[openssl-users] rsaOAEP OID in X509 certificate

Stephane van Hardeveld stephane at codingwizard.nl
Thu Aug 9 19:21:58 UTC 2018

> -----Original Message-----
> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf
> Of Viktor Dukhovni
> Sent: donderdag 9 augustus 2018 21:05
> To: openssl-users at openssl.org
> Subject: Re: [openssl-users] rsaOAEP OID in X509 certificate
> > On Aug 8, 2018, at 12:01 PM, Stephane van Hardeveld
> <stephane at codingwizard.nl> wrote:
> >
> > By default, if I create an X 509 certificate with a public key in it,
> > object identifier is rsaEncyption (1.2.840.113549.1.1.1). Is it possible
> > specify a different object identifier, e.g. rsaOAEP
> > I looked into the various EVP_PKEY and EVP_PKEY_CTX functions, and
> other
> > places in code, but the only place this object ID is specified is in
> > obj_dat.h, and not used anywhere else (as far as I can see...)
> This request is a bit puzzling, since OAEP is a padding mode for RSA
> *encryption*, not RSA signatures.  For the latter, once typically
> goes with PSS if one wants a more modern signature scheme.
> OpenSSL supports OAEP for RSA encryption (e.g. in CMS), but in X.509,
> where the task at hand is signing...  So it is not clear that what
> you're looking for makes sense.
> --
> 	Viktor.
Hi Victor,

The certificate is signed with PSS. However, I try to indicate that the
public key enclosed IN the certificate should be used with the OAEP padding
mode while decrypting a separate message


More information about the openssl-users mailing list