[openssl-users] rsaOAEP OID in X509 certificate

Stephane van Hardeveld stephane at codingwizard.nl
Thu Aug 9 08:14:30 UTC 2018

Hi Ken,

I am trying to do two thing:
1: Generate X 509 certificates, with RSA-PSS signing, with different Hashing
and Masking (SHA1 and SHA256), including an RSA Public key as content. This
RSA 'content key' should specify it will be used for RSA-OAEP decryption.
2: Verify X 509 certificates, produced by other tools, which have the same

Currently, I am able to:
- create a X 509 certificate with the different hashing and masking
algorithms, but only with standard RSA Encryption OID. Verification of these
certificates succeeds, and X509_get_pubkey() works as expected
- Verify a X 509 certificate which is generated by a different tool, with
SHA256 hashing and masking and RSA OAEP OID. Verification succeeds, but
indeed, X509_get_pubkey fails (unknown algorithm I believe). I am able to
retrieve the public key via 
	ASN1_BIT_STRING *asnPubKey = X509_get0_pubkey_bitstr(x);
	unsigned char* pblob = asnPubKey->data;
And then parsing the ASN myself. Will test your solution as well, seems a
bit more robust ;-)

One other thing I encountered: if wincrypt is used as certificate generator,
it creates a valid certificate when using SHA1 as hashing and masking
algorithm, but the signing seems to go wrong: openssl X509_verify reports
'first octet invalid'. Any idea if this is an issue with wincrypt? If using
SHA256 as hashing and masking, the resulting ASN is invalid (sizes are not
correct), openssl still can read it, and still reports the same 'first octet
invalid' error.
Verification of the signing itself is than already ok, right?


> -----Original Message-----
> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf
> Of Ken Goldman
> Sent: woensdag 8 augustus 2018 19:21
> To: openssl-users at openssl.org
> Subject: Re: [openssl-users] rsaOAEP OID in X509 certificate
> 1 - If you are trying to extract the public key, X509_get_pubkey() won't
> work.  I have sample code to do it.  Let me know if you want the
> complete function.
> Basically:
> 	X509_get_X509_PUBKEY
> 	X509_PUBKEY_get0_param
> 	d2i_RSAPublicKey
> 2 - If you are trying to verify a certificate chain, it does not work
> with openssl 1.1.  You have to stay at 1.0 until someone (perhaps me)
> submits a fix.
> ~~~~~~~~~~~~~
> BTW, the only time I ever saw rsaAOEP was for TPM 1.2 EK certificates.
> If you're working with the TPM, I can supply a lot of sample code.
> On 8/8/2018 12:01 PM, Stephane van Hardeveld wrote:
> > Hello all,
> >
> > By default, if I create an X 509 certificate with a public key in it,
> > object identifier is rsaEncyption (1.2.840.113549.1.1.1). Is it possible
> > specify a different object identifier, e.g. rsaOAEP
> > I looked into the various EVP_PKEY and EVP_PKEY_CTX functions, and
> other
> > places in code, but the only place this object ID is specified is in
> > obj_dat.h, and not used anywhere else (as far as I can see...)
> >
> > Regards,
> > Stephane van Hardeveld
> >
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

More information about the openssl-users mailing list