[openssl-users] RSA-PSS Param File

Steven Madwin smadwin at adobe.com
Mon Mar 12 21:49:47 UTC 2018 


Hi All,

 

My ultimate goal is to generate an RSA-PSS key that will have the PSS
parameters in the subjectPublicKey section of the TBSCertificate. In order
to do that the first need is a paramfile. Here's the command being used to
to generate the parameter file:

 

OpenSSL> genpkey -genparam -paramfile .\pem\rsapssParams.pem -pkeyopt
rsa_keygen_bits:2048 -pkeyopt rsa_pss_keygen_md:sha256 -pkeyopt
rsa_pss_keygen_mgf1_md:sha256 -pkeyopt rsa_pss_keygen_saltlen:120

 

But, it returns the error:

NB: options order may be important!  See the manual page.

error in genpkey

 

The genpkey man page says for the -genparam option, "If used this option
must precede any -algorithm, -paramfile or -pkeyopt options.

With regard to the -paramfile option it says, "If used this option must
precede any -pkeyopt options.

 

Thus, with -genparam first followed by the -paramfile option and capped off
with the -pkeyopt options it looks to me that the order is correct.

 

If anyone has any enlightenment for me I'd be eternally grateful. 

 

Thanks,

Steve

 

 




 

Steven Madwin

Software QA Engineer

Adobe Systems Incorporated

345 Park Avenue, MS-W15

San Jose, CA 95110-2704 USA

Phone:   408.536.4343

Fax:         408.536.6024

 <mailto:Steven.Madwin at adobe.com> Steven.Madwin at adobe.com

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180312/02fd31d8/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 1089 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180312/02fd31d8/attachment-0002.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.gif
Type: image/gif
Size: 1200 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180312/02fd31d8/attachment-0003.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5451 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180312/02fd31d8/attachment-0001.bin>

More information about the openssl-users mailing list