[openssl-users] rsaOAEP OID in X509 certificate
Hubert Kario
hkario at redhat.com
Mon Aug 13 14:18:52 UTC 2018
On Thursday, 9 August 2018 22:01:25 CEST Viktor Dukhovni wrote:
> > On Aug 9, 2018, at 3:21 PM, Stephane van Hardeveld
> > <stephane at codingwizard.nl> wrote:
> >
> > The certificate is signed with PSS. However, I try to indicate that the
> > public key enclosed IN the certificate should be used with the OAEP
> > padding
> > mode while decrypting a separate message
>
> Keys in X.509 certiificates are mostly used for signing (e.g. TLS with
> DHE or ECDHE key agreement). But I guess you could mint an encryption-only
> certificate that is not useful for signing, and use it exclusively for
> key wrapping. I don't know whether marking the key as an RSA-OAEP key
> would then have the effect of restricting its usage by various libraries
> to OAEP.
it would, they would barf up just like they are barfing up while noticing rsa-
pss OID in SPKI
> More typically (e.g. IN CMS), the fact that OAEP was used to encrypt
> the message is part of the message metadata, and so decryption will
> automatically use OAEP when it is was explicitly selected at the time
> the message was created. Thus OAEP is baked into the message, rather
> than the certificate.
the point is to have a certificate that can not be used for Bleichenbacher
attacks, and for it it needs to be baked into certificate
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180813/a7766e89/attachment.sig>
More information about the openssl-users
mailing list