEncryption", pair.Private, null));
 		}
 
-		/*
+        /*
 		*
 		*  INTERNAL METHODS
 		*
 		*/
+
+        internal static string GetSignatureAlgorithm(AsymmetricKeyParameter publicKey)
+        {
+            if (publicKey is RsaKeyParameters)
+                return "SHA1WithRSA";
+
+            if (publicKey is DsaPublicKeyParameters)
+                return "SHA1withDSA";
+
+            if (publicKey is ECPublicKeyParameters ecPub)
+            {
+                return ecPub.AlgorithmName == "ECGOST3410" ? "GOST3411withECGOST3410" : "SHA1withECDSA";
+            }
+
+            return "GOST3411WithGOST3410";
+        }
+
         internal static IX509Store MakeAttrCertStore(params IX509AttributeCertificate[] attrCerts)
         {
             IList attrCertList = new ArrayList();
diff --git a/crypto/test/src/ocsp/test/OCSPTestUtil.cs b/crypto/test/src/ocsp/test/OCSPTestUtil.cs
index 53b8f5bb9..c36c3163f 100644
--- a/crypto/test/src/ocsp/test/OCSPTestUtil.cs
+++ b/crypto/test/src/ocsp/test/OCSPTestUtil.cs
@@ -1,10 +1,8 @@
 using System;
 
-using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.X509;
-using Org.BouncyCastle.Asn1.X9;
 using Org.BouncyCastle.Crypto;
-using Org.BouncyCastle.Crypto.Generators;
+using Org.BouncyCastle.Crypto.Operators;
 using Org.BouncyCastle.Crypto.Parameters;
 using Org.BouncyCastle.Math;
 using Org.BouncyCastle.Security;
@@ -98,7 +96,6 @@ namespace Org.BouncyCastle.Ocsp.Tests
 			_v3CertGen.SetNotAfter(DateTime.UtcNow.AddDays(100));
 			_v3CertGen.SetSubjectDN(new X509Name(_subDN));
 			_v3CertGen.SetPublicKey(_subPub);
-			_v3CertGen.SetSignatureAlgorithm(algorithm);
 
 			_v3CertGen.AddExtension(X509Extensions.SubjectKeyIdentifier, false,
 				createSubjectKeyId(_subPub));
@@ -109,9 +106,9 @@ namespace Org.BouncyCastle.Ocsp.Tests
 			_v3CertGen.AddExtension(X509Extensions.BasicConstraints, false,
 				new BasicConstraints(_ca));
 
-			X509Certificate _cert = _v3CertGen.Generate(_issPriv);
+            X509Certificate _cert = _v3CertGen.Generate(new Asn1SignatureFactory(algorithm, _issPriv, null));
 
-			_cert.CheckValidity(DateTime.UtcNow);
+            _cert.CheckValidity(DateTime.UtcNow);
 			_cert.Verify(_issPub);
 
 			return _cert;
diff --git a/crypto/test/src/pkcs/examples/PKCS12Example.cs b/crypto/test/src/pkcs/examples/PKCS12Example.cs
index 002e14c38..06247bc3f 100644
--- a/crypto/test/src/pkcs/examples/PKCS12Example.cs
+++ b/crypto/test/src/pkcs/examples/PKCS12Example.cs
@@ -6,10 +6,10 @@ using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Pkcs;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Crypto.Operators;
 using Org.BouncyCastle.Crypto.Parameters;
 using Org.BouncyCastle.Math;
 using Org.BouncyCastle.Security;
-using Org.BouncyCastle.Utilities.Date;
 using Org.BouncyCastle.X509;
 using Org.BouncyCastle.X509.Extension;
 
@@ -26,9 +26,6 @@ namespace Org.BouncyCastle.Pkcs.Examples
 	{
 		private static readonly char[] passwd = "hello world".ToCharArray();
 
-		private static readonly X509V1CertificateGenerator v1CertGen = new X509V1CertificateGenerator();
-		private static readonly X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
-
 		/**
 		* we generate the CA's certificate
 		*/
@@ -49,16 +46,16 @@ namespace Org.BouncyCastle.Pkcs.Examples
 			//
 			// create the certificate - version 1
 			//
+			ISignatureFactory signatureFactory = new Asn1SignatureFactory("SHA1WithRSAEncryption", privKey, null);
 
+			X509V1CertificateGenerator v1CertGen = new X509V1CertificateGenerator();
 			v1CertGen.SetSerialNumber(BigInteger.One);
 			v1CertGen.SetIssuerDN(new X509Name(issuer));
 			v1CertGen.SetNotBefore(DateTime.UtcNow.AddMonths(-1));
 			v1CertGen.SetNotAfter(DateTime.UtcNow.AddMonths(1));
 			v1CertGen.SetSubjectDN(new X509Name(subject));
 			v1CertGen.SetPublicKey(pubKey);
-			v1CertGen.SetSignatureAlgorithm("SHA1WithRSAEncryption");
-
-			X509Certificate cert = v1CertGen.Generate(privKey);
+			X509Certificate cert = v1CertGen.Generate(signatureFactory);
 
 			cert.CheckValidity(DateTime.UtcNow);
 
@@ -107,15 +104,13 @@ namespace Org.BouncyCastle.Pkcs.Examples
 			//
 			// create the certificate - version 3
 			//
-			v3CertGen.Reset();
-
+			X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
 			v3CertGen.SetSerialNumber(BigInteger.Two);
 			v3CertGen.SetIssuerDN(PrincipalUtilities.GetSubjectX509Principal(caCert));
 			v3CertGen.SetNotBefore(DateTime.UtcNow.AddMonths(-1));
 			v3CertGen.SetNotAfter(DateTime.UtcNow.AddMonths(1));
 			v3CertGen.SetSubjectDN(new X509Name(order, attrs));
 			v3CertGen.SetPublicKey(pubKey);
-			v3CertGen.SetSignatureAlgorithm("SHA1WithRSAEncryption");
 
 			//
 			// extensions
@@ -135,7 +130,7 @@ namespace Org.BouncyCastle.Pkcs.Examples
 				true,
 				new BasicConstraints(0));
 
-			X509Certificate cert = v3CertGen.Generate(caPrivKey);
+			X509Certificate cert = v3CertGen.Generate(new Asn1SignatureFactory("SHA1WithRSAEncryption", caPrivKey, null));
 
 			cert.CheckValidity(DateTime.UtcNow);
 
@@ -202,15 +197,13 @@ namespace Org.BouncyCastle.Pkcs.Examples
 			//
 			// create the certificate - version 3
 			//
-			v3CertGen.Reset();
-
+			X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
 			v3CertGen.SetSerialNumber(BigInteger.Three);
 			v3CertGen.SetIssuerDN(new X509Name(sOrder, sAttrs));
 			v3CertGen.SetNotBefore(DateTime.UtcNow.AddMonths(-1));
 			v3CertGen.SetNotAfter(DateTime.UtcNow.AddMonths(1));
 			v3CertGen.SetSubjectDN(new X509Name(order, attrs));
 			v3CertGen.SetPublicKey(pubKey);
-			v3CertGen.SetSignatureAlgorithm("SHA1WithRSAEncryption");
 
 			//
 			// add the extensions
@@ -225,7 +218,7 @@ namespace Org.BouncyCastle.Pkcs.Examples
 				false,
 				new AuthorityKeyIdentifierStructure(caPubKey));
 
-			X509Certificate cert = v3CertGen.Generate(caPrivKey);
+			X509Certificate cert = v3CertGen.Generate(new Asn1SignatureFactory("SHA1WithRSAEncryption", caPrivKey, null));
 
 			cert.CheckValidity(DateTime.UtcNow);
 
diff --git a/crypto/test/src/pkcs/test/PKCS12StoreTest.cs b/crypto/test/src/pkcs/test/PKCS12StoreTest.cs
index 1b49a5d02..884fd7449 100644
--- a/crypto/test/src/pkcs/test/PKCS12StoreTest.cs
+++ b/crypto/test/src/pkcs/test/PKCS12StoreTest.cs
@@ -8,9 +8,9 @@ using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Pkcs;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Crypto.Operators;
 using Org.BouncyCastle.Crypto.Parameters;
 using Org.BouncyCastle.Math;
-using Org.BouncyCastle.Pkcs;
 using Org.BouncyCastle.Security;
 using Org.BouncyCastle.Utilities.Encoders;
 using Org.BouncyCastle.Utilities.Test;
@@ -897,9 +897,10 @@ namespace Org.BouncyCastle.Pkcs.Tests
 			certGen.SetNotAfter(DateTime.UtcNow.AddDays(30));
 			certGen.SetSubjectDN(new X509Name(order, subjectAttrs));
 			certGen.SetPublicKey(pubKey);
-			certGen.SetSignatureAlgorithm("MD5WithRSAEncryption");
 
-			return new X509CertificateEntry(certGen.Generate(privKey));
+			ISignatureFactory signatureFactory = new Asn1SignatureFactory("MD5WithRSAEncryption", privKey, null);
+			X509Certificate cert = certGen.Generate(signatureFactory);
+			return new X509CertificateEntry(cert);
 		}
 
         private void DoTestCertsOnly()
diff --git a/crypto/test/src/security/test/TestDotNetUtil.cs b/crypto/test/src/security/test/TestDotNetUtil.cs
index 062eada0e..899af016c 100644
--- a/crypto/test/src/security/test/TestDotNetUtil.cs
+++ b/crypto/test/src/security/test/TestDotNetUtil.cs
@@ -9,6 +9,7 @@ using NUnit.Framework;
 
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Crypto.Operators;
 using Org.BouncyCastle.Crypto.Parameters;
 using Org.BouncyCastle.Math;
 using Org.BouncyCastle.Utilities.Encoders;
@@ -66,11 +67,10 @@ namespace Org.BouncyCastle.Security.Tests
 			certGen.SetNotAfter(DateTime.UtcNow.AddDays(1));
 			certGen.SetSubjectDN(new X509Name(ord, attrs));
 			certGen.SetPublicKey(dsaPub);
-			certGen.SetSignatureAlgorithm("SHA1WITHDSA");
 
-			X509Certificate cert = certGen.Generate(dsaPriv);
+            X509Certificate cert = certGen.Generate(new Asn1SignatureFactory("SHA1WITHDSA", dsaPriv, null));
 
-			cert.CheckValidity();
+            cert.CheckValidity();
 			cert.Verify(dsaPub);
 
 			SystemX509.X509Certificate dotNetCert = DotNetUtilities.ToX509Certificate(cert);
diff --git a/crypto/test/src/test/AttrCertSelectorTest.cs b/crypto/test/src/test/AttrCertSelectorTest.cs
index 37c1e66d2..dfd4295e2 100644
--- a/crypto/test/src/test/AttrCertSelectorTest.cs
+++ b/crypto/test/src/test/AttrCertSelectorTest.cs
@@ -5,6 +5,7 @@ using NUnit.Framework;
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Crypto.Operators;
 using Org.BouncyCastle.Crypto.Parameters;
 using Org.BouncyCastle.Math;
 using Org.BouncyCastle.Utilities.Date;
@@ -110,7 +111,6 @@ namespace Org.BouncyCastle.Tests
 			gen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
 			gen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
 			gen.SetSerialNumber(BigInteger.One);
-			gen.SetSignatureAlgorithm("SHA1WithRSAEncryption");
 
 			Target targetName = new Target(
 				Target.Choice.Name,
@@ -125,7 +125,7 @@ namespace Org.BouncyCastle.Tests
 			TargetInformation targetInformation = new TargetInformation(targets);
 			gen.AddExtension(X509Extensions.TargetInformation.Id, true, targetInformation);
 
-			return gen.Generate(privKey);
+			return gen.Generate(new Asn1SignatureFactory("SHA1WithRSAEncryption", privKey, null));
 		}
 
 		[Test]
diff --git a/crypto/test/src/test/AttrCertTest.cs b/crypto/test/src/test/AttrCertTest.cs
index d701d007e..f57f67fad 100644
--- a/crypto/test/src/test/AttrCertTest.cs
+++ b/crypto/test/src/test/AttrCertTest.cs
@@ -6,9 +6,9 @@ using NUnit.Framework;
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Crypto.Operators;
 using Org.BouncyCastle.Crypto.Parameters;
 using Org.BouncyCastle.Math;
-using Org.BouncyCastle.Security;
 using Org.BouncyCastle.Utilities.Collections;
 using Org.BouncyCastle.Utilities.Encoders;
 using Org.BouncyCastle.Utilities.Test;
@@ -270,9 +270,9 @@ namespace Org.BouncyCastle.Tests
 			gen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
 			gen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
 			gen.SetSerialNumber(BigInteger.One);
-			gen.SetSignatureAlgorithm("SHA1WithRSAEncryption");
 
-			IX509AttributeCertificate aCert = gen.Generate(privKey);
+			IX509AttributeCertificate aCert = gen.Generate(
+				new Asn1SignatureFactory("SHA1WithRSAEncryption", privKey, null));
 
 			aCert.CheckValidity();
 
@@ -378,9 +378,9 @@ namespace Org.BouncyCastle.Tests
 			gen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
 			gen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
 			gen.SetSerialNumber(BigInteger.One);
-			gen.SetSignatureAlgorithm("SHA1WithRSAEncryption");
 
-			IX509AttributeCertificate aCert = gen.Generate(privKey);
+			IX509AttributeCertificate aCert = gen.Generate(
+				new Asn1SignatureFactory("SHA1WithRSAEncryption", privKey, null));
 
 			aCert.CheckValidity();
 
@@ -499,9 +499,8 @@ namespace Org.BouncyCastle.Tests
 			gen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
 			gen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
 			gen.SetSerialNumber(aCert.SerialNumber);
-			gen.SetSignatureAlgorithm("SHA1WithRSAEncryption");
 
-			aCert = gen.Generate(privKey);
+			aCert = gen.Generate(new Asn1SignatureFactory("SHA1WithRSAEncryption", privKey, null));
 
 			aCert.CheckValidity();
 
@@ -575,7 +574,7 @@ namespace Org.BouncyCastle.Tests
 
 			gen.AddExtension("2.2", false, new DerOctetString(new byte[20]));
 
-			aCert = gen.Generate(privKey);
+			aCert = gen.Generate(new Asn1SignatureFactory("SHA1WithRSAEncryption", privKey, null));
 
 			ISet exts = aCert.GetCriticalExtensionOids();
 
diff --git a/crypto/test/src/test/CertTest.cs b/crypto/test/src/test/CertTest.cs
index d83b67f8c..e0f97a61f 100644
--- a/crypto/test/src/test/CertTest.cs
+++ b/crypto/test/src/test/CertTest.cs
@@ -12,6 +12,7 @@ using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Asn1.X9;
 using Org.BouncyCastle.Crypto;
 using Org.BouncyCastle.Crypto.Generators;
+using Org.BouncyCastle.Crypto.Operators;
 using Org.BouncyCastle.Crypto.Parameters;
 using Org.BouncyCastle.Math;
 using Org.BouncyCastle.Math.EC;
@@ -1164,9 +1165,8 @@ namespace Org.BouncyCastle.Tests
             certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
             certGen.SetSubjectDN(new X509Name(ord, values));
             certGen.SetPublicKey(pubKey);
-            certGen.SetSignatureAlgorithm("SHA256WithRSAEncryption");
 
-            X509Certificate cert = certGen.Generate(privKey);
+            X509Certificate cert = certGen.Generate(new Asn1SignatureFactory("SHA256WithRSAEncryption", privKey, null));
 
             cert.CheckValidity(DateTime.UtcNow);
 
@@ -1194,7 +1194,6 @@ namespace Org.BouncyCastle.Tests
             certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
             certGen.SetSubjectDN(new X509Name(ord, values));
             certGen.SetPublicKey(pubKey);
-            certGen.SetSignatureAlgorithm("MD5WithRSAEncryption");
             certGen.AddExtension("2.5.29.15", true,
                 new X509KeyUsage(X509KeyUsage.EncipherOnly));
             certGen.AddExtension("2.5.29.37", true,
@@ -1202,7 +1201,7 @@ namespace Org.BouncyCastle.Tests
             certGen.AddExtension("2.5.29.17", true,
                 new GeneralNames(new GeneralName(GeneralName.Rfc822Name, "test@test.test")));
 
-            cert = certGen.Generate(privKey);
+            cert = certGen.Generate(new Asn1SignatureFactory("MD5WithRSAEncryption", privKey, null));
 
             cert.CheckValidity(DateTime.UtcNow);
 
@@ -1242,9 +1241,7 @@ namespace Org.BouncyCastle.Tests
             certGen1.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
             certGen1.SetSubjectDN(new X509Name(ord, values));
             certGen1.SetPublicKey(pubKey);
-            certGen1.SetSignatureAlgorithm("MD5WithRSAEncryption");
-
-            cert = certGen1.Generate(privKey);
+            cert = certGen1.Generate(new Asn1SignatureFactory("MD5WithRSAEncryption", privKey, null));
 
             cert.CheckValidity(DateTime.UtcNow);
 
@@ -1322,11 +1319,10 @@ namespace Org.BouncyCastle.Tests
             certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
             certGen.SetSubjectDN(new X509Name(ord, values));
             certGen.SetPublicKey(pubKey);
-            certGen.SetSignatureAlgorithm("SHA1withDSA");
 
             try
             {
-                X509Certificate cert = certGen.Generate(privKey);
+                X509Certificate cert = certGen.Generate(new Asn1SignatureFactory("SHA1withDSA", privKey, null));
 
                 cert.CheckValidity(DateTime.UtcNow);
 
@@ -1352,11 +1348,10 @@ namespace Org.BouncyCastle.Tests
             certGen1.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
             certGen1.SetSubjectDN(new X509Name(ord, values));
             certGen1.SetPublicKey(pubKey);
-            certGen1.SetSignatureAlgorithm("SHA1withDSA");
 
             try
             {
-                X509Certificate cert = certGen1.Generate(privKey);
+                X509Certificate cert = certGen1.Generate(new Asn1SignatureFactory("SHA1withDSA", privKey, null));
 
                 cert.CheckValidity(DateTime.UtcNow);
 
@@ -1465,11 +1460,10 @@ namespace Org.BouncyCastle.Tests
             certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
             certGen.SetSubjectDN(new X509Name(order, attrs));
             certGen.SetPublicKey(pubKey);
-            certGen.SetSignatureAlgorithm("SHA1withECDSA");
 
             try
             {
-                X509Certificate cert = certGen.Generate(privKey);
+                X509Certificate cert = certGen.Generate(new Asn1SignatureFactory("SHA1withECDSA", privKey, null));
 
                 cert.CheckValidity(DateTime.UtcNow);
 
@@ -1490,7 +1484,7 @@ namespace Org.BouncyCastle.Tests
 
                 certGen.SetPublicKey(pubKey);
 
-                cert = certGen.Generate(privKey);
+                cert = certGen.Generate(new Asn1SignatureFactory("SHA1withECDSA", privKey, null));
 
                 cert.CheckValidity(DateTime.UtcNow);
 
@@ -1583,10 +1577,8 @@ namespace Org.BouncyCastle.Tests
             certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
             certGen.SetSubjectDN(new X509Name(order, attrs));
             certGen.SetPublicKey(pubKey);
-            certGen.SetSignatureAlgorithm(algorithm);
-
 
-            X509Certificate cert = certGen.Generate(privKey);
+            X509Certificate cert = certGen.Generate(new Asn1SignatureFactory(algorithm, privKey, null));
 
             cert.CheckValidity(DateTime.UtcNow);
 
@@ -1607,7 +1599,7 @@ namespace Org.BouncyCastle.Tests
 
             certGen.SetPublicKey(pubKey);
 
-            cert = certGen.Generate(privKey);
+            cert = certGen.Generate(new Asn1SignatureFactory(algorithm, privKey, null));
 
             cert.CheckValidity(DateTime.UtcNow);
 
@@ -1673,14 +1665,13 @@ namespace Org.BouncyCastle.Tests
 
             crlGen.SetThisUpdate(now);
             crlGen.SetNextUpdate(now.AddSeconds(100));
-            crlGen.SetSignatureAlgorithm("SHA256WithRSAEncryption");
 
             crlGen.AddCrlEntry(BigInteger.One, now, CrlReason.PrivilegeWithdrawn);
 
             crlGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false,
                 new AuthorityKeyIdentifierStructure(pair.Public));
 
-            X509Crl crl = crlGen.Generate(pair.Private);
+            X509Crl crl = crlGen.Generate(new Asn1SignatureFactory("SHA256WithRSAEncryption", pair.Private, null));
 
             if (!crl.IssuerDN.Equivalent(new X509Name("CN=Test CA"), true))
             {
@@ -1745,7 +1736,6 @@ namespace Org.BouncyCastle.Tests
 
             crlGen.SetThisUpdate(now);
             crlGen.SetNextUpdate(now.AddSeconds(100));
-            crlGen.SetSignatureAlgorithm("SHA256WithRSAEncryption");
 
             IList extOids = new ArrayList();
             IList extValues = new ArrayList();
@@ -1768,7 +1758,7 @@ namespace Org.BouncyCastle.Tests
 
             crlGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.Public));
 
-            X509Crl crl = crlGen.Generate(pair.Private);
+            X509Crl crl = crlGen.Generate(new Asn1SignatureFactory("SHA256WithRSAEncryption", pair.Private, null));
 
             if (!crl.IssuerDN.Equivalent(new X509Name("CN=Test CA"), true))
             {
@@ -1833,7 +1823,6 @@ namespace Org.BouncyCastle.Tests
 
             crlGen.SetThisUpdate(now);
             crlGen.SetNextUpdate(now.AddSeconds(100));
-            crlGen.SetSignatureAlgorithm("SHA256WithRSAEncryption");
 
             IList extOids = new ArrayList();
             IList extValues = new ArrayList();
@@ -1856,7 +1845,7 @@ namespace Org.BouncyCastle.Tests
 
             crlGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.Public));
 
-            X509Crl crl = crlGen.Generate(pair.Private);
+            X509Crl crl = crlGen.Generate(new Asn1SignatureFactory("SHA256WithRSAEncryption", pair.Private, null));
 
             if (!crl.IssuerDN.Equivalent(new X509Name("CN=Test CA"), true))
             {
@@ -1915,7 +1904,6 @@ namespace Org.BouncyCastle.Tests
 
             crlGen.SetThisUpdate(now);
             crlGen.SetNextUpdate(now.AddSeconds(100));
-            crlGen.SetSignatureAlgorithm("SHA256WithRSAEncryption");
 
             crlGen.AddCrl(crl);
 
@@ -1923,7 +1911,7 @@ namespace Org.BouncyCastle.Tests
 
             crlGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.Public));
 
-            X509Crl newCrl = crlGen.Generate(pair.Private);
+            X509Crl newCrl = crlGen.Generate(new Asn1SignatureFactory("SHA256WithRSAEncryption", pair.Private, null));
 
             int count = 0;
             bool oneFound = false;
@@ -2043,9 +2031,8 @@ namespace Org.BouncyCastle.Tests
             certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
             certGen.SetSubjectDN(new X509Name(order, attrs));
             certGen.SetPublicKey(pubKey);
-            certGen.SetSignatureAlgorithm("GOST3411withGOST3410");
 
-            X509Certificate cert = certGen.Generate(privKey);
+            X509Certificate cert = certGen.Generate(new Asn1SignatureFactory("GOST3411withGOST3410", privKey, null));
 
             cert.CheckValidity(DateTime.UtcNow);
 
@@ -2127,7 +2114,6 @@ namespace Org.BouncyCastle.Tests
             certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
             certGen.SetSubjectDN(new X509Name(ord, values));
             certGen.SetPublicKey(pubKey);
-            certGen.SetSignatureAlgorithm("MD5WithRSAEncryption");
             certGen.AddExtension("2.5.29.15", true,
                 new X509KeyUsage(X509KeyUsage.EncipherOnly));
             certGen.AddExtension("2.5.29.37", true,
@@ -2135,7 +2121,8 @@ namespace Org.BouncyCastle.Tests
             certGen.AddExtension("2.5.29.17", true,
                 new GeneralNames(new GeneralName(GeneralName.Rfc822Name, "test@test.test")));
 
-            X509Certificate baseCert = certGen.Generate(privKey);
+            X509Certificate baseCert = certGen.Generate(
+                new Asn1SignatureFactory("MD5WithRSAEncryption", privKey, null));
 
             //
             // copy certificate
@@ -2148,12 +2135,11 @@ namespace Org.BouncyCastle.Tests
             certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
             certGen.SetSubjectDN(new X509Name(ord, values));
             certGen.SetPublicKey(pubKey);
-            certGen.SetSignatureAlgorithm("MD5WithRSAEncryption");
 
             certGen.CopyAndAddExtension(new DerObjectIdentifier("2.5.29.15"), true, baseCert);
             certGen.CopyAndAddExtension("2.5.29.37", false, baseCert);
 
-            X509Certificate cert = certGen.Generate(privKey);
+            X509Certificate cert = certGen.Generate(new Asn1SignatureFactory("MD5WithRSAEncryption", privKey, null));
 
             cert.CheckValidity(DateTime.UtcNow);
 
@@ -2189,7 +2175,7 @@ namespace Org.BouncyCastle.Tests
             {
                 certGen.SetPublicKey(dudPublicKey);
 
-                certGen.Generate(privKey);
+                certGen.Generate(new Asn1SignatureFactory("MD5WithRSAEncryption", privKey, null));
 
                 Fail("key without encoding not detected in v3");
             }
@@ -2390,7 +2376,6 @@ namespace Org.BouncyCastle.Tests
             certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
             certGen.SetSubjectDN(new X509Name(ord, values));
             certGen.SetPublicKey(pubKey);
-            certGen.SetSignatureAlgorithm(algorithm);
             certGen.AddExtension("2.5.29.15", true,
             new X509KeyUsage(X509KeyUsage.EncipherOnly));
             certGen.AddExtension("2.5.29.37", true,
@@ -2398,7 +2383,7 @@ namespace Org.BouncyCastle.Tests
             certGen.AddExtension("2.5.29.17", true,
             new GeneralNames(new GeneralName(GeneralName.Rfc822Name, "test@test.test")));
 
-            X509Certificate baseCert = certGen.Generate(privKey);
+            X509Certificate baseCert = certGen.Generate(new Asn1SignatureFactory(algorithm, privKey, null));
 
             baseCert.Verify(pubKey);
         }
@@ -2457,8 +2442,7 @@ namespace Org.BouncyCastle.Tests
             certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
             certGen.SetSubjectDN(new X509Name("CN=Test"));
             certGen.SetPublicKey(pubKey);
-            certGen.SetSignatureAlgorithm("MD5WithRSAEncryption");
-            X509Certificate cert = certGen.Generate(privKey);
+            X509Certificate cert = certGen.Generate(new Asn1SignatureFactory("MD5WithRSAEncryption", privKey, null));
 
             X509CertificateStructure certStruct = X509CertificateStructure.GetInstance(
                 Asn1Object.FromByteArray(cert.GetEncoded()));
diff --git a/crypto/test/src/test/ECEncodingTest.cs b/crypto/test/src/test/ECEncodingTest.cs
index 8d993c15e..ff9fb7aa2 100644
--- a/crypto/test/src/test/ECEncodingTest.cs
+++ b/crypto/test/src/test/ECEncodingTest.cs
@@ -1,5 +1,4 @@
 using System;
-using System.IO;
 
 using NUnit.Framework;
 
@@ -7,6 +6,7 @@ using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Asn1.X9;
 using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Crypto.Operators;
 using Org.BouncyCastle.Crypto.Parameters;
 using Org.BouncyCastle.Math;
 using Org.BouncyCastle.Math.EC;
@@ -204,7 +204,6 @@ namespace Org.BouncyCastle.Tests
 				pubECKey = SetPublicUncompressed(pubECKey);
 			}
 
-			certGen.SetSignatureAlgorithm("ECDSAwithSHA1");
 			certGen.SetSerialNumber(BigInteger.One);
 			certGen.SetIssuerDN(new X509Name("CN=Software emul (EC Cert)"));
 			certGen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
@@ -212,7 +211,7 @@ namespace Org.BouncyCastle.Tests
 			certGen.SetSubjectDN(new X509Name("CN=Software emul (EC Cert)"));
 			certGen.SetPublicKey(pubECKey);
 
-			return certGen.Generate(privECKey);
+			return certGen.Generate(new Asn1SignatureFactory("ECDSAwithSHA1", privECKey, null));
 		}
 
 		private ECPublicKeyParameters SetPublicUncompressed(
diff --git a/crypto/test/src/test/GOST3410Test.cs b/crypto/test/src/test/GOST3410Test.cs
index 03dcf3144..fc439c4ee 100644
--- a/crypto/test/src/test/GOST3410Test.cs
+++ b/crypto/test/src/test/GOST3410Test.cs
@@ -6,6 +6,7 @@ using NUnit.Framework;
 using Org.BouncyCastle.Asn1.CryptoPro;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Crypto.Operators;
 using Org.BouncyCastle.Crypto.Parameters;
 using Org.BouncyCastle.Math;
 using Org.BouncyCastle.Math.EC;
@@ -260,16 +261,14 @@ namespace Org.BouncyCastle.Tests
             certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
             certGen.SetSubjectDN(new X509Name("CN=Test"));
             certGen.SetPublicKey(vKey);
-            certGen.SetSignatureAlgorithm("GOST3411withGOST3410");
-    
-            X509Certificate cert = certGen.Generate(sKey);
+
+            X509Certificate cert = certGen.Generate(new Asn1SignatureFactory("GOST3411withGOST3410", sKey, null));
             X509CertificateEntry certEntry = new X509CertificateEntry(cert);
 
-//	        ks.SetKeyEntry("gost", sKey, "gost".ToCharArray(), new X509Certificate[] { cert });
-            ks.SetKeyEntry("gost", new AsymmetricKeyEntry(sKey), new X509CertificateEntry[] { certEntry });
-    
+            ks.SetKeyEntry("gost", new AsymmetricKeyEntry(sKey), new X509CertificateEntry[]{ certEntry });
+
             MemoryStream bOut = new MemoryStream();
-    
+
             ks.Save(bOut, "gost".ToCharArray(), new SecureRandom());
     
 //	        ks = KeyStore.getInstance("JKS");
diff --git a/crypto/test/src/test/PkixPolicyMappingTest.cs b/crypto/test/src/test/PkixPolicyMappingTest.cs
index 47e2c3120..24fe4e006 100644
--- a/crypto/test/src/test/PkixPolicyMappingTest.cs
+++ b/crypto/test/src/test/PkixPolicyMappingTest.cs
@@ -6,6 +6,7 @@ using NUnit.Framework;
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Crypto.Operators;
 using Org.BouncyCastle.Crypto.Parameters;
 using Org.BouncyCastle.Math;
 using Org.BouncyCastle.Pkix;
@@ -41,9 +42,7 @@ namespace Org.BouncyCastle.Tests
 			v3CertGen.SetNotAfter(DateTime.UtcNow.AddDays(30));
 			v3CertGen.SetSubjectDN(new X509Name(subject));
 			v3CertGen.SetPublicKey(pubKey);
-			v3CertGen.SetSignatureAlgorithm("SHA1WithRSAEncryption");
-			X509Certificate cert = v3CertGen.Generate(privKey);
-			return cert;
+			return v3CertGen.Generate(new Asn1SignatureFactory("SHA1WithRSAEncryption", privKey, null));
 		}
 
 		/**
@@ -65,12 +64,10 @@ namespace Org.BouncyCastle.Tests
 			v3CertGen.SetNotAfter(DateTime.UtcNow.AddDays(30));
 			v3CertGen.SetSubjectDN(new X509Name(subject));
 			v3CertGen.SetPublicKey(pubKey);
-			v3CertGen.SetSignatureAlgorithm("SHA1WithRSAEncryption");
 			v3CertGen.AddExtension(X509Extensions.CertificatePolicies, true, new DerSequence(policies));
 			v3CertGen.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true));
 			v3CertGen.AddExtension(X509Extensions.PolicyMappings, true, new PolicyMappings(policyMap));
-			X509Certificate cert = v3CertGen.Generate(caPrivKey);
-			return cert;
+			return v3CertGen.Generate(new Asn1SignatureFactory("SHA1WithRSAEncryption", caPrivKey, null));
 		}
 
 		/**
@@ -91,10 +88,8 @@ namespace Org.BouncyCastle.Tests
 			v3CertGen.SetNotAfter(DateTime.UtcNow.AddDays(30));
 			v3CertGen.SetSubjectDN(new X509Name(subject));
 			v3CertGen.SetPublicKey(pubKey);
-			v3CertGen.SetSignatureAlgorithm("SHA1WithRSAEncryption");
 			v3CertGen.AddExtension(X509Extensions.CertificatePolicies, true, new DerSequence(policies));
-			X509Certificate cert = v3CertGen.Generate(caPrivKey);
-			return cert;
+			return v3CertGen.Generate(new Asn1SignatureFactory("SHA1WithRSAEncryption", caPrivKey, null));
 		}
 
 		private string TestPolicies(
diff --git a/crypto/test/src/test/TestUtilities.cs b/crypto/test/src/test/TestUtilities.cs
index a79421207..63ca87873 100644
--- a/crypto/test/src/test/TestUtilities.cs
+++ b/crypto/test/src/test/TestUtilities.cs
@@ -1,9 +1,9 @@
 using System;
-using System.Diagnostics;
 
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Crypto.Operators;
 using Org.BouncyCastle.Math;
 using Org.BouncyCastle.Security;
 using Org.BouncyCastle.Security.Certificates;
@@ -30,23 +30,22 @@ namespace Org.BouncyCastle.Tests
 			return kpGen.GenerateKeyPair();
 		}
 
-		public static X509Certificate GenerateRootCert(
-			AsymmetricCipherKeyPair pair)
-		{
-			X509V1CertificateGenerator  certGen = new X509V1CertificateGenerator();
-
-			certGen.SetSerialNumber(BigInteger.One);
-			certGen.SetIssuerDN(new X509Name("CN=Test CA Certificate"));
-			certGen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
-			certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
-			certGen.SetSubjectDN(new X509Name("CN=Test CA Certificate"));
-			certGen.SetPublicKey(pair.Public);
-			certGen.SetSignatureAlgorithm("SHA256WithRSAEncryption");
-
-			return certGen.Generate(pair.Private);
-		}
-
-		public static X509Certificate GenerateIntermediateCert(
+        public static X509Certificate GenerateRootCert(
+            AsymmetricCipherKeyPair pair)
+        {
+            Asn1SignatureFactory signatureFactory = new Asn1SignatureFactory("SHA256WithRSAEncryption", pair.Private, null);
+
+            X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
+            certGen.SetSerialNumber(BigInteger.One);
+            certGen.SetIssuerDN(new X509Name("CN=Test CA Certificate"));
+            certGen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
+            certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
+            certGen.SetSubjectDN(new X509Name("CN=Test CA Certificate"));
+            certGen.SetPublicKey(pair.Public);
+            return certGen.Generate(signatureFactory);
+        }
+
+        public static X509Certificate GenerateIntermediateCert(
 			AsymmetricKeyParameter	intKey,
 			AsymmetricKeyParameter	caKey,
 			X509Certificate			caCert)
@@ -59,14 +58,13 @@ namespace Org.BouncyCastle.Tests
 			certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
 			certGen.SetSubjectDN(new X509Name("CN=Test Intermediate Certificate"));
 			certGen.SetPublicKey(intKey);
-			certGen.SetSignatureAlgorithm("SHA256WithRSAEncryption");
 
 			certGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert));
 			certGen.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(intKey));
 			certGen.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(0));
 			certGen.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyCertSign | KeyUsage.CrlSign));
 
-			return certGen.Generate(caKey);
+			return certGen.Generate(new Asn1SignatureFactory("SHA256WithRSAEncryption", caKey, null));
 		}
 
 		public static X509Certificate GenerateEndEntityCert(
@@ -82,14 +80,13 @@ namespace Org.BouncyCastle.Tests
 			certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
 			certGen.SetSubjectDN(new X509Name("CN=Test End Certificate"));
 			certGen.SetPublicKey(entityKey);
-			certGen.SetSignatureAlgorithm("SHA256WithRSAEncryption");
 
 			certGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert));
 			certGen.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(entityKey));
 			certGen.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
 			certGen.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyEncipherment));
 
-			return certGen.Generate(caKey);
+			return certGen.Generate(new Asn1SignatureFactory("SHA256WithRSAEncryption", caKey, null));
 		}
 
 		public static X509Crl CreateCrl(
@@ -99,20 +96,18 @@ namespace Org.BouncyCastle.Tests
 		{
 			X509V2CrlGenerator	crlGen = new X509V2CrlGenerator();
 			DateTime			now = DateTime.UtcNow;
-//			BigInteger			revokedSerialNumber = BigInteger.Two;
 
 			crlGen.SetIssuerDN(PrincipalUtilities.GetSubjectX509Principal(caCert));
 
 			crlGen.SetThisUpdate(now);
 			crlGen.SetNextUpdate(now.AddSeconds(100));
-			crlGen.SetSignatureAlgorithm("SHA256WithRSAEncryption");
 
 			crlGen.AddCrlEntry(serialNumber, now, CrlReason.PrivilegeWithdrawn);
 
 			crlGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert));
 			crlGen.AddExtension(X509Extensions.CrlNumber, false, new CrlNumber(BigInteger.One));
 
-			return crlGen.Generate(caKey);
+			return crlGen.Generate(new Asn1SignatureFactory("SHA256WithRSAEncryption", caKey, null));
 		}
 
 		public static X509Certificate CreateExceptionCertificate(
diff --git a/crypto/test/src/tsp/test/TSPTestUtil.cs b/crypto/test/src/tsp/test/TSPTestUtil.cs
index c8c6a63c0..20eb7e228 100644
--- a/crypto/test/src/tsp/test/TSPTestUtil.cs
+++ b/crypto/test/src/tsp/test/TSPTestUtil.cs
@@ -12,6 +12,7 @@ using Org.BouncyCastle.Asn1.TeleTrust;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Asn1.X9;
 using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Crypto.Operators;
 using Org.BouncyCastle.Crypto.Parameters;
 using Org.BouncyCastle.Math;
 using Org.BouncyCastle.Security;
@@ -350,7 +351,6 @@ namespace Org.BouncyCastle.Tsp.Tests
 			_v3CertGen.SetNotAfter(DateTime.UtcNow.AddDays(100));
 			_v3CertGen.SetSubjectDN(new X509Name(_subDN));
 			_v3CertGen.SetPublicKey(_subPub);
-			_v3CertGen.SetSignatureAlgorithm("MD5WithRSAEncryption");
 
 			_v3CertGen.AddExtension(X509Extensions.SubjectKeyIdentifier, false,
 					createSubjectKeyId(_subPub));
@@ -369,9 +369,10 @@ namespace Org.BouncyCastle.Tsp.Tests
 					ExtendedKeyUsage.GetInstance(new DerSequence(KeyPurposeID.IdKPTimeStamping)));
 			}
 
-			X509Certificate _cert = _v3CertGen.Generate(_issPriv);
+            X509Certificate _cert = _v3CertGen.Generate(
+				new Asn1SignatureFactory("MD5WithRSAEncryption", _issPriv, null));
 
-			_cert.CheckValidity(DateTime.UtcNow);
+            _cert.CheckValidity(DateTime.UtcNow);
 			_cert.Verify(_issPub);
 
 			return _cert;
diff --git a/crypto/test/src/x509/test/TestCertificateGen.cs b/crypto/test/src/x509/test/TestCertificateGen.cs
index 491f6d312..33ddc26c0 100644
--- a/crypto/test/src/x509/test/TestCertificateGen.cs
+++ b/crypto/test/src/x509/test/TestCertificateGen.cs
@@ -1,12 +1,12 @@
 using System;
 using System.Collections;
-using System.Text;
 
 using NUnit.Framework;
 
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Asn1.X9;
 using Org.BouncyCastle.Crypto.Digests;
+using Org.BouncyCastle.Crypto.Operators;
 using Org.BouncyCastle.Crypto.Parameters;
 using Org.BouncyCastle.Crypto.Signers;
 using Org.BouncyCastle.Math;
@@ -104,12 +104,11 @@ namespace Org.BouncyCastle.X509.Tests
 			certGen.SetNotAfter(DateTime.UtcNow.AddDays(1));
             certGen.SetSubjectDN(new X509Name(ord, attrs));
             certGen.SetPublicKey(rsaPublic);
-            certGen.SetSignatureAlgorithm("MD5WithRSAEncryption");
 
-			X509Certificate cert = certGen.Generate(rsaPrivate);
+            X509Certificate cert = certGen.Generate(new Asn1SignatureFactory("MD5WithRSAEncryption", rsaPrivate, null));
 
-//			Assert.IsTrue((cert.IsValidNow && cert.Verify(rsaPublic)),"Certificate failed to be valid (RSA)");
-			cert.CheckValidity();
+            //Assert.IsTrue((cert.IsValidNow && cert.Verify(rsaPublic)),"Certificate failed to be valid (RSA)");
+            cert.CheckValidity();
 			cert.Verify(rsaPublic);
 
 			//Console.WriteLine(ASN1Dump.DumpAsString(cert.ToAsn1Object()));
@@ -181,12 +180,11 @@ namespace Org.BouncyCastle.X509.Tests
 			certGen.SetNotAfter(DateTime.UtcNow.AddDays(1));
             certGen.SetSubjectDN(new X509Name(ord, attrs));
             certGen.SetPublicKey(dsaPub);
-            certGen.SetSignatureAlgorithm("SHA1WITHDSA");
 
-            X509Certificate cert = certGen.Generate(dsaPriv);
+            X509Certificate cert = certGen.Generate(new Asn1SignatureFactory("SHA1WITHDSA", dsaPriv, null));
 
-//			Assert.IsTrue((cert.IsValidNow && cert.Verify(dsaPub)), "Certificate failed to be valid (DSA Test)");
-			cert.CheckValidity();
+            //Assert.IsTrue((cert.IsValidNow && cert.Verify(dsaPub)), "Certificate failed to be valid (DSA Test)");
+            cert.CheckValidity();
 			cert.Verify(dsaPub);
 
             //ISet dummySet = cert.GetNonCriticalExtensionOids();
@@ -262,14 +260,13 @@ namespace Org.BouncyCastle.X509.Tests
             certGen.SetNotAfter(DateTime.UtcNow.AddDays(1));
             certGen.SetSubjectDN(new X509Name(ord, attrs));
             certGen.SetPublicKey(ecPub);
-            certGen.SetSignatureAlgorithm("SHA1WITHECDSA");
 
             certGen.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
 
-            X509Certificate cert = certGen.Generate(ecPriv);
+            X509Certificate cert = certGen.Generate(new Asn1SignatureFactory("SHA1WITHECDSA", ecPriv, null));
 
-//            Assert.IsTrue((cert.IsValidNow && cert.Verify(ecPub)), "Certificate failed to be valid (ECDSA)");
-			cert.CheckValidity();
+            //Assert.IsTrue((cert.IsValidNow && cert.Verify(ecPub)), "Certificate failed to be valid (ECDSA)");
+            cert.CheckValidity();
 			cert.Verify(ecPub);
 
             ISet extOidSet = cert.GetCriticalExtensionOids();