[openssl-users] X509 certificate algorithm

Ken Goldman kgoldman at us.ibm.com
Wed Apr 25 16:58:49 UTC 2018

On 08/16/12 09:33, Dr. Stephen Henson wrote:
> On Thu, Aug 16, 2012, Kenneth Goldman wrote:
>> I call these:
>> d2i_X509()
>> X509_print_fp()
>> which calls
>>          pkey_set_type()
>>                  EVP_PKEY_asn1_find()
>> and that call fails.
>> I've traced the following error down to the rsaOAEP algorithm, which has a
>> nid of 919.  I've included both the openssl and dumpasn1 dump of the
>> X509 certificate.  Am I doing something wrong in openssl, or is there
>> a problem with the certificate?  I tried certificates from two
>> vendors, and they both fail at the same point.
> Well the problem is that OpenSSL doesn't currently support OAEP certificates.
> I've never come across one so if you could send an example that would be
> useful.

I'm back working with these certificates and find that it still fails 
with the latest openssl.

Another user has apparently hit the same issue.


Is there any chance of rsaOAEP being supported?

These are TPM 1.2 endorsement key certificates and there are 
(unfortunately) 100M's of them shipped.

More information about the openssl-users mailing list