[openssl-users] RSA-PSS Certificate

Steven Madwin smadwin at adobe.com
Thu Oct 26 05:32:08 UTC 2017

Thanks. Now all I need to do is figure out what parameter to pass the req or
ca command to get the get the subject key info to accept the new algorithm.

-----Original Message-----
From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of
Jakob Bohm
Sent: Wednesday, October 25, 2017 6:49 PM
To: openssl-users at openssl.org
Subject: Re: [openssl-users] RSA-PSS Certificate

On 26/10/2017 03:30, Steven Madwin via openssl-users wrote:
> Starting with the definition of the subjectPublicKeyInfo from RFC 
> 5280, Section 4.1 – Basic Certificate fields we see that the entry 
> contains two items:
> SubjectPublicKeyInfo ::= SEQUENCE {
> algorithm AlgorithmIdentifier,
> subjectPublicKey BIT STRING }
> In RFC 4055 - Additional Algorithms and Identifiers for RSA 
> Cryptography for use in the Internet X.509 Public Key Infrastructure 
> Certificate and Certificate Revocation List (CRL) Profile, Section 3 
> it states, “CAs that use the RSASSA-PSS algorithm for signing 
> certificates SHOULD include RSASSA-PSS-params in the 
> subjectPublicKeyInfo algorithm parameters in their own certificates.”
> This all leads to me wondering if anyone is aware if there is a plan 
> afoot to add the option of including the RSA-PSS params as a third 
> item in the Subject Public Key Info entry in a future version of OpenSSL?

In the X.509 standard, "AlgorithmIdentifier" is itself a structure (see for
example RFC5280 section  The RSASSA-PSS-params is the second
element of that structure.  See RFC4055 section 6 for some (bad) examples of
AlgorithmIdentifier values, such as

rSASSA-PSS-SHA512-Identifier  AlgorithmIdentifier  ::=  {
                               algorithm id-RSASSA-PSS,
                               parameters rSSASSA-PSS-SHA512-params }

rSSASSA-PSS-SHA512-params RSASSA-PSS-params ::= {
                               hashAlgorithm sha512Identifier,
                               maskGenAlgorithm mgf1SHA512Identifier,
                               saltLength 20,
                               trailerField 1  }

-- Note: The saltLength should be 64, not 20, for
--    rSSASSA-PSS-SHA512-param, see RFC4055 section 3.1


Jakob Bohm, CIO, Partner, WiseMo A/S.
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10 This public
discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

openssl-users mailing list
To unsubscribe:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5451 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171026/1220efbc/attachment.bin>

More information about the openssl-users mailing list