Json Web Keys again

Matt Caswell matt at openssl.org
Tue Dec 3 16:43:41 UTC 2019

On 03/12/2019 16:29, Angus Robertson - Magenta Systems Ltd wrote:
> Google has started using RSA-PSS private keys for Json Web Keys.  
> I create an RSA JWK using EVP_PKEY_get1_RSA and RSA_get0_key, but this
> does not work for RSA-PSS.

In what way does this not work?

Perhaps you are missing access to the PSS parameters? I notice that 3.0
recently had the accessor RSA_get0_pss_params() added. Probably that
should also have been backported to 1.1.1.

> Are there any other workarounds?  Is RSA-PSS fully supported in 3.0?

Aside from the possible missing accessor (which looks like a bug), its
fully supported in 1.1.1.


More information about the openssl-users mailing list