[openssl-users] rsaOAEP OID in X509 certificate
Stephane van Hardeveld
stephane at codingwizard.nl
Thu Aug 9 19:21:58 UTC 2018
> -----Original Message-----
> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf
> Of Viktor Dukhovni
> Sent: donderdag 9 augustus 2018 21:05
> To: openssl-users at openssl.org
> Subject: Re: [openssl-users] rsaOAEP OID in X509 certificate
>
>
>
> > On Aug 8, 2018, at 12:01 PM, Stephane van Hardeveld
> <stephane at codingwizard.nl> wrote:
> >
> > By default, if I create an X 509 certificate with a public key in it,
the
> > object identifier is rsaEncyption (1.2.840.113549.1.1.1). Is it possible
to
> > specify a different object identifier, e.g. rsaOAEP
(1.2.840.113549.1.1.7)?
> > I looked into the various EVP_PKEY and EVP_PKEY_CTX functions, and
> other
> > places in code, but the only place this object ID is specified is in
> > obj_dat.h, and not used anywhere else (as far as I can see...)
>
> This request is a bit puzzling, since OAEP is a padding mode for RSA
> *encryption*, not RSA signatures. For the latter, once typically
> goes with PSS if one wants a more modern signature scheme.
>
> OpenSSL supports OAEP for RSA encryption (e.g. in CMS), but in X.509,
> where the task at hand is signing... So it is not clear that what
> you're looking for makes sense.
>
> --
> Viktor.
>
Hi Victor,
The certificate is signed with PSS. However, I try to indicate that the
public key enclosed IN the certificate should be used with the OAEP padding
mode while decrypting a separate message
Regards,
Stephane
More information about the openssl-users
mailing list