[openssl-users] rsaOAEP OID in X509 certificate

Hubert Kario hkario at redhat.com
Mon Aug 13 14:18:52 UTC 2018

On Thursday, 9 August 2018 22:01:25 CEST Viktor Dukhovni wrote:
> > On Aug 9, 2018, at 3:21 PM, Stephane van Hardeveld
> > <stephane at codingwizard.nl> wrote:
> > 
> > The certificate is signed with PSS. However, I try to indicate that the
> > public key enclosed IN the certificate should be used with the OAEP
> > padding
> > mode while decrypting a separate message
> Keys in X.509 certiificates are mostly used for signing (e.g. TLS with
> DHE or ECDHE key agreement).  But I guess you could mint an encryption-only
> certificate that is not useful for signing, and use it exclusively for
> key wrapping.  I don't know whether marking the key as an RSA-OAEP key
> would then have the effect of restricting its usage by various libraries
> to OAEP.

it would, they would barf up just like they are barfing up while noticing rsa-
pss OID in SPKI

> More typically (e.g. IN CMS), the fact that OAEP was used to encrypt
> the message is part of the message metadata, and so decryption will
> automatically use OAEP when it is was explicitly selected at the time
> the message was created.  Thus OAEP is baked into the message, rather
> than the certificate.

the point is to have a certificate that can not be used for Bleichenbacher 
attacks, and for it it needs to be baked into certificate

Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180813/a7766e89/attachment.sig>

More information about the openssl-users mailing list