[openssl-dev] Bug: digest parameter is rejected
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Mon Sep 18 19:00:26 UTC 2017
On 9/18/17, 14:50, "openssl-dev on behalf of Douglas E Engert" <openssl-dev-bounces at openssl.org on behalf of deengert at gmail.com> wrote:
Can you also add -pkeyopt rsa_oaep_md:sah256
See crypto/rsa/rsa_pmeth.c pkey_rsa_ctrl_str for the options.
There is also rsa_oaep_label
Thank you!! That saved the day:
$ ~/openssl-1.1/bin/openssl pkeyutl -encrypt -in t1264.dat -out t1264.dat.enc2.oaep -keyform DER -pubin -inkey rsa3072pub.der -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_mgf1_md:sha256
$ ~/openssl-1.1/bin/openssl pkeyutl -encrypt -in t1264.dat -out t1264.dat.enc2.oaep -keyform DER -pubin -inkey rsa3072pub.der -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_mgf1_md:sha256 -pkeyopt rsa_oaep_md:sha256
$ yhsm2-tool --decrypt -m RSA-PKCS-OAEP --id 0301 -i t1264.dat.enc2.oaep -o t1264.dat.dec2 --hash-algorithm SHA256
Using slot 0 with a present token (0x0)
Logging in to "YubiHSM".
Please enter User PIN:
Using decrypt algorithm RSA-PKCS-OAEP
OAEP parameters: hashAlg=SHA256, mgf=MGF1-SHA256, source_type=0, source_ptr=0x0, source_len=0
$ cmp t1264.dat t1264.dat.dec2
$
Where can I see the complete list of the options that “-pkeyopt” supports now?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5211 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20170918/5a360304/attachment-0001.bin>
More information about the openssl-dev
mailing list