[openssl-users] rsaOAEP OID in X509 certificate
Stephane van Hardeveld
stephane at codingwizard.nl
Thu Aug 9 18:43:16 UTC 2018
> -----Original Message-----
> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf
> Of Ken Goldman
> Sent: donderdag 9 augustus 2018 18:52
> To: openssl-users at openssl.org
> Subject: Re: [openssl-users] rsaOAEP OID in X509 certificate
>
> On 8/9/2018 10:51 AM, Stephane van Hardeveld wrote:
> >
> > I will discuss this, but as far as I understand, these OID are allowed
by
> > the X 509 standard:
> > 4.1.2.7. Subject Public Key Info
> >
> > [snip]
> >
> > And in rfc4055, 4.1
> >
> > Openssl is capable of parsing it, only retrieving it gives an error on
> > unknown algorithm (which is correct, since only rsaEncryption OID is
> > recognized). Java I did not try yet, but the online ASN.1 parsers were
also
> > capable of decoding it, see enclosed png.
>
> I understand that the X509 standard permits it.
>
> However, I'm looking at the practical side - crypto libraries.
>
> If openssl, Java, etc. can't use the results, and a typical CA can't
> create the certificate, then you require custom code.
>
> The drawback is that custom code, especially DER parsing code, is a
> security risk. It's hard to get correct when facing an attacker sending
> malformed certificates.
>
> You have to decide whether the benefit to this "meets the X509 standard
> but isn't supported" OID is worth the potential for an exploitable bug.
>
Ah, yes. The practical world. Always a bummer.
But good point anyways.
Thanks for shedding some light on this issue
Regards,
Stephane
More information about the openssl-users
mailing list