Json Web Keys again

Matt Caswell matt at openssl.org
Tue Dec 3 17:04:40 UTC 2019

On 03/12/2019 16:59, Angus Robertson - Magenta Systems Ltd wrote:
>>> I create an RSA JWK using EVP_PKEY_get1_RSA and RSA_get0_key, 
>>> but this  does not work for RSA-PSS.
>> In what way does this not work?
> error:0607907F:digital envelope routines: EVP_PKEY_get0_RSA:expecting
> an rsa key

Hmm. That is odd because that function *does* support PSS:

RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey)
    if (pkey->type != EVP_PKEY_RSA && pkey->type != EVP_PKEY_RSA_PSS) {
        return NULL;
    return pkey->pkey.rsa;

What does EVP_PKEY_base_id() return for your pkey? How did you create it?


>> I notice that 3.0 recently had the accessor RSA_get0_pss_params()
>> added. Probably that should also have been backported to 1.1.1.
> Others have asked for that here before, so please.  But I don't need it
> for JWK. 
> Angus

More information about the openssl-users mailing list