[openssl-users] rsaOAEP OID in X509 certificate

Ken Goldman kgoldman at us.ibm.com
Wed Aug 8 17:20:50 UTC 2018

1 - If you are trying to extract the public key, X509_get_pubkey() won't 
work.  I have sample code to do it.  Let me know if you want the 
complete function.



2 - If you are trying to verify a certificate chain, it does not work 
with openssl 1.1.  You have to stay at 1.0 until someone (perhaps me) 
submits a fix.


BTW, the only time I ever saw rsaAOEP was for TPM 1.2 EK certificates. 
If you're working with the TPM, I can supply a lot of sample code.

On 8/8/2018 12:01 PM, Stephane van Hardeveld wrote:
> Hello all,
> By default, if I create an X 509 certificate with a public key in it, the
> object identifier is rsaEncyption (1.2.840.113549.1.1.1). Is it possible to
> specify a different object identifier, e.g. rsaOAEP (1.2.840.113549.1.1.7)?
> I looked into the various EVP_PKEY and EVP_PKEY_CTX functions, and other
> places in code, but the only place this object ID is specified is in
> obj_dat.h, and not used anywhere else (as far as I can see...)
> Regards,
> Stephane van Hardeveld

More information about the openssl-users mailing list