diff --git a/crypto/src/cms/CMSSignedDataGenerator.cs b/crypto/src/cms/CMSSignedDataGenerator.cs
index f2676a4409..ba719d7149 100644
--- a/crypto/src/cms/CMSSignedDataGenerator.cs
+++ b/crypto/src/cms/CMSSignedDataGenerator.cs
@@ -88,7 +88,8 @@ internal SignerInf(
                 this.sigCalc = sigCalc;
                 this.signerIdentifier = signerIdentifier;
                 this.digestOID = new DefaultDigestAlgorithmIdentifierFinder().find((AlgorithmIdentifier)sigCalc.AlgorithmDetails).Algorithm.Id;
-                this.encOID = ((AlgorithmIdentifier)sigCalc.AlgorithmDetails).Algorithm.Id;
+                this.encOID = Helper.FindEncryptionAlgOID((AlgorithmIdentifier)sigCalc.AlgorithmDetails);
+                
                 this.sAttr = sAttr;
                 this.unsAttr = unsAttr;
                 this.baseSignedTable = baseSignedTable;
diff --git a/crypto/src/cms/CMSSignedHelper.cs b/crypto/src/cms/CMSSignedHelper.cs
index 3fb3cee26a..2004908a2d 100644
--- a/crypto/src/cms/CMSSignedHelper.cs
+++ b/crypto/src/cms/CMSSignedHelper.cs
@@ -127,7 +127,16 @@ static CmsSignedHelper()
             ecAlgorithms.Add(CmsSignedGenerator.DigestSha512, EncryptionECDsaWithSha512);
     }
 
-		/**
+        internal string FindEncryptionAlgOID(AlgorithmIdentifier algorithmDetails)
+        {
+            string algName = (string)encryptionAlgs[algorithmDetails.Algorithm.Id];
+            if ("RSA" == algName)
+                return CmsSignedGenerator.EncryptionRsa;    /* this strips off the digest algorithm */
+            else
+                return algorithmDetails.Algorithm.Id;
+        }
+
+        /**
         * Return the digest algorithm using one of the standard JCA string
         * representations rather than the algorithm identifier (if possible).
         */