[openssl-users] RSA-PSS Certificate
Steven Madwin
smadwin at adobe.com
Thu Oct 26 01:30:09 UTC 2017
Starting with the definition of the subjectPublicKeyInfo from RFC 5280,
Section 4.1 - Basic Certificate fields we see that the entry contains two
items:
SubjectPublicKeyInfo ::= SEQUENCE {
algorithm AlgorithmIdentifier,
subjectPublicKey BIT STRING }
In RFC 4055 - Additional Algorithms and Identifiers for RSA Cryptography for
use in the Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile, Section 3 it states, "CAs that
use the RSASSA-PSS algorithm for signing certificates SHOULD include
RSASSA-PSS-params in the subjectPublicKeyInfo algorithm parameters in their
own certificates."
This all leads to me wondering if anyone is aware if there is a plan afoot
to add the option of including the RSA-PSS params as a third item in the
Subject Public Key Info entry in a future version of OpenSSL?
Thanks,
Steve
Steven Madwin
Software QA Engineer
Adobe Systems Incorporated
345 Park Avenue, MS-W15
San Jose, CA 95110-2704 USA
Phone: 408.536.4343
Fax: 408.536.6024
<mailto:Steven.Madwin at adobe.com> Steven.Madwin at adobe.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171026/241154ff/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 1089 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171026/241154ff/attachment-0002.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.gif
Type: image/gif
Size: 1200 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171026/241154ff/attachment-0003.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5451 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171026/241154ff/attachment-0001.bin>
More information about the openssl-users
mailing list