[openssl-users] rsaOAEP OID in X509 certificate
Ken Goldman
kgoldman at us.ibm.com
Wed Aug 8 17:20:50 UTC 2018
1 - If you are trying to extract the public key, X509_get_pubkey() won't
work. I have sample code to do it. Let me know if you want the
complete function.
Basically:
X509_get_X509_PUBKEY
X509_PUBKEY_get0_param
d2i_RSAPublicKey
2 - If you are trying to verify a certificate chain, it does not work
with openssl 1.1. You have to stay at 1.0 until someone (perhaps me)
submits a fix.
~~~~~~~~~~~~~
BTW, the only time I ever saw rsaAOEP was for TPM 1.2 EK certificates.
If you're working with the TPM, I can supply a lot of sample code.
On 8/8/2018 12:01 PM, Stephane van Hardeveld wrote:
> Hello all,
>
> By default, if I create an X 509 certificate with a public key in it, the
> object identifier is rsaEncyption (1.2.840.113549.1.1.1). Is it possible to
> specify a different object identifier, e.g. rsaOAEP (1.2.840.113549.1.1.7)?
> I looked into the various EVP_PKEY and EVP_PKEY_CTX functions, and other
> places in code, but the only place this object ID is specified is in
> obj_dat.h, and not used anywhere else (as far as I can see...)
>
> Regards,
> Stephane van Hardeveld
>
More information about the openssl-users
mailing list