[openssl-users] rsaOAEP OID in X509 certificate
Viktor Dukhovni
openssl-users at dukhovni.org
Tue Aug 14 21:16:15 UTC 2018
> On Aug 14, 2018, at 4:55 PM, Stephane van Hardeveld <stephane at codingwizard.nl> wrote:
>
> If I would try this endeavour, what would be the best interface to set this?
> For creation, use the EVP_PKEY type with the EVP_PKEY_CTX, and set
> attributes there?
You'll need a new EVP_PKEY type that is mostly like RSA, but specialized
for OAEP.
> Something like:
> res = X509_set_pubkey(cert, contentKey);
> EVP_DigestSignInit(ctx, &pkey_ctx, EVP_sha256(), NULL, contentKey);
> EVP_PKEY_encrypt_init(pkey_ctx);
> EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_OAEP_PADDING);
> EVP_PKEY_CTX_set_signature_md(pkey_ctx, EVP_sha256());
Nothing in EVP_PKEY_CTX has any effect on the key. The data flow
is in the other direction. Different key types lead to different
EVP_PKEY_CTX objects that are used to process data with that key.
--
Viktor.
More information about the openssl-users
mailing list