messageDigest
CMS signed attribute that binds the signature to the content's digest.
Definition
In a SignedData structure, when SignedAttributes are present, the messageDigest attribute (OID 1.2.840.113549.1.9.4) must hold the digest of the content (eContent). That attribute set is what is actually signed; the verifier recomputes the digest and compares it to messageDigest before validating the signature. It underpins S/MIME and CAdES signatures.
Origin
Defined in RFC 5652 (Cryptographic Message Syntax, IETF STD 70), which obsoletes RFC 3852; the attribute originates in the PKCS #9 specifications.
Example in context
SignedAttributes ::= { contentType, signingTime, messageDigest (SHA-256 of eContent) } ; SignerInfo signs this DER.