[openssl-users] rsaOAEP OID in X509 certificate
hkario at redhat.com
Mon Aug 13 14:18:52 UTC 2018
On Thursday, 9 August 2018 22:01:25 CEST Viktor Dukhovni wrote:
> > On Aug 9, 2018, at 3:21 PM, Stephane van Hardeveld
> > <stephane at codingwizard.nl> wrote:
> > The certificate is signed with PSS. However, I try to indicate that the
> > public key enclosed IN the certificate should be used with the OAEP
> > padding
> > mode while decrypting a separate message
> Keys in X.509 certiificates are mostly used for signing (e.g. TLS with
> DHE or ECDHE key agreement). But I guess you could mint an encryption-only
> certificate that is not useful for signing, and use it exclusively for
> key wrapping. I don't know whether marking the key as an RSA-OAEP key
> would then have the effect of restricting its usage by various libraries
> to OAEP.
it would, they would barf up just like they are barfing up while noticing rsa-
pss OID in SPKI
> More typically (e.g. IN CMS), the fact that OAEP was used to encrypt
> the message is part of the message metadata, and so decryption will
> automatically use OAEP when it is was explicitly selected at the time
> the message was created. Thus OAEP is baked into the message, rather
> than the certificate.
the point is to have a certificate that can not be used for Bleichenbacher
attacks, and for it it needs to be baked into certificate
Senior Quality Engineer, QE BaseOS Security team
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: This is a digitally signed message part.
More information about the openssl-users