The SignerInfo::makeSigAlg method tries its best to recover the signature algorithm from legacy PKCS7 SignerInfo type where the signatureAlgorithm field was named encryptionAlgorithm and could be either RSA or SHA1withRSA. On the other hand, if it's a modern algorithm not yet known by the JDK (but known by a 3rd party security provider), a strange name like SHA1withSIGALG is returned. The signatureAlgorithm should have been returned directly.