summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--crypto/src/math/ec/ECCurve.cs87
-rw-r--r--crypto/src/math/ec/ECFieldElement.cs74
-rw-r--r--crypto/src/pkcs/PKCS12StoreBuilder.cs3
-rw-r--r--crypto/src/pkcs/Pkcs12Store.cs40
-rw-r--r--crypto/src/security/SignerUtilities.cs2
-rw-r--r--crypto/src/x509/X509V1CertificateGenerator.cs69
-rw-r--r--crypto/src/x509/X509V2AttributeCertificateGenerator.cs54
-rw-r--r--crypto/src/x509/X509V2CRLGenerator.cs55
-rw-r--r--crypto/src/x509/X509V3CertificateGenerator.cs55
-rw-r--r--crypto/test/src/cmp/test/ProtectedMessageTest.cs3
-rw-r--r--crypto/test/src/cms/test/CMSTestUtil.cs111
-rw-r--r--crypto/test/src/ocsp/test/OCSPTestUtil.cs9
-rw-r--r--crypto/test/src/pkcs/examples/PKCS12Example.cs23
-rw-r--r--crypto/test/src/pkcs/test/PKCS12StoreTest.cs7
-rw-r--r--crypto/test/src/security/test/TestDotNetUtil.cs6
-rw-r--r--crypto/test/src/test/AttrCertSelectorTest.cs4
-rw-r--r--crypto/test/src/test/AttrCertTest.cs15
-rw-r--r--crypto/test/src/test/CertTest.cs58
-rw-r--r--crypto/test/src/test/ECEncodingTest.cs5
-rw-r--r--crypto/test/src/test/GOST3410Test.cs13
-rw-r--r--crypto/test/src/test/PkixPolicyMappingTest.cs13
-rw-r--r--crypto/test/src/test/TestUtilities.cs45
-rw-r--r--crypto/test/src/tsp/test/TSPTestUtil.cs7
-rw-r--r--crypto/test/src/x509/test/TestCertificateGen.cs23
24 files changed, 176 insertions, 605 deletions
diff --git a/crypto/src/math/ec/ECCurve.cs b/crypto/src/math/ec/ECCurve.cs
index c0e27a449..52d634cd2 100644
--- a/crypto/src/math/ec/ECCurve.cs
+++ b/crypto/src/math/ec/ECCurve.cs
@@ -721,13 +721,8 @@ namespace Org.BouncyCastle.Math.EC
             this.m_coord = FP_DEFAULT_COORDS;
         }
 
-        [Obsolete("Use constructor taking order/cofactor")]
-        protected FpCurve(BigInteger q, BigInteger r, ECFieldElement a, ECFieldElement b)
-            : this(q, r, a, b, null, null)
-        {
-        }
-
-        protected FpCurve(BigInteger q, BigInteger r, ECFieldElement a, ECFieldElement b, BigInteger order, BigInteger cofactor)
+        internal FpCurve(BigInteger q, BigInteger r, ECFieldElement a, ECFieldElement b, BigInteger order,
+            BigInteger cofactor)
             : base(q)
         {
             this.m_q = q;
@@ -777,6 +772,9 @@ namespace Org.BouncyCastle.Math.EC
 
         public override ECFieldElement FromBigInteger(BigInteger x)
         {
+            if (x == null || x.SignValue < 0 || x.CompareTo(m_q) >= 0)
+                throw new ArgumentException("value invalid for Fp field element", "x");
+
             return new FpFieldElement(this.m_q, this.m_r, x);
         }
 
@@ -873,32 +871,11 @@ namespace Org.BouncyCastle.Math.EC
 
         private static IFiniteField BuildField(int m, int k1, int k2, int k3)
         {
-            if (k1 == 0)
-            {
-                throw new ArgumentException("k1 must be > 0");
-            }
-
-            if (k2 == 0)
-            {
-                if (k3 != 0)
-                {
-                    throw new ArgumentException("k3 must be 0 if k2 == 0");
-                }
-
-                return FiniteFields.GetBinaryExtensionField(new int[]{ 0, k1, m });
-            }
-
-            if (k2 <= k1)
-            {
-                throw new ArgumentException("k2 must be > k1");
-            }
-
-            if (k3 <= k2)
-            {
-                throw new ArgumentException("k3 must be > k2");
-            }
+            int[] exponents = (k2 | k3) == 0
+                ? new int[]{ 0, k1, m }
+                : new int[]{ 0, k1, k2, k3, m };
 
-            return FiniteFields.GetBinaryExtensionField(new int[]{ 0, k1, k2, k3, m });
+            return FiniteFields.GetBinaryExtensionField(exponents);
         }
 
         protected AbstractF2mCurve(int m, int k1, int k2, int k3)
@@ -1253,15 +1230,8 @@ namespace Org.BouncyCastle.Math.EC
          * @param cofactor The cofactor of the elliptic curve, i.e.
          * <code>#E<sub>a</sub>(F<sub>2<sup>m</sup></sub>) = h * n</code>.
          */
-        public F2mCurve(
-            int			m, 
-            int			k1, 
-            int			k2, 
-            int			k3,
-            BigInteger	a, 
-            BigInteger	b,
-            BigInteger	order,
-            BigInteger	cofactor)
+        public F2mCurve(int m, int k1, int k2, int k3, BigInteger a, BigInteger b, BigInteger order,
+            BigInteger cofactor)
             : base(m, k1, k2, k3)
         {
             this.m = m;
@@ -1272,29 +1242,13 @@ namespace Org.BouncyCastle.Math.EC
             this.m_cofactor = cofactor;
             this.m_infinity = new F2mPoint(this, null, null);
 
-            if (k1 == 0)
-                throw new ArgumentException("k1 must be > 0");
-
-            if (k2 == 0)
-            {
-                if (k3 != 0)
-                    throw new ArgumentException("k3 must be 0 if k2 == 0");
-            }
-            else
-            {
-                if (k2 <= k1)
-                    throw new ArgumentException("k2 must be > k1");
-
-                if (k3 <= k2)
-                    throw new ArgumentException("k3 must be > k2");
-            }
-
             this.m_a = FromBigInteger(a);
             this.m_b = FromBigInteger(b);
             this.m_coord = F2M_DEFAULT_COORDS;
         }
 
-        protected F2mCurve(int m, int k1, int k2, int k3, ECFieldElement a, ECFieldElement b, BigInteger order, BigInteger cofactor)
+        internal F2mCurve(int m, int k1, int k2, int k3, ECFieldElement a, ECFieldElement b, BigInteger order,
+            BigInteger cofactor)
             : base(m, k1, k2, k3)
         {
             this.m = m;
@@ -1303,8 +1257,8 @@ namespace Org.BouncyCastle.Math.EC
             this.k3 = k3;
             this.m_order = order;
             this.m_cofactor = cofactor;
-
             this.m_infinity = new F2mPoint(this, null, null);
+
             this.m_a = a;
             this.m_b = b;
             this.m_coord = F2M_DEFAULT_COORDS;
@@ -1345,7 +1299,14 @@ namespace Org.BouncyCastle.Math.EC
 
         public override ECFieldElement FromBigInteger(BigInteger x)
         {
-            return new F2mFieldElement(this.m, this.k1, this.k2, this.k3, x);
+            if (x == null || x.SignValue < 0 || x.BitLength > m)
+                throw new ArgumentException("value invalid for F2m field element", "x");
+
+            int[] ks = (k2 | k3) == 0
+                ? new int[]{ k1 }
+                : new int[]{ k1, k2, k3 };
+
+            return new F2mFieldElement(m, ks, new LongArray(x));
         }
 
         protected internal override ECPoint CreateRawPoint(ECFieldElement x, ECFieldElement y)
@@ -1470,7 +1431,9 @@ namespace Org.BouncyCastle.Math.EC
             private ECPoint CreatePoint(long[] x, long[] y)
             {
                 int m = m_outer.m;
-                int[] ks = m_outer.IsTrinomial() ? new int[] { m_outer.k1 } : new int[] { m_outer.k1, m_outer.k2, m_outer.k3 }; 
+                int[] ks = m_outer.IsTrinomial()
+                    ? new int[]{ m_outer.k1 }
+                    : new int[]{ m_outer.k1, m_outer.k2, m_outer.k3 }; 
 
                 ECFieldElement X = new F2mFieldElement(m, ks, new LongArray(x));
                 ECFieldElement Y = new F2mFieldElement(m, ks, new LongArray(y));
diff --git a/crypto/src/math/ec/ECFieldElement.cs b/crypto/src/math/ec/ECFieldElement.cs
index ed530b6b7..774dfb9f1 100644
--- a/crypto/src/math/ec/ECFieldElement.cs
+++ b/crypto/src/math/ec/ECFieldElement.cs
@@ -128,17 +128,8 @@ namespace Org.BouncyCastle.Math.EC
             return null;
         }
 
-        [Obsolete("Use ECCurve.FromBigInteger to construct field elements")]
-        public FpFieldElement(BigInteger q, BigInteger x)
-            : this(q, CalculateResidue(q), x)
-        {
-        }
-
         internal FpFieldElement(BigInteger q, BigInteger r, BigInteger x)
         {
-            if (x == null || x.SignValue < 0 || x.CompareTo(q) >= 0)
-                throw new ArgumentException("value invalid in Fp field element", "x");
-
             this.q = q;
             this.r = r;
             this.x = x;
@@ -649,71 +640,6 @@ namespace Org.BouncyCastle.Math.EC
          */
         internal LongArray x;
 
-        /**
-         * Constructor for Ppb.
-         * @param m  The exponent <code>m</code> of
-         * <code>F<sub>2<sup>m</sup></sub></code>.
-         * @param k1 The integer <code>k1</code> where <code>x<sup>m</sup> +
-         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
-         * represents the reduction polynomial <code>f(z)</code>.
-         * @param k2 The integer <code>k2</code> where <code>x<sup>m</sup> +
-         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
-         * represents the reduction polynomial <code>f(z)</code>.
-         * @param k3 The integer <code>k3</code> where <code>x<sup>m</sup> +
-         * x<sup>k3</sup> + x<sup>k2</sup> + x<sup>k1</sup> + 1</code>
-         * represents the reduction polynomial <code>f(z)</code>.
-         * @param x The BigInteger representing the value of the field element.
-         */
-        [Obsolete("Use ECCurve.FromBigInteger to construct field elements")]
-        public F2mFieldElement(
-            int			m,
-            int			k1,
-            int			k2,
-            int			k3,
-            BigInteger	x)
-        {
-            if (x == null || x.SignValue < 0 || x.BitLength > m)
-                throw new ArgumentException("value invalid in F2m field element", "x");
-
-            if ((k2 == 0) && (k3 == 0))
-            {
-                this.representation = Tpb;
-                this.ks = new int[] { k1 };
-            }
-            else
-            {
-                if (k2 >= k3)
-                    throw new ArgumentException("k2 must be smaller than k3");
-                if (k2 <= 0)
-                    throw new ArgumentException("k2 must be larger than 0");
-
-                this.representation = Ppb;
-                this.ks = new int[] { k1, k2, k3 };
-            }
-
-            this.m = m;
-            this.x = new LongArray(x);
-        }
-
-        /**
-         * Constructor for Tpb.
-         * @param m  The exponent <code>m</code> of
-         * <code>F<sub>2<sup>m</sup></sub></code>.
-         * @param k The integer <code>k</code> where <code>x<sup>m</sup> +
-         * x<sup>k</sup> + 1</code> represents the reduction
-         * polynomial <code>f(z)</code>.
-         * @param x The BigInteger representing the value of the field element.
-         */
-        [Obsolete("Use ECCurve.FromBigInteger to construct field elements")]
-        public F2mFieldElement(
-            int			m,
-            int			k,
-            BigInteger	x)
-            : this(m, k, 0, 0, x)
-        {
-            // Set k1 to k, and set k2 and k3 to 0
-        }
-
         internal F2mFieldElement(int m, int[] ks, LongArray x)
         {
             this.m = m;
diff --git a/crypto/src/pkcs/PKCS12StoreBuilder.cs b/crypto/src/pkcs/PKCS12StoreBuilder.cs
index b61a9ea63..50d927af7 100644
--- a/crypto/src/pkcs/PKCS12StoreBuilder.cs
+++ b/crypto/src/pkcs/PKCS12StoreBuilder.cs
@@ -10,7 +10,6 @@ namespace Org.BouncyCastle.Pkcs
 		private DerObjectIdentifier	keyAlgorithm = PkcsObjectIdentifiers.PbeWithShaAnd3KeyTripleDesCbc;
 		private DerObjectIdentifier	certAlgorithm = PkcsObjectIdentifiers.PbewithShaAnd40BitRC2Cbc;
 		private DerObjectIdentifier keyPrfAlgorithm = null;
-		private DerObjectIdentifier certPrfAlgorithm = null;
 		private bool useDerEncoding = false;
 
 		public Pkcs12StoreBuilder()
@@ -19,7 +18,7 @@ namespace Org.BouncyCastle.Pkcs
 
 		public Pkcs12Store Build()
 		{
-			return new Pkcs12Store(keyAlgorithm, keyPrfAlgorithm, certAlgorithm, certPrfAlgorithm, useDerEncoding);
+			return new Pkcs12Store(keyAlgorithm, keyPrfAlgorithm, certAlgorithm, useDerEncoding);
 		}
 
 		public Pkcs12StoreBuilder SetCertAlgorithm(DerObjectIdentifier certAlgorithm)
diff --git a/crypto/src/pkcs/Pkcs12Store.cs b/crypto/src/pkcs/Pkcs12Store.cs
index 1e951ace5..d09b8828f 100644
--- a/crypto/src/pkcs/Pkcs12Store.cs
+++ b/crypto/src/pkcs/Pkcs12Store.cs
@@ -29,7 +29,6 @@ namespace Org.BouncyCastle.Pkcs
         private readonly DerObjectIdentifier    keyAlgorithm;
         private readonly DerObjectIdentifier    keyPrfAlgorithm;
         private readonly DerObjectIdentifier    certAlgorithm;
-        private readonly DerObjectIdentifier    certPrfAlgorithm;
         private readonly bool                   useDerEncoding;
 
         private AsymmetricKeyEntry unmarkedKeyEntry = null;
@@ -85,50 +84,15 @@ namespace Org.BouncyCastle.Pkcs
             }
         }
 
-        internal Pkcs12Store(
-            DerObjectIdentifier keyAlgorithm,
-            DerObjectIdentifier certAlgorithm,
-            bool                useDerEncoding)
-        {
-            this.keyAlgorithm = keyAlgorithm;
-            this.keyPrfAlgorithm = null;
-            this.certAlgorithm = certAlgorithm;
-            this.certPrfAlgorithm = null;
-            this.useDerEncoding = useDerEncoding;
-        }
-
-        internal Pkcs12Store(
-            DerObjectIdentifier keyAlgorithm,
-            DerObjectIdentifier keyPrfAlgorithm,
-            DerObjectIdentifier certAlgorithm,
-            DerObjectIdentifier certPrfAlgorithm,
-            bool useDerEncoding)
+        internal Pkcs12Store(DerObjectIdentifier keyAlgorithm, DerObjectIdentifier keyPrfAlgorithm,
+            DerObjectIdentifier certAlgorithm, bool useDerEncoding)
         {
             this.keyAlgorithm = keyAlgorithm;
             this.keyPrfAlgorithm = keyPrfAlgorithm;
             this.certAlgorithm = certAlgorithm;
-            this.certPrfAlgorithm = certPrfAlgorithm;
             this.useDerEncoding = useDerEncoding;
         }
 
-        // TODO Consider making obsolete
-        //      [Obsolete("Use 'Pkcs12StoreBuilder' instead")]
-        public Pkcs12Store()
-            : this(PkcsObjectIdentifiers.PbeWithShaAnd3KeyTripleDesCbc,
-                PkcsObjectIdentifiers.PbewithShaAnd40BitRC2Cbc, false)
-        {
-        }
-
-        // TODO Consider making obsolete
-//      [Obsolete("Use 'Pkcs12StoreBuilder' and 'Load' method instead")]
-        public Pkcs12Store(
-            Stream  input,
-            char[]  password)
-            : this()
-        {
-            Load(input, password);
-        }
-
         protected virtual void LoadKeyBag(PrivateKeyInfo privKeyInfo, Asn1Set bagAttributes)
         {
             AsymmetricKeyParameter privKey = PrivateKeyFactory.CreateKey(privKeyInfo);
diff --git a/crypto/src/security/SignerUtilities.cs b/crypto/src/security/SignerUtilities.cs
index 8a289897e..b3a49dea8 100644
--- a/crypto/src/security/SignerUtilities.cs
+++ b/crypto/src/security/SignerUtilities.cs
@@ -690,7 +690,7 @@ namespace Org.BouncyCastle.Security
 
         public static ISigner InitSigner(string algorithm, bool forSigning, AsymmetricKeyParameter privateKey, SecureRandom random)
         {
-            ISigner signer = SignerUtilities.GetSigner(algorithm);
+            ISigner signer = GetSigner(algorithm);
             signer.Init(forSigning, ParameterUtilities.WithRandom(privateKey, random));
             return signer;
         }
diff --git a/crypto/src/x509/X509V1CertificateGenerator.cs b/crypto/src/x509/X509V1CertificateGenerator.cs
index c571d2525..99543778b 100644
--- a/crypto/src/x509/X509V1CertificateGenerator.cs
+++ b/crypto/src/x509/X509V1CertificateGenerator.cs
@@ -4,9 +4,7 @@ using System.Collections;
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Crypto;
-using Org.BouncyCastle.Crypto.Operators;
 using Org.BouncyCastle.Math;
-using Org.BouncyCastle.Security;
 using Org.BouncyCastle.Utilities;
 
 namespace Org.BouncyCastle.X509
@@ -16,10 +14,7 @@ namespace Org.BouncyCastle.X509
 	/// </summary>
 	public class X509V1CertificateGenerator
 	{
-		private V1TbsCertificateGenerator   tbsGen;
-		private DerObjectIdentifier         sigOID;
-		private AlgorithmIdentifier         sigAlgId;
-		private string                      signatureAlgorithm;
+		private V1TbsCertificateGenerator tbsGen;
 
 		/// <summary>
 		/// Default Constructor.
@@ -115,68 +110,17 @@ namespace Org.BouncyCastle.X509
 		}
 
 		/// <summary>
-		/// Set the signature algorithm that will be used to sign this certificate.
-		/// This can be either a name or an OID, names are treated as case insensitive.
-		/// </summary>
-		/// <param name="signatureAlgorithm">string representation of the algorithm name</param>
-		[Obsolete("Not needed if Generate used with an ISignatureFactory")]
-		public void SetSignatureAlgorithm(
-			string signatureAlgorithm)
-		{
-			this.signatureAlgorithm = signatureAlgorithm;
-
-			try
-			{
-				sigOID = X509Utilities.GetAlgorithmOid(signatureAlgorithm);
-			}
-			catch (Exception)
-			{
-				throw new ArgumentException("Unknown signature type requested", "signatureAlgorithm");
-			}
-
-			sigAlgId = X509Utilities.GetSigAlgID(sigOID, signatureAlgorithm);
-
-			tbsGen.SetSignature(sigAlgId);
-		}
-
-		/// <summary>
-		/// Generate a new X509Certificate.
-		/// </summary>
-		/// <param name="privateKey">The private key of the issuer used to sign this certificate.</param>
-		/// <returns>An X509Certificate.</returns>
-		[Obsolete("Use Generate with an ISignatureFactory")]
-		public X509Certificate Generate(
-			AsymmetricKeyParameter privateKey)
-		{
-			return Generate(privateKey, null);
-		}
-
-        /// <summary>
-        /// Generate a new X509Certificate specifying a SecureRandom instance that you would like to use.
-        /// </summary>
-        /// <param name="privateKey">The private key of the issuer used to sign this certificate.</param>
-        /// <param name="random">The Secure Random you want to use.</param>
-        /// <returns>An X509Certificate.</returns>
-		[Obsolete("Use Generate with an ISignatureFactory")]
-		public X509Certificate Generate(
-			AsymmetricKeyParameter	privateKey,
-			SecureRandom			random)
-		{
-			return Generate(new Asn1SignatureFactory(signatureAlgorithm, privateKey, random));
-		}
-
-		/// <summary>
 		/// Generate a new X509Certificate using the passed in SignatureCalculator.
 		/// </summary>
-		/// <param name="signatureCalculatorFactory">A signature calculator factory with the necessary algorithm details.</param>
+		/// <param name="signatureFactory">A signature calculator factory with the necessary algorithm details.</param>
 		/// <returns>An X509Certificate.</returns>
-		public X509Certificate Generate(ISignatureFactory signatureCalculatorFactory)
+		public X509Certificate Generate(ISignatureFactory signatureFactory)
 		{
-			tbsGen.SetSignature ((AlgorithmIdentifier)signatureCalculatorFactory.AlgorithmDetails);
+			tbsGen.SetSignature((AlgorithmIdentifier)signatureFactory.AlgorithmDetails);
 
 			TbsCertificateStructure tbsCert = tbsGen.GenerateTbsCertificate();
 
-            IStreamCalculator streamCalculator = signatureCalculatorFactory.CreateCalculator();
+            IStreamCalculator streamCalculator = signatureFactory.CreateCalculator();
 
             byte[] encoded = tbsCert.GetDerEncoded();
 
@@ -184,7 +128,8 @@ namespace Org.BouncyCastle.X509
 
             Platform.Dispose(streamCalculator.Stream);
 
-            return GenerateJcaObject(tbsCert, (AlgorithmIdentifier)signatureCalculatorFactory.AlgorithmDetails, ((IBlockResult)streamCalculator.GetResult()).Collect());
+            return GenerateJcaObject(tbsCert, (AlgorithmIdentifier)signatureFactory.AlgorithmDetails,
+				((IBlockResult)streamCalculator.GetResult()).Collect());
 		}
 
 		private X509Certificate GenerateJcaObject(
diff --git a/crypto/src/x509/X509V2AttributeCertificateGenerator.cs b/crypto/src/x509/X509V2AttributeCertificateGenerator.cs
index f49eea63f..643604181 100644
--- a/crypto/src/x509/X509V2AttributeCertificateGenerator.cs
+++ b/crypto/src/x509/X509V2AttributeCertificateGenerator.cs
@@ -4,9 +4,7 @@ using System.Collections;
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Crypto;
-using Org.BouncyCastle.Crypto.Operators;
 using Org.BouncyCastle.Math;
-using Org.BouncyCastle.Security;
 using Org.BouncyCastle.Security.Certificates;
 using Org.BouncyCastle.Utilities;
 
@@ -17,10 +15,7 @@ namespace Org.BouncyCastle.X509
 	{
 		private readonly X509ExtensionsGenerator extGenerator = new X509ExtensionsGenerator();
 
-		private V2AttributeCertificateInfoGenerator	acInfoGen;
-		private DerObjectIdentifier sigOID;
-		private AlgorithmIdentifier sigAlgId;
-		private string signatureAlgorithm;
+		private V2AttributeCertificateInfoGenerator acInfoGen;
 
 		public X509V2AttributeCertificateGenerator()
 		{
@@ -67,31 +62,6 @@ namespace Org.BouncyCastle.X509
 			acInfoGen.SetEndDate(new DerGeneralizedTime(date));
 		}
 
-        /// <summary>
-        /// Set the signature algorithm. This can be either a name or an OID, names
-        /// are treated as case insensitive.
-        /// </summary>
-        /// <param name="signatureAlgorithm">The algorithm name.</param>
-        [Obsolete("Not needed if Generate used with an ISignatureFactory")]
-        public void SetSignatureAlgorithm(
-			string signatureAlgorithm)
-		{
-			this.signatureAlgorithm = signatureAlgorithm;
-
-			try
-			{
-				sigOID = X509Utilities.GetAlgorithmOid(signatureAlgorithm);
-			}
-			catch (Exception)
-			{
-				throw new ArgumentException("Unknown signature type requested");
-			}
-
-			sigAlgId = X509Utilities.GetSigAlgID(sigOID, signatureAlgorithm);
-
-			acInfoGen.SetSignature(sigAlgId);
-		}
-
 		/// <summary>Add an attribute.</summary>
 		public void AddAttribute(
 			X509Attribute attribute)
@@ -130,28 +100,6 @@ namespace Org.BouncyCastle.X509
 		}
 
         /// <summary>
-        /// Generate an X509 certificate, based on the current issuer and subject.
-        /// </summary>
-        [Obsolete("Use Generate with an ISignatureFactory")]
-        public IX509AttributeCertificate Generate(
-			AsymmetricKeyParameter privateKey)
-		{
-			return Generate(privateKey, null);
-		}
-
-        /// <summary>
-        /// Generate an X509 certificate, based on the current issuer and subject,
-        /// using the supplied source of randomness, if required.
-        /// </summary>
-        [Obsolete("Use Generate with an ISignatureFactory")]
-        public IX509AttributeCertificate Generate(
-			AsymmetricKeyParameter	privateKey,
-			SecureRandom			random)
-        {
-            return Generate(new Asn1SignatureFactory(signatureAlgorithm, privateKey, random));
-        }
-
-        /// <summary>
         /// Generate a new X.509 Attribute Certificate using the passed in SignatureCalculator.
         /// </summary>
         /// <param name="signatureCalculatorFactory">A signature calculator factory with the necessary algorithm details.</param>
diff --git a/crypto/src/x509/X509V2CRLGenerator.cs b/crypto/src/x509/X509V2CRLGenerator.cs
index d16178ffa..ba5c7de2d 100644
--- a/crypto/src/x509/X509V2CRLGenerator.cs
+++ b/crypto/src/x509/X509V2CRLGenerator.cs
@@ -21,10 +21,7 @@ namespace Org.BouncyCastle.X509
 	{
 		private readonly X509ExtensionsGenerator extGenerator = new X509ExtensionsGenerator();
 
-		private V2TbsCertListGenerator	tbsGen;
-		private DerObjectIdentifier		sigOID;
-		private AlgorithmIdentifier		sigAlgId;
-		private string					signatureAlgorithm;
+		private V2TbsCertListGenerator tbsGen;
 
 		public X509V2CrlGenerator()
 		{
@@ -130,30 +127,6 @@ namespace Org.BouncyCastle.X509
 			}
 		}
 
-        /// <summary>
-        /// Set the signature algorithm that will be used to sign this CRL.
-        /// </summary>
-        /// <param name="signatureAlgorithm"/>
-        [Obsolete("Not needed if Generate used with an ISignatureFactory")]
-        public void SetSignatureAlgorithm(
-			string signatureAlgorithm)
-		{
-			this.signatureAlgorithm = signatureAlgorithm;
-
-			try
-			{
-				sigOID = X509Utilities.GetAlgorithmOid(signatureAlgorithm);
-			}
-			catch (Exception e)
-			{
-				throw new ArgumentException("Unknown signature type requested", e);
-			}
-
-			sigAlgId = X509Utilities.GetSigAlgID(sigOID, signatureAlgorithm);
-
-			tbsGen.SetSignature(sigAlgId);
-		}
-
 		/**
 		* add a given extension field for the standard extensions tag (tag 0)
 		*/
@@ -199,32 +172,6 @@ namespace Org.BouncyCastle.X509
 		}
 
         /// <summary>
-        /// Generate an X.509 CRL, based on the current issuer and subject.
-        /// </summary>
-        /// <param name="privateKey">The private key of the issuer that is signing this certificate.</param>
-        /// <returns>An X509Crl.</returns>
-        [Obsolete("Use Generate with an ISignatureFactory")]
-        public X509Crl Generate(
-            AsymmetricKeyParameter privateKey)
-        {
-            return Generate(privateKey, null);
-        }
-
-        /// <summary>
-        /// Generate an X.509 CRL, based on the current issuer and subject using the specified secure random.
-        /// </summary>
-        /// <param name="privateKey">The private key of the issuer that is signing this certificate.</param>
-        /// <param name="random">Your Secure Random instance.</param>
-        /// <returns>An X509Crl.</returns>
-        [Obsolete("Use Generate with an ISignatureFactory")]
-        public X509Crl Generate(
-            AsymmetricKeyParameter privateKey,
-            SecureRandom random)
-        {
-            return Generate(new Asn1SignatureFactory(signatureAlgorithm, privateKey, random));
-        }
-
-        /// <summary>
         /// Generate a new X509Crl using the passed in SignatureCalculator.
         /// </summary>
 		/// <param name="signatureCalculatorFactory">A signature calculator factory with the necessary algorithm details.</param>
diff --git a/crypto/src/x509/X509V3CertificateGenerator.cs b/crypto/src/x509/X509V3CertificateGenerator.cs
index bc619c37b..47e58ddb5 100644
--- a/crypto/src/x509/X509V3CertificateGenerator.cs
+++ b/crypto/src/x509/X509V3CertificateGenerator.cs
@@ -20,10 +20,7 @@ namespace Org.BouncyCastle.X509
     {
 		private readonly X509ExtensionsGenerator extGenerator = new X509ExtensionsGenerator();
 
-		private V3TbsCertificateGenerator	tbsGen;
-        private DerObjectIdentifier			sigOid;
-        private AlgorithmIdentifier			sigAlgId;
-        private string						signatureAlgorithm;
+		private V3TbsCertificateGenerator tbsGen;
 
 		public X509V3CertificateGenerator()
         {
@@ -108,30 +105,6 @@ namespace Org.BouncyCastle.X509
         }
 
 		/// <summary>
-        /// Set the signature algorithm that will be used to sign this certificate.
-        /// </summary>
-        /// <param name="signatureAlgorithm"/>
-		[Obsolete("Not needed if Generate used with an ISignatureFactory")]
-        public void SetSignatureAlgorithm(
-			string signatureAlgorithm)
-        {
-			this.signatureAlgorithm = signatureAlgorithm;
-
-			try
-			{
-				sigOid = X509Utilities.GetAlgorithmOid(signatureAlgorithm);
-			}
-			catch (Exception)
-			{
-				throw new ArgumentException("Unknown signature type requested: " + signatureAlgorithm);
-			}
-
-			sigAlgId = X509Utilities.GetSigAlgID(sigOid, signatureAlgorithm);
-
-			tbsGen.SetSignature(sigAlgId);
-		}
-
-		/// <summary>
 		/// Set the subject unique ID - note: it is very rare that it is correct to do this.
 		/// </summary>
 		/// <param name="uniqueID"/>
@@ -272,32 +245,6 @@ namespace Org.BouncyCastle.X509
 		}
 
 		/// <summary>
-        /// Generate an X509Certificate.
-        /// </summary>
-        /// <param name="privateKey">The private key of the issuer that is signing this certificate.</param>
-        /// <returns>An X509Certificate.</returns>
-		[Obsolete("Use Generate with an ISignatureFactory")]
-		public X509Certificate Generate(
-			AsymmetricKeyParameter privateKey)
-        {
-            return Generate(privateKey, null);
-        }
-
-		/// <summary>
-		/// Generate an X509Certificate using your own SecureRandom.
-		/// </summary>
-		/// <param name="privateKey">The private key of the issuer that is signing this certificate.</param>
-		/// <param name="random">You Secure Random instance.</param>
-		/// <returns>An X509Certificate.</returns>
-		[Obsolete("Use Generate with an ISignatureFactory")]
-		public X509Certificate Generate(
-			AsymmetricKeyParameter	privateKey,
-			SecureRandom			random)
-		{
-			return Generate(new Asn1SignatureFactory(signatureAlgorithm, privateKey, random));
-		}
-
-		/// <summary>
 		/// Generate a new X509Certificate using the passed in SignatureCalculator.
 		/// </summary>
 		/// <param name="signatureCalculatorFactory">A signature calculator factory with the necessary algorithm details.</param>
diff --git a/crypto/test/src/cmp/test/ProtectedMessageTest.cs b/crypto/test/src/cmp/test/ProtectedMessageTest.cs
index 22e4b1c85..d28984af6 100644
--- a/crypto/test/src/cmp/test/ProtectedMessageTest.cs
+++ b/crypto/test/src/cmp/test/ProtectedMessageTest.cs
@@ -402,9 +402,8 @@ namespace Org.BouncyCastle.Cmp.Tests
             }
 
             certGen.SetPublicKey(PublicKey);
-            certGen.SetSignatureAlgorithm(SignatureAlgorithm);
 
-            return certGen.Generate(privateKey);
+            return certGen.Generate(new Asn1SignatureFactory(SignatureAlgorithm, privateKey, null));
         }
     }
 }
diff --git a/crypto/test/src/cms/test/CMSTestUtil.cs b/crypto/test/src/cms/test/CMSTestUtil.cs
index ca94959d7..242d7e8cf 100644
--- a/crypto/test/src/cms/test/CMSTestUtil.cs
+++ b/crypto/test/src/cms/test/CMSTestUtil.cs
@@ -6,6 +6,7 @@ using System.Text;
 using Org.BouncyCastle.Asn1.CryptoPro;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Crypto.Operators;
 using Org.BouncyCastle.Crypto.Parameters;
 using Org.BouncyCastle.Math;
 using Org.BouncyCastle.Security;
@@ -19,7 +20,8 @@ namespace Org.BouncyCastle.Cms.Tests
 {
 	public class CmsTestUtil
 	{
-		public static SecureRandom rand;
+		public static readonly SecureRandom Random = new SecureRandom();
+
 		private static IAsymmetricCipherKeyPairGenerator kpg;
 		private static IAsymmetricCipherKeyPairGenerator gostKpg;
 		private static IAsymmetricCipherKeyPairGenerator dsaKpg;
@@ -85,7 +87,7 @@ namespace Org.BouncyCastle.Cms.Tests
 				{
 					kpg = GeneratorUtilities.GetKeyPairGenerator("RSA");
 					kpg.Init(new RsaKeyGenerationParameters(
-						BigInteger.ValueOf(17), rand, 1024, 25));
+						BigInteger.ValueOf(17), Random, 1024, 25));
 				}
 
 				return kpg;
@@ -101,7 +103,7 @@ namespace Org.BouncyCastle.Cms.Tests
 					gostKpg = GeneratorUtilities.GetKeyPairGenerator("GOST3410");
 					gostKpg.Init(
 						new Gost3410KeyGenerationParameters(
-							rand,
+							Random,
 							CryptoProObjectIdentifiers.GostR3410x94CryptoProA));
 				}
 
@@ -120,7 +122,7 @@ namespace Org.BouncyCastle.Cms.Tests
 						new BigInteger("1138656671590261728308283492178581223478058193247"),
 						new BigInteger("4182906737723181805517018315469082619513954319976782448649747742951189003482834321192692620856488639629011570381138542789803819092529658402611668375788410"));
 					dsaKpg = GeneratorUtilities.GetKeyPairGenerator("DSA");
-					dsaKpg.Init(new DsaKeyGenerationParameters(rand, dsaSpec));
+					dsaKpg.Init(new DsaKeyGenerationParameters(Random, dsaSpec));
 				}
 
 				return dsaKpg;
@@ -151,7 +153,7 @@ namespace Org.BouncyCastle.Cms.Tests
 				if (ecDsaKpg == null)
 				{
 					ecDsaKpg = GeneratorUtilities.GetKeyPairGenerator("ECDSA");
-					ecDsaKpg.Init(new KeyGenerationParameters(rand, 239));
+					ecDsaKpg.Init(new KeyGenerationParameters(Random, 239));
 				}
 
 				return ecDsaKpg;
@@ -162,25 +164,23 @@ namespace Org.BouncyCastle.Cms.Tests
 		{
 		    try
 		    {
-		        rand = new SecureRandom();
-
 				aes192kg = GeneratorUtilities.GetKeyGenerator("AES");
-				aes192kg.Init(new KeyGenerationParameters(rand, 192));
+				aes192kg.Init(new KeyGenerationParameters(Random, 192));
 
 		        desede128kg = GeneratorUtilities.GetKeyGenerator("DESEDE");
-				desede128kg.Init(new KeyGenerationParameters(rand, 112));
+				desede128kg.Init(new KeyGenerationParameters(Random, 112));
 
 				desede192kg = GeneratorUtilities.GetKeyGenerator("DESEDE");
-				desede192kg.Init(new KeyGenerationParameters(rand, 168));
+				desede192kg.Init(new KeyGenerationParameters(Random, 168));
 
 				rc240kg = GeneratorUtilities.GetKeyGenerator("RC2");
-				rc240kg.Init(new KeyGenerationParameters(rand, 40));
+				rc240kg.Init(new KeyGenerationParameters(Random, 40));
 
 				rc264kg = GeneratorUtilities.GetKeyGenerator("RC2");
-				rc264kg.Init(new KeyGenerationParameters(rand, 64));
+				rc264kg.Init(new KeyGenerationParameters(Random, 64));
 
 				rc2128kg = GeneratorUtilities.GetKeyGenerator("RC2");
-				rc2128kg.Init(new KeyGenerationParameters(rand, 128));
+				rc2128kg.Init(new KeyGenerationParameters(Random, 128));
 
 				aesKg = GeneratorUtilities.GetKeyGenerator("AES");
 
@@ -291,7 +291,7 @@ namespace Org.BouncyCastle.Cms.Tests
 		public static KeyParameter MakeAesKey(
 			int keySize)
 		{
-			aesKg.Init(new KeyGenerationParameters(rand, keySize));
+			aesKg.Init(new KeyGenerationParameters(Random, keySize));
 
 			return ParameterUtilities.CreateKeyParameter("AES", aesKg.GenerateKey());
 		}
@@ -299,7 +299,7 @@ namespace Org.BouncyCastle.Cms.Tests
 		public static KeyParameter MakeCamelliaKey(
 			int keySize)
 		{
-			camelliaKg.Init(new KeyGenerationParameters(rand, keySize));
+			camelliaKg.Init(new KeyGenerationParameters(Random, keySize));
 
 			return ParameterUtilities.CreateKeyParameter("CAMELLIA", camelliaKg.GenerateKey());
 		}
@@ -323,8 +323,10 @@ namespace Org.BouncyCastle.Cms.Tests
 			AsymmetricKeyParameter issPriv = issKP.Private;
 			AsymmetricKeyParameter issPub = issKP.Public;
 
-			X509V1CertificateGenerator v1CertGen = new X509V1CertificateGenerator();
+			string signatureAlgorithm = GetSignatureAlgorithm(issPub);
+			ISignatureFactory signatureFactory = new Asn1SignatureFactory(signatureAlgorithm, issPriv, Random);
 
+			X509V1CertificateGenerator v1CertGen = new X509V1CertificateGenerator();
 			v1CertGen.Reset();
 			v1CertGen.SetSerialNumber(AllocateSerialNumber());
 			v1CertGen.SetIssuerDN(new X509Name(_issDN));
@@ -332,33 +334,7 @@ namespace Org.BouncyCastle.Cms.Tests
 			v1CertGen.SetNotAfter(DateTime.UtcNow.AddDays(100));
 			v1CertGen.SetSubjectDN(new X509Name(_subDN));
 			v1CertGen.SetPublicKey(subPub);
-
-			if (issPub is RsaKeyParameters)
-			{
-				v1CertGen.SetSignatureAlgorithm("SHA1WithRSA");
-			}
-			else if (issPub is DsaPublicKeyParameters)
-			{
-				v1CertGen.SetSignatureAlgorithm("SHA1withDSA");
-			}
-			else if (issPub is ECPublicKeyParameters)
-			{
-				ECPublicKeyParameters ecPub = (ECPublicKeyParameters)issPub;
-				if (ecPub.AlgorithmName == "ECGOST3410")
-				{
-					v1CertGen.SetSignatureAlgorithm("GOST3411withECGOST3410");
-				}
-				else
-				{
-					v1CertGen.SetSignatureAlgorithm("SHA1withECDSA");
-				}	
-			}
-			else
-			{
-				v1CertGen.SetSignatureAlgorithm("GOST3411WithGOST3410");
-			}
-
-			X509Certificate _cert = v1CertGen.Generate(issPriv);
+			X509Certificate _cert = v1CertGen.Generate(signatureFactory);
 
 			_cert.CheckValidity(DateTime.UtcNow);
 			_cert.Verify(issPub);
@@ -374,8 +350,10 @@ namespace Org.BouncyCastle.Cms.Tests
 			AsymmetricKeyParameter issPriv = issKP.Private;
 			AsymmetricKeyParameter issPub = issKP.Public;
 
-			X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
+			string signatureAlgorithm = GetSignatureAlgorithm(issPub);
+			ISignatureFactory signatureFactory = new Asn1SignatureFactory(signatureAlgorithm, issPriv, Random);
 
+			X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
 			v3CertGen.Reset();
 			v3CertGen.SetSerialNumber(AllocateSerialNumber());
 			v3CertGen.SetIssuerDN(new X509Name(_issDN));
@@ -384,27 +362,6 @@ namespace Org.BouncyCastle.Cms.Tests
 			v3CertGen.SetSubjectDN(new X509Name(_subDN));
 			v3CertGen.SetPublicKey(subPub);
 
-			if (issPub is RsaKeyParameters)
-			{
-				v3CertGen.SetSignatureAlgorithm("SHA1WithRSA");
-			}
-			else if (issPub is ECPublicKeyParameters)
-			{
-				ECPublicKeyParameters ecPub = (ECPublicKeyParameters) issPub;
-				if (ecPub.AlgorithmName == "ECGOST3410")
-				{
-					v3CertGen.SetSignatureAlgorithm("GOST3411withECGOST3410");
-				}
-				else
-				{
-					v3CertGen.SetSignatureAlgorithm("SHA1withECDSA");
-				}
-			}
-			else
-			{
-				v3CertGen.SetSignatureAlgorithm("GOST3411WithGOST3410");
-			}
-
 			v3CertGen.AddExtension(
 				X509Extensions.SubjectKeyIdentifier,
 				false,
@@ -420,7 +377,7 @@ namespace Org.BouncyCastle.Cms.Tests
 				false,
 				new BasicConstraints(_ca));
 
-			X509Certificate _cert = v3CertGen.Generate(issPriv);
+			X509Certificate _cert = v3CertGen.Generate(signatureFactory);
 
 			_cert.CheckValidity();
 			_cert.Verify(issPub);
@@ -438,20 +395,36 @@ namespace Org.BouncyCastle.Cms.Tests
 
 			crlGen.SetThisUpdate(now);
 			crlGen.SetNextUpdate(now.AddSeconds(100));
-			crlGen.SetSignatureAlgorithm("SHA256WithRSAEncryption");
 
 			crlGen.AddCrlEntry(BigInteger.One, now, CrlReason.PrivilegeWithdrawn);
 
 			crlGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.Public));
 
-			return crlGen.Generate(pair.Private);
+			return crlGen.Generate(new Asn1SignatureFactory("SHA256WithRSAEncryption", pair.Private, null));
 		}
 
-		/*
+        /*
 		*
 		*  INTERNAL METHODS
 		*
 		*/
+
+        internal static string GetSignatureAlgorithm(AsymmetricKeyParameter publicKey)
+        {
+            if (publicKey is RsaKeyParameters)
+                return "SHA1WithRSA";
+
+            if (publicKey is DsaPublicKeyParameters)
+                return "SHA1withDSA";
+
+            if (publicKey is ECPublicKeyParameters ecPub)
+            {
+                return ecPub.AlgorithmName == "ECGOST3410" ? "GOST3411withECGOST3410" : "SHA1withECDSA";
+            }
+
+            return "GOST3411WithGOST3410";
+        }
+
         internal static IX509Store MakeAttrCertStore(params IX509AttributeCertificate[] attrCerts)
         {
             IList attrCertList = new ArrayList();
diff --git a/crypto/test/src/ocsp/test/OCSPTestUtil.cs b/crypto/test/src/ocsp/test/OCSPTestUtil.cs
index 53b8f5bb9..c36c3163f 100644
--- a/crypto/test/src/ocsp/test/OCSPTestUtil.cs
+++ b/crypto/test/src/ocsp/test/OCSPTestUtil.cs
@@ -1,10 +1,8 @@
 using System;
 
-using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.X509;
-using Org.BouncyCastle.Asn1.X9;
 using Org.BouncyCastle.Crypto;
-using Org.BouncyCastle.Crypto.Generators;
+using Org.BouncyCastle.Crypto.Operators;
 using Org.BouncyCastle.Crypto.Parameters;
 using Org.BouncyCastle.Math;
 using Org.BouncyCastle.Security;
@@ -98,7 +96,6 @@ namespace Org.BouncyCastle.Ocsp.Tests
 			_v3CertGen.SetNotAfter(DateTime.UtcNow.AddDays(100));
 			_v3CertGen.SetSubjectDN(new X509Name(_subDN));
 			_v3CertGen.SetPublicKey(_subPub);
-			_v3CertGen.SetSignatureAlgorithm(algorithm);
 
 			_v3CertGen.AddExtension(X509Extensions.SubjectKeyIdentifier, false,
 				createSubjectKeyId(_subPub));
@@ -109,9 +106,9 @@ namespace Org.BouncyCastle.Ocsp.Tests
 			_v3CertGen.AddExtension(X509Extensions.BasicConstraints, false,
 				new BasicConstraints(_ca));
 
-			X509Certificate _cert = _v3CertGen.Generate(_issPriv);
+            X509Certificate _cert = _v3CertGen.Generate(new Asn1SignatureFactory(algorithm, _issPriv, null));
 
-			_cert.CheckValidity(DateTime.UtcNow);
+            _cert.CheckValidity(DateTime.UtcNow);
 			_cert.Verify(_issPub);
 
 			return _cert;
diff --git a/crypto/test/src/pkcs/examples/PKCS12Example.cs b/crypto/test/src/pkcs/examples/PKCS12Example.cs
index 002e14c38..06247bc3f 100644
--- a/crypto/test/src/pkcs/examples/PKCS12Example.cs
+++ b/crypto/test/src/pkcs/examples/PKCS12Example.cs
@@ -6,10 +6,10 @@ using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Pkcs;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Crypto.Operators;
 using Org.BouncyCastle.Crypto.Parameters;
 using Org.BouncyCastle.Math;
 using Org.BouncyCastle.Security;
-using Org.BouncyCastle.Utilities.Date;
 using Org.BouncyCastle.X509;
 using Org.BouncyCastle.X509.Extension;
 
@@ -26,9 +26,6 @@ namespace Org.BouncyCastle.Pkcs.Examples
 	{
 		private static readonly char[] passwd = "hello world".ToCharArray();
 
-		private static readonly X509V1CertificateGenerator v1CertGen = new X509V1CertificateGenerator();
-		private static readonly X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
-
 		/**
 		* we generate the CA's certificate
 		*/
@@ -49,16 +46,16 @@ namespace Org.BouncyCastle.Pkcs.Examples
 			//
 			// create the certificate - version 1
 			//
+			ISignatureFactory signatureFactory = new Asn1SignatureFactory("SHA1WithRSAEncryption", privKey, null);
 
+			X509V1CertificateGenerator v1CertGen = new X509V1CertificateGenerator();
 			v1CertGen.SetSerialNumber(BigInteger.One);
 			v1CertGen.SetIssuerDN(new X509Name(issuer));
 			v1CertGen.SetNotBefore(DateTime.UtcNow.AddMonths(-1));
 			v1CertGen.SetNotAfter(DateTime.UtcNow.AddMonths(1));
 			v1CertGen.SetSubjectDN(new X509Name(subject));
 			v1CertGen.SetPublicKey(pubKey);
-			v1CertGen.SetSignatureAlgorithm("SHA1WithRSAEncryption");
-
-			X509Certificate cert = v1CertGen.Generate(privKey);
+			X509Certificate cert = v1CertGen.Generate(signatureFactory);
 
 			cert.CheckValidity(DateTime.UtcNow);
 
@@ -107,15 +104,13 @@ namespace Org.BouncyCastle.Pkcs.Examples
 			//
 			// create the certificate - version 3
 			//
-			v3CertGen.Reset();
-
+			X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
 			v3CertGen.SetSerialNumber(BigInteger.Two);
 			v3CertGen.SetIssuerDN(PrincipalUtilities.GetSubjectX509Principal(caCert));
 			v3CertGen.SetNotBefore(DateTime.UtcNow.AddMonths(-1));
 			v3CertGen.SetNotAfter(DateTime.UtcNow.AddMonths(1));
 			v3CertGen.SetSubjectDN(new X509Name(order, attrs));
 			v3CertGen.SetPublicKey(pubKey);
-			v3CertGen.SetSignatureAlgorithm("SHA1WithRSAEncryption");
 
 			//
 			// extensions
@@ -135,7 +130,7 @@ namespace Org.BouncyCastle.Pkcs.Examples
 				true,
 				new BasicConstraints(0));
 
-			X509Certificate cert = v3CertGen.Generate(caPrivKey);
+			X509Certificate cert = v3CertGen.Generate(new Asn1SignatureFactory("SHA1WithRSAEncryption", caPrivKey, null));
 
 			cert.CheckValidity(DateTime.UtcNow);
 
@@ -202,15 +197,13 @@ namespace Org.BouncyCastle.Pkcs.Examples
 			//
 			// create the certificate - version 3
 			//
-			v3CertGen.Reset();
-
+			X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
 			v3CertGen.SetSerialNumber(BigInteger.Three);
 			v3CertGen.SetIssuerDN(new X509Name(sOrder, sAttrs));
 			v3CertGen.SetNotBefore(DateTime.UtcNow.AddMonths(-1));
 			v3CertGen.SetNotAfter(DateTime.UtcNow.AddMonths(1));
 			v3CertGen.SetSubjectDN(new X509Name(order, attrs));
 			v3CertGen.SetPublicKey(pubKey);
-			v3CertGen.SetSignatureAlgorithm("SHA1WithRSAEncryption");
 
 			//
 			// add the extensions
@@ -225,7 +218,7 @@ namespace Org.BouncyCastle.Pkcs.Examples
 				false,
 				new AuthorityKeyIdentifierStructure(caPubKey));
 
-			X509Certificate cert = v3CertGen.Generate(caPrivKey);
+			X509Certificate cert = v3CertGen.Generate(new Asn1SignatureFactory("SHA1WithRSAEncryption", caPrivKey, null));
 
 			cert.CheckValidity(DateTime.UtcNow);
 
diff --git a/crypto/test/src/pkcs/test/PKCS12StoreTest.cs b/crypto/test/src/pkcs/test/PKCS12StoreTest.cs
index 1b49a5d02..884fd7449 100644
--- a/crypto/test/src/pkcs/test/PKCS12StoreTest.cs
+++ b/crypto/test/src/pkcs/test/PKCS12StoreTest.cs
@@ -8,9 +8,9 @@ using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.Pkcs;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Crypto.Operators;
 using Org.BouncyCastle.Crypto.Parameters;
 using Org.BouncyCastle.Math;
-using Org.BouncyCastle.Pkcs;
 using Org.BouncyCastle.Security;
 using Org.BouncyCastle.Utilities.Encoders;
 using Org.BouncyCastle.Utilities.Test;
@@ -897,9 +897,10 @@ namespace Org.BouncyCastle.Pkcs.Tests
 			certGen.SetNotAfter(DateTime.UtcNow.AddDays(30));
 			certGen.SetSubjectDN(new X509Name(order, subjectAttrs));
 			certGen.SetPublicKey(pubKey);
-			certGen.SetSignatureAlgorithm("MD5WithRSAEncryption");
 
-			return new X509CertificateEntry(certGen.Generate(privKey));
+			ISignatureFactory signatureFactory = new Asn1SignatureFactory("MD5WithRSAEncryption", privKey, null);
+			X509Certificate cert = certGen.Generate(signatureFactory);
+			return new X509CertificateEntry(cert);
 		}
 
         private void DoTestCertsOnly()
diff --git a/crypto/test/src/security/test/TestDotNetUtil.cs b/crypto/test/src/security/test/TestDotNetUtil.cs
index 062eada0e..899af016c 100644
--- a/crypto/test/src/security/test/TestDotNetUtil.cs
+++ b/crypto/test/src/security/test/TestDotNetUtil.cs
@@ -9,6 +9,7 @@ using NUnit.Framework;
 
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Crypto.Operators;
 using Org.BouncyCastle.Crypto.Parameters;
 using Org.BouncyCastle.Math;
 using Org.BouncyCastle.Utilities.Encoders;
@@ -66,11 +67,10 @@ namespace Org.BouncyCastle.Security.Tests
 			certGen.SetNotAfter(DateTime.UtcNow.AddDays(1));
 			certGen.SetSubjectDN(new X509Name(ord, attrs));
 			certGen.SetPublicKey(dsaPub);
-			certGen.SetSignatureAlgorithm("SHA1WITHDSA");
 
-			X509Certificate cert = certGen.Generate(dsaPriv);
+            X509Certificate cert = certGen.Generate(new Asn1SignatureFactory("SHA1WITHDSA", dsaPriv, null));
 
-			cert.CheckValidity();
+            cert.CheckValidity();
 			cert.Verify(dsaPub);
 
 			SystemX509.X509Certificate dotNetCert = DotNetUtilities.ToX509Certificate(cert);
diff --git a/crypto/test/src/test/AttrCertSelectorTest.cs b/crypto/test/src/test/AttrCertSelectorTest.cs
index 37c1e66d2..dfd4295e2 100644
--- a/crypto/test/src/test/AttrCertSelectorTest.cs
+++ b/crypto/test/src/test/AttrCertSelectorTest.cs
@@ -5,6 +5,7 @@ using NUnit.Framework;
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Crypto.Operators;
 using Org.BouncyCastle.Crypto.Parameters;
 using Org.BouncyCastle.Math;
 using Org.BouncyCastle.Utilities.Date;
@@ -110,7 +111,6 @@ namespace Org.BouncyCastle.Tests
 			gen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
 			gen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
 			gen.SetSerialNumber(BigInteger.One);
-			gen.SetSignatureAlgorithm("SHA1WithRSAEncryption");
 
 			Target targetName = new Target(
 				Target.Choice.Name,
@@ -125,7 +125,7 @@ namespace Org.BouncyCastle.Tests
 			TargetInformation targetInformation = new TargetInformation(targets);
 			gen.AddExtension(X509Extensions.TargetInformation.Id, true, targetInformation);
 
-			return gen.Generate(privKey);
+			return gen.Generate(new Asn1SignatureFactory("SHA1WithRSAEncryption", privKey, null));
 		}
 
 		[Test]
diff --git a/crypto/test/src/test/AttrCertTest.cs b/crypto/test/src/test/AttrCertTest.cs
index d701d007e..f57f67fad 100644
--- a/crypto/test/src/test/AttrCertTest.cs
+++ b/crypto/test/src/test/AttrCertTest.cs
@@ -6,9 +6,9 @@ using NUnit.Framework;
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Crypto.Operators;
 using Org.BouncyCastle.Crypto.Parameters;
 using Org.BouncyCastle.Math;
-using Org.BouncyCastle.Security;
 using Org.BouncyCastle.Utilities.Collections;
 using Org.BouncyCastle.Utilities.Encoders;
 using Org.BouncyCastle.Utilities.Test;
@@ -270,9 +270,9 @@ namespace Org.BouncyCastle.Tests
 			gen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
 			gen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
 			gen.SetSerialNumber(BigInteger.One);
-			gen.SetSignatureAlgorithm("SHA1WithRSAEncryption");
 
-			IX509AttributeCertificate aCert = gen.Generate(privKey);
+			IX509AttributeCertificate aCert = gen.Generate(
+				new Asn1SignatureFactory("SHA1WithRSAEncryption", privKey, null));
 
 			aCert.CheckValidity();
 
@@ -378,9 +378,9 @@ namespace Org.BouncyCastle.Tests
 			gen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
 			gen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
 			gen.SetSerialNumber(BigInteger.One);
-			gen.SetSignatureAlgorithm("SHA1WithRSAEncryption");
 
-			IX509AttributeCertificate aCert = gen.Generate(privKey);
+			IX509AttributeCertificate aCert = gen.Generate(
+				new Asn1SignatureFactory("SHA1WithRSAEncryption", privKey, null));
 
 			aCert.CheckValidity();
 
@@ -499,9 +499,8 @@ namespace Org.BouncyCastle.Tests
 			gen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
 			gen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
 			gen.SetSerialNumber(aCert.SerialNumber);
-			gen.SetSignatureAlgorithm("SHA1WithRSAEncryption");
 
-			aCert = gen.Generate(privKey);
+			aCert = gen.Generate(new Asn1SignatureFactory("SHA1WithRSAEncryption", privKey, null));
 
 			aCert.CheckValidity();
 
@@ -575,7 +574,7 @@ namespace Org.BouncyCastle.Tests
 
 			gen.AddExtension("2.2", false, new DerOctetString(new byte[20]));
 
-			aCert = gen.Generate(privKey);
+			aCert = gen.Generate(new Asn1SignatureFactory("SHA1WithRSAEncryption", privKey, null));
 
 			ISet exts = aCert.GetCriticalExtensionOids();
 
diff --git a/crypto/test/src/test/CertTest.cs b/crypto/test/src/test/CertTest.cs
index d83b67f8c..e0f97a61f 100644
--- a/crypto/test/src/test/CertTest.cs
+++ b/crypto/test/src/test/CertTest.cs
@@ -12,6 +12,7 @@ using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Asn1.X9;
 using Org.BouncyCastle.Crypto;
 using Org.BouncyCastle.Crypto.Generators;
+using Org.BouncyCastle.Crypto.Operators;
 using Org.BouncyCastle.Crypto.Parameters;
 using Org.BouncyCastle.Math;
 using Org.BouncyCastle.Math.EC;
@@ -1164,9 +1165,8 @@ namespace Org.BouncyCastle.Tests
             certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
             certGen.SetSubjectDN(new X509Name(ord, values));
             certGen.SetPublicKey(pubKey);
-            certGen.SetSignatureAlgorithm("SHA256WithRSAEncryption");
 
-            X509Certificate cert = certGen.Generate(privKey);
+            X509Certificate cert = certGen.Generate(new Asn1SignatureFactory("SHA256WithRSAEncryption", privKey, null));
 
             cert.CheckValidity(DateTime.UtcNow);
 
@@ -1194,7 +1194,6 @@ namespace Org.BouncyCastle.Tests
             certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
             certGen.SetSubjectDN(new X509Name(ord, values));
             certGen.SetPublicKey(pubKey);
-            certGen.SetSignatureAlgorithm("MD5WithRSAEncryption");
             certGen.AddExtension("2.5.29.15", true,
                 new X509KeyUsage(X509KeyUsage.EncipherOnly));
             certGen.AddExtension("2.5.29.37", true,
@@ -1202,7 +1201,7 @@ namespace Org.BouncyCastle.Tests
             certGen.AddExtension("2.5.29.17", true,
                 new GeneralNames(new GeneralName(GeneralName.Rfc822Name, "test@test.test")));
 
-            cert = certGen.Generate(privKey);
+            cert = certGen.Generate(new Asn1SignatureFactory("MD5WithRSAEncryption", privKey, null));
 
             cert.CheckValidity(DateTime.UtcNow);
 
@@ -1242,9 +1241,7 @@ namespace Org.BouncyCastle.Tests
             certGen1.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
             certGen1.SetSubjectDN(new X509Name(ord, values));
             certGen1.SetPublicKey(pubKey);
-            certGen1.SetSignatureAlgorithm("MD5WithRSAEncryption");
-
-            cert = certGen1.Generate(privKey);
+            cert = certGen1.Generate(new Asn1SignatureFactory("MD5WithRSAEncryption", privKey, null));
 
             cert.CheckValidity(DateTime.UtcNow);
 
@@ -1322,11 +1319,10 @@ namespace Org.BouncyCastle.Tests
             certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
             certGen.SetSubjectDN(new X509Name(ord, values));
             certGen.SetPublicKey(pubKey);
-            certGen.SetSignatureAlgorithm("SHA1withDSA");
 
             try
             {
-                X509Certificate cert = certGen.Generate(privKey);
+                X509Certificate cert = certGen.Generate(new Asn1SignatureFactory("SHA1withDSA", privKey, null));
 
                 cert.CheckValidity(DateTime.UtcNow);
 
@@ -1352,11 +1348,10 @@ namespace Org.BouncyCastle.Tests
             certGen1.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
             certGen1.SetSubjectDN(new X509Name(ord, values));
             certGen1.SetPublicKey(pubKey);
-            certGen1.SetSignatureAlgorithm("SHA1withDSA");
 
             try
             {
-                X509Certificate cert = certGen1.Generate(privKey);
+                X509Certificate cert = certGen1.Generate(new Asn1SignatureFactory("SHA1withDSA", privKey, null));
 
                 cert.CheckValidity(DateTime.UtcNow);
 
@@ -1465,11 +1460,10 @@ namespace Org.BouncyCastle.Tests
             certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
             certGen.SetSubjectDN(new X509Name(order, attrs));
             certGen.SetPublicKey(pubKey);
-            certGen.SetSignatureAlgorithm("SHA1withECDSA");
 
             try
             {
-                X509Certificate cert = certGen.Generate(privKey);
+                X509Certificate cert = certGen.Generate(new Asn1SignatureFactory("SHA1withECDSA", privKey, null));
 
                 cert.CheckValidity(DateTime.UtcNow);
 
@@ -1490,7 +1484,7 @@ namespace Org.BouncyCastle.Tests
 
                 certGen.SetPublicKey(pubKey);
 
-                cert = certGen.Generate(privKey);
+                cert = certGen.Generate(new Asn1SignatureFactory("SHA1withECDSA", privKey, null));
 
                 cert.CheckValidity(DateTime.UtcNow);
 
@@ -1583,10 +1577,8 @@ namespace Org.BouncyCastle.Tests
             certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
             certGen.SetSubjectDN(new X509Name(order, attrs));
             certGen.SetPublicKey(pubKey);
-            certGen.SetSignatureAlgorithm(algorithm);
-
 
-            X509Certificate cert = certGen.Generate(privKey);
+            X509Certificate cert = certGen.Generate(new Asn1SignatureFactory(algorithm, privKey, null));
 
             cert.CheckValidity(DateTime.UtcNow);
 
@@ -1607,7 +1599,7 @@ namespace Org.BouncyCastle.Tests
 
             certGen.SetPublicKey(pubKey);
 
-            cert = certGen.Generate(privKey);
+            cert = certGen.Generate(new Asn1SignatureFactory(algorithm, privKey, null));
 
             cert.CheckValidity(DateTime.UtcNow);
 
@@ -1673,14 +1665,13 @@ namespace Org.BouncyCastle.Tests
 
             crlGen.SetThisUpdate(now);
             crlGen.SetNextUpdate(now.AddSeconds(100));
-            crlGen.SetSignatureAlgorithm("SHA256WithRSAEncryption");
 
             crlGen.AddCrlEntry(BigInteger.One, now, CrlReason.PrivilegeWithdrawn);
 
             crlGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false,
                 new AuthorityKeyIdentifierStructure(pair.Public));
 
-            X509Crl crl = crlGen.Generate(pair.Private);
+            X509Crl crl = crlGen.Generate(new Asn1SignatureFactory("SHA256WithRSAEncryption", pair.Private, null));
 
             if (!crl.IssuerDN.Equivalent(new X509Name("CN=Test CA"), true))
             {
@@ -1745,7 +1736,6 @@ namespace Org.BouncyCastle.Tests
 
             crlGen.SetThisUpdate(now);
             crlGen.SetNextUpdate(now.AddSeconds(100));
-            crlGen.SetSignatureAlgorithm("SHA256WithRSAEncryption");
 
             IList extOids = new ArrayList();
             IList extValues = new ArrayList();
@@ -1768,7 +1758,7 @@ namespace Org.BouncyCastle.Tests
 
             crlGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.Public));
 
-            X509Crl crl = crlGen.Generate(pair.Private);
+            X509Crl crl = crlGen.Generate(new Asn1SignatureFactory("SHA256WithRSAEncryption", pair.Private, null));
 
             if (!crl.IssuerDN.Equivalent(new X509Name("CN=Test CA"), true))
             {
@@ -1833,7 +1823,6 @@ namespace Org.BouncyCastle.Tests
 
             crlGen.SetThisUpdate(now);
             crlGen.SetNextUpdate(now.AddSeconds(100));
-            crlGen.SetSignatureAlgorithm("SHA256WithRSAEncryption");
 
             IList extOids = new ArrayList();
             IList extValues = new ArrayList();
@@ -1856,7 +1845,7 @@ namespace Org.BouncyCastle.Tests
 
             crlGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.Public));
 
-            X509Crl crl = crlGen.Generate(pair.Private);
+            X509Crl crl = crlGen.Generate(new Asn1SignatureFactory("SHA256WithRSAEncryption", pair.Private, null));
 
             if (!crl.IssuerDN.Equivalent(new X509Name("CN=Test CA"), true))
             {
@@ -1915,7 +1904,6 @@ namespace Org.BouncyCastle.Tests
 
             crlGen.SetThisUpdate(now);
             crlGen.SetNextUpdate(now.AddSeconds(100));
-            crlGen.SetSignatureAlgorithm("SHA256WithRSAEncryption");
 
             crlGen.AddCrl(crl);
 
@@ -1923,7 +1911,7 @@ namespace Org.BouncyCastle.Tests
 
             crlGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(pair.Public));
 
-            X509Crl newCrl = crlGen.Generate(pair.Private);
+            X509Crl newCrl = crlGen.Generate(new Asn1SignatureFactory("SHA256WithRSAEncryption", pair.Private, null));
 
             int count = 0;
             bool oneFound = false;
@@ -2043,9 +2031,8 @@ namespace Org.BouncyCastle.Tests
             certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
             certGen.SetSubjectDN(new X509Name(order, attrs));
             certGen.SetPublicKey(pubKey);
-            certGen.SetSignatureAlgorithm("GOST3411withGOST3410");
 
-            X509Certificate cert = certGen.Generate(privKey);
+            X509Certificate cert = certGen.Generate(new Asn1SignatureFactory("GOST3411withGOST3410", privKey, null));
 
             cert.CheckValidity(DateTime.UtcNow);
 
@@ -2127,7 +2114,6 @@ namespace Org.BouncyCastle.Tests
             certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
             certGen.SetSubjectDN(new X509Name(ord, values));
             certGen.SetPublicKey(pubKey);
-            certGen.SetSignatureAlgorithm("MD5WithRSAEncryption");
             certGen.AddExtension("2.5.29.15", true,
                 new X509KeyUsage(X509KeyUsage.EncipherOnly));
             certGen.AddExtension("2.5.29.37", true,
@@ -2135,7 +2121,8 @@ namespace Org.BouncyCastle.Tests
             certGen.AddExtension("2.5.29.17", true,
                 new GeneralNames(new GeneralName(GeneralName.Rfc822Name, "test@test.test")));
 
-            X509Certificate baseCert = certGen.Generate(privKey);
+            X509Certificate baseCert = certGen.Generate(
+                new Asn1SignatureFactory("MD5WithRSAEncryption", privKey, null));
 
             //
             // copy certificate
@@ -2148,12 +2135,11 @@ namespace Org.BouncyCastle.Tests
             certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
             certGen.SetSubjectDN(new X509Name(ord, values));
             certGen.SetPublicKey(pubKey);
-            certGen.SetSignatureAlgorithm("MD5WithRSAEncryption");
 
             certGen.CopyAndAddExtension(new DerObjectIdentifier("2.5.29.15"), true, baseCert);
             certGen.CopyAndAddExtension("2.5.29.37", false, baseCert);
 
-            X509Certificate cert = certGen.Generate(privKey);
+            X509Certificate cert = certGen.Generate(new Asn1SignatureFactory("MD5WithRSAEncryption", privKey, null));
 
             cert.CheckValidity(DateTime.UtcNow);
 
@@ -2189,7 +2175,7 @@ namespace Org.BouncyCastle.Tests
             {
                 certGen.SetPublicKey(dudPublicKey);
 
-                certGen.Generate(privKey);
+                certGen.Generate(new Asn1SignatureFactory("MD5WithRSAEncryption", privKey, null));
 
                 Fail("key without encoding not detected in v3");
             }
@@ -2390,7 +2376,6 @@ namespace Org.BouncyCastle.Tests
             certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
             certGen.SetSubjectDN(new X509Name(ord, values));
             certGen.SetPublicKey(pubKey);
-            certGen.SetSignatureAlgorithm(algorithm);
             certGen.AddExtension("2.5.29.15", true,
             new X509KeyUsage(X509KeyUsage.EncipherOnly));
             certGen.AddExtension("2.5.29.37", true,
@@ -2398,7 +2383,7 @@ namespace Org.BouncyCastle.Tests
             certGen.AddExtension("2.5.29.17", true,
             new GeneralNames(new GeneralName(GeneralName.Rfc822Name, "test@test.test")));
 
-            X509Certificate baseCert = certGen.Generate(privKey);
+            X509Certificate baseCert = certGen.Generate(new Asn1SignatureFactory(algorithm, privKey, null));
 
             baseCert.Verify(pubKey);
         }
@@ -2457,8 +2442,7 @@ namespace Org.BouncyCastle.Tests
             certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
             certGen.SetSubjectDN(new X509Name("CN=Test"));
             certGen.SetPublicKey(pubKey);
-            certGen.SetSignatureAlgorithm("MD5WithRSAEncryption");
-            X509Certificate cert = certGen.Generate(privKey);
+            X509Certificate cert = certGen.Generate(new Asn1SignatureFactory("MD5WithRSAEncryption", privKey, null));
 
             X509CertificateStructure certStruct = X509CertificateStructure.GetInstance(
                 Asn1Object.FromByteArray(cert.GetEncoded()));
diff --git a/crypto/test/src/test/ECEncodingTest.cs b/crypto/test/src/test/ECEncodingTest.cs
index 8d993c15e..ff9fb7aa2 100644
--- a/crypto/test/src/test/ECEncodingTest.cs
+++ b/crypto/test/src/test/ECEncodingTest.cs
@@ -1,5 +1,4 @@
 using System;
-using System.IO;
 
 using NUnit.Framework;
 
@@ -7,6 +6,7 @@ using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Asn1.X9;
 using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Crypto.Operators;
 using Org.BouncyCastle.Crypto.Parameters;
 using Org.BouncyCastle.Math;
 using Org.BouncyCastle.Math.EC;
@@ -204,7 +204,6 @@ namespace Org.BouncyCastle.Tests
 				pubECKey = SetPublicUncompressed(pubECKey);
 			}
 
-			certGen.SetSignatureAlgorithm("ECDSAwithSHA1");
 			certGen.SetSerialNumber(BigInteger.One);
 			certGen.SetIssuerDN(new X509Name("CN=Software emul (EC Cert)"));
 			certGen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
@@ -212,7 +211,7 @@ namespace Org.BouncyCastle.Tests
 			certGen.SetSubjectDN(new X509Name("CN=Software emul (EC Cert)"));
 			certGen.SetPublicKey(pubECKey);
 
-			return certGen.Generate(privECKey);
+			return certGen.Generate(new Asn1SignatureFactory("ECDSAwithSHA1", privECKey, null));
 		}
 
 		private ECPublicKeyParameters SetPublicUncompressed(
diff --git a/crypto/test/src/test/GOST3410Test.cs b/crypto/test/src/test/GOST3410Test.cs
index 03dcf3144..fc439c4ee 100644
--- a/crypto/test/src/test/GOST3410Test.cs
+++ b/crypto/test/src/test/GOST3410Test.cs
@@ -6,6 +6,7 @@ using NUnit.Framework;
 using Org.BouncyCastle.Asn1.CryptoPro;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Crypto.Operators;
 using Org.BouncyCastle.Crypto.Parameters;
 using Org.BouncyCastle.Math;
 using Org.BouncyCastle.Math.EC;
@@ -260,16 +261,14 @@ namespace Org.BouncyCastle.Tests
             certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
             certGen.SetSubjectDN(new X509Name("CN=Test"));
             certGen.SetPublicKey(vKey);
-            certGen.SetSignatureAlgorithm("GOST3411withGOST3410");
-    
-            X509Certificate cert = certGen.Generate(sKey);
+
+            X509Certificate cert = certGen.Generate(new Asn1SignatureFactory("GOST3411withGOST3410", sKey, null));
             X509CertificateEntry certEntry = new X509CertificateEntry(cert);
 
-//	        ks.SetKeyEntry("gost", sKey, "gost".ToCharArray(), new X509Certificate[] { cert });
-            ks.SetKeyEntry("gost", new AsymmetricKeyEntry(sKey), new X509CertificateEntry[] { certEntry });
-    
+            ks.SetKeyEntry("gost", new AsymmetricKeyEntry(sKey), new X509CertificateEntry[]{ certEntry });
+
             MemoryStream bOut = new MemoryStream();
-    
+
             ks.Save(bOut, "gost".ToCharArray(), new SecureRandom());
     
 //	        ks = KeyStore.getInstance("JKS");
diff --git a/crypto/test/src/test/PkixPolicyMappingTest.cs b/crypto/test/src/test/PkixPolicyMappingTest.cs
index 47e2c3120..24fe4e006 100644
--- a/crypto/test/src/test/PkixPolicyMappingTest.cs
+++ b/crypto/test/src/test/PkixPolicyMappingTest.cs
@@ -6,6 +6,7 @@ using NUnit.Framework;
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Crypto.Operators;
 using Org.BouncyCastle.Crypto.Parameters;
 using Org.BouncyCastle.Math;
 using Org.BouncyCastle.Pkix;
@@ -41,9 +42,7 @@ namespace Org.BouncyCastle.Tests
 			v3CertGen.SetNotAfter(DateTime.UtcNow.AddDays(30));
 			v3CertGen.SetSubjectDN(new X509Name(subject));
 			v3CertGen.SetPublicKey(pubKey);
-			v3CertGen.SetSignatureAlgorithm("SHA1WithRSAEncryption");
-			X509Certificate cert = v3CertGen.Generate(privKey);
-			return cert;
+			return v3CertGen.Generate(new Asn1SignatureFactory("SHA1WithRSAEncryption", privKey, null));
 		}
 
 		/**
@@ -65,12 +64,10 @@ namespace Org.BouncyCastle.Tests
 			v3CertGen.SetNotAfter(DateTime.UtcNow.AddDays(30));
 			v3CertGen.SetSubjectDN(new X509Name(subject));
 			v3CertGen.SetPublicKey(pubKey);
-			v3CertGen.SetSignatureAlgorithm("SHA1WithRSAEncryption");
 			v3CertGen.AddExtension(X509Extensions.CertificatePolicies, true, new DerSequence(policies));
 			v3CertGen.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(true));
 			v3CertGen.AddExtension(X509Extensions.PolicyMappings, true, new PolicyMappings(policyMap));
-			X509Certificate cert = v3CertGen.Generate(caPrivKey);
-			return cert;
+			return v3CertGen.Generate(new Asn1SignatureFactory("SHA1WithRSAEncryption", caPrivKey, null));
 		}
 
 		/**
@@ -91,10 +88,8 @@ namespace Org.BouncyCastle.Tests
 			v3CertGen.SetNotAfter(DateTime.UtcNow.AddDays(30));
 			v3CertGen.SetSubjectDN(new X509Name(subject));
 			v3CertGen.SetPublicKey(pubKey);
-			v3CertGen.SetSignatureAlgorithm("SHA1WithRSAEncryption");
 			v3CertGen.AddExtension(X509Extensions.CertificatePolicies, true, new DerSequence(policies));
-			X509Certificate cert = v3CertGen.Generate(caPrivKey);
-			return cert;
+			return v3CertGen.Generate(new Asn1SignatureFactory("SHA1WithRSAEncryption", caPrivKey, null));
 		}
 
 		private string TestPolicies(
diff --git a/crypto/test/src/test/TestUtilities.cs b/crypto/test/src/test/TestUtilities.cs
index a79421207..63ca87873 100644
--- a/crypto/test/src/test/TestUtilities.cs
+++ b/crypto/test/src/test/TestUtilities.cs
@@ -1,9 +1,9 @@
 using System;
-using System.Diagnostics;
 
 using Org.BouncyCastle.Asn1;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Crypto.Operators;
 using Org.BouncyCastle.Math;
 using Org.BouncyCastle.Security;
 using Org.BouncyCastle.Security.Certificates;
@@ -30,23 +30,22 @@ namespace Org.BouncyCastle.Tests
 			return kpGen.GenerateKeyPair();
 		}
 
-		public static X509Certificate GenerateRootCert(
-			AsymmetricCipherKeyPair pair)
-		{
-			X509V1CertificateGenerator  certGen = new X509V1CertificateGenerator();
-
-			certGen.SetSerialNumber(BigInteger.One);
-			certGen.SetIssuerDN(new X509Name("CN=Test CA Certificate"));
-			certGen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
-			certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
-			certGen.SetSubjectDN(new X509Name("CN=Test CA Certificate"));
-			certGen.SetPublicKey(pair.Public);
-			certGen.SetSignatureAlgorithm("SHA256WithRSAEncryption");
-
-			return certGen.Generate(pair.Private);
-		}
-
-		public static X509Certificate GenerateIntermediateCert(
+        public static X509Certificate GenerateRootCert(
+            AsymmetricCipherKeyPair pair)
+        {
+            Asn1SignatureFactory signatureFactory = new Asn1SignatureFactory("SHA256WithRSAEncryption", pair.Private, null);
+
+            X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
+            certGen.SetSerialNumber(BigInteger.One);
+            certGen.SetIssuerDN(new X509Name("CN=Test CA Certificate"));
+            certGen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
+            certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
+            certGen.SetSubjectDN(new X509Name("CN=Test CA Certificate"));
+            certGen.SetPublicKey(pair.Public);
+            return certGen.Generate(signatureFactory);
+        }
+
+        public static X509Certificate GenerateIntermediateCert(
 			AsymmetricKeyParameter	intKey,
 			AsymmetricKeyParameter	caKey,
 			X509Certificate			caCert)
@@ -59,14 +58,13 @@ namespace Org.BouncyCastle.Tests
 			certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
 			certGen.SetSubjectDN(new X509Name("CN=Test Intermediate Certificate"));
 			certGen.SetPublicKey(intKey);
-			certGen.SetSignatureAlgorithm("SHA256WithRSAEncryption");
 
 			certGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert));
 			certGen.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(intKey));
 			certGen.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(0));
 			certGen.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyCertSign | KeyUsage.CrlSign));
 
-			return certGen.Generate(caKey);
+			return certGen.Generate(new Asn1SignatureFactory("SHA256WithRSAEncryption", caKey, null));
 		}
 
 		public static X509Certificate GenerateEndEntityCert(
@@ -82,14 +80,13 @@ namespace Org.BouncyCastle.Tests
 			certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50));
 			certGen.SetSubjectDN(new X509Name("CN=Test End Certificate"));
 			certGen.SetPublicKey(entityKey);
-			certGen.SetSignatureAlgorithm("SHA256WithRSAEncryption");
 
 			certGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert));
 			certGen.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(entityKey));
 			certGen.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
 			certGen.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyEncipherment));
 
-			return certGen.Generate(caKey);
+			return certGen.Generate(new Asn1SignatureFactory("SHA256WithRSAEncryption", caKey, null));
 		}
 
 		public static X509Crl CreateCrl(
@@ -99,20 +96,18 @@ namespace Org.BouncyCastle.Tests
 		{
 			X509V2CrlGenerator	crlGen = new X509V2CrlGenerator();
 			DateTime			now = DateTime.UtcNow;
-//			BigInteger			revokedSerialNumber = BigInteger.Two;
 
 			crlGen.SetIssuerDN(PrincipalUtilities.GetSubjectX509Principal(caCert));
 
 			crlGen.SetThisUpdate(now);
 			crlGen.SetNextUpdate(now.AddSeconds(100));
-			crlGen.SetSignatureAlgorithm("SHA256WithRSAEncryption");
 
 			crlGen.AddCrlEntry(serialNumber, now, CrlReason.PrivilegeWithdrawn);
 
 			crlGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert));
 			crlGen.AddExtension(X509Extensions.CrlNumber, false, new CrlNumber(BigInteger.One));
 
-			return crlGen.Generate(caKey);
+			return crlGen.Generate(new Asn1SignatureFactory("SHA256WithRSAEncryption", caKey, null));
 		}
 
 		public static X509Certificate CreateExceptionCertificate(
diff --git a/crypto/test/src/tsp/test/TSPTestUtil.cs b/crypto/test/src/tsp/test/TSPTestUtil.cs
index c8c6a63c0..20eb7e228 100644
--- a/crypto/test/src/tsp/test/TSPTestUtil.cs
+++ b/crypto/test/src/tsp/test/TSPTestUtil.cs
@@ -12,6 +12,7 @@ using Org.BouncyCastle.Asn1.TeleTrust;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Asn1.X9;
 using Org.BouncyCastle.Crypto;
+using Org.BouncyCastle.Crypto.Operators;
 using Org.BouncyCastle.Crypto.Parameters;
 using Org.BouncyCastle.Math;
 using Org.BouncyCastle.Security;
@@ -350,7 +351,6 @@ namespace Org.BouncyCastle.Tsp.Tests
 			_v3CertGen.SetNotAfter(DateTime.UtcNow.AddDays(100));
 			_v3CertGen.SetSubjectDN(new X509Name(_subDN));
 			_v3CertGen.SetPublicKey(_subPub);
-			_v3CertGen.SetSignatureAlgorithm("MD5WithRSAEncryption");
 
 			_v3CertGen.AddExtension(X509Extensions.SubjectKeyIdentifier, false,
 					createSubjectKeyId(_subPub));
@@ -369,9 +369,10 @@ namespace Org.BouncyCastle.Tsp.Tests
 					ExtendedKeyUsage.GetInstance(new DerSequence(KeyPurposeID.IdKPTimeStamping)));
 			}
 
-			X509Certificate _cert = _v3CertGen.Generate(_issPriv);
+            X509Certificate _cert = _v3CertGen.Generate(
+				new Asn1SignatureFactory("MD5WithRSAEncryption", _issPriv, null));
 
-			_cert.CheckValidity(DateTime.UtcNow);
+            _cert.CheckValidity(DateTime.UtcNow);
 			_cert.Verify(_issPub);
 
 			return _cert;
diff --git a/crypto/test/src/x509/test/TestCertificateGen.cs b/crypto/test/src/x509/test/TestCertificateGen.cs
index 491f6d312..33ddc26c0 100644
--- a/crypto/test/src/x509/test/TestCertificateGen.cs
+++ b/crypto/test/src/x509/test/TestCertificateGen.cs
@@ -1,12 +1,12 @@
 using System;
 using System.Collections;
-using System.Text;
 
 using NUnit.Framework;
 
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Asn1.X9;
 using Org.BouncyCastle.Crypto.Digests;
+using Org.BouncyCastle.Crypto.Operators;
 using Org.BouncyCastle.Crypto.Parameters;
 using Org.BouncyCastle.Crypto.Signers;
 using Org.BouncyCastle.Math;
@@ -104,12 +104,11 @@ namespace Org.BouncyCastle.X509.Tests
 			certGen.SetNotAfter(DateTime.UtcNow.AddDays(1));
             certGen.SetSubjectDN(new X509Name(ord, attrs));
             certGen.SetPublicKey(rsaPublic);
-            certGen.SetSignatureAlgorithm("MD5WithRSAEncryption");
 
-			X509Certificate cert = certGen.Generate(rsaPrivate);
+            X509Certificate cert = certGen.Generate(new Asn1SignatureFactory("MD5WithRSAEncryption", rsaPrivate, null));
 
-//			Assert.IsTrue((cert.IsValidNow && cert.Verify(rsaPublic)),"Certificate failed to be valid (RSA)");
-			cert.CheckValidity();
+            //Assert.IsTrue((cert.IsValidNow && cert.Verify(rsaPublic)),"Certificate failed to be valid (RSA)");
+            cert.CheckValidity();
 			cert.Verify(rsaPublic);
 
 			//Console.WriteLine(ASN1Dump.DumpAsString(cert.ToAsn1Object()));
@@ -181,12 +180,11 @@ namespace Org.BouncyCastle.X509.Tests
 			certGen.SetNotAfter(DateTime.UtcNow.AddDays(1));
             certGen.SetSubjectDN(new X509Name(ord, attrs));
             certGen.SetPublicKey(dsaPub);
-            certGen.SetSignatureAlgorithm("SHA1WITHDSA");
 
-            X509Certificate cert = certGen.Generate(dsaPriv);
+            X509Certificate cert = certGen.Generate(new Asn1SignatureFactory("SHA1WITHDSA", dsaPriv, null));
 
-//			Assert.IsTrue((cert.IsValidNow && cert.Verify(dsaPub)), "Certificate failed to be valid (DSA Test)");
-			cert.CheckValidity();
+            //Assert.IsTrue((cert.IsValidNow && cert.Verify(dsaPub)), "Certificate failed to be valid (DSA Test)");
+            cert.CheckValidity();
 			cert.Verify(dsaPub);
 
             //ISet dummySet = cert.GetNonCriticalExtensionOids();
@@ -262,14 +260,13 @@ namespace Org.BouncyCastle.X509.Tests
             certGen.SetNotAfter(DateTime.UtcNow.AddDays(1));
             certGen.SetSubjectDN(new X509Name(ord, attrs));
             certGen.SetPublicKey(ecPub);
-            certGen.SetSignatureAlgorithm("SHA1WITHECDSA");
 
             certGen.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
 
-            X509Certificate cert = certGen.Generate(ecPriv);
+            X509Certificate cert = certGen.Generate(new Asn1SignatureFactory("SHA1WITHECDSA", ecPriv, null));
 
-//            Assert.IsTrue((cert.IsValidNow && cert.Verify(ecPub)), "Certificate failed to be valid (ECDSA)");
-			cert.CheckValidity();
+            //Assert.IsTrue((cert.IsValidNow && cert.Verify(ecPub)), "Certificate failed to be valid (ECDSA)");
+            cert.CheckValidity();
 			cert.Verify(ecPub);
 
             ISet extOidSet = cert.GetCriticalExtensionOids();