Using RSA-PSS in OpenSSL 1.1.1b

Tobias Nießen tniessen at
Mon Mar 25 23:25:21 UTC 2019


I am using OpenSSL 1.1.1b and I have two questions regarding RSA-PSS. I 
am using the following command to generate the private key:

     openssl genpkey -algorithm RSA-PSS -pkeyopt rsa_keygen_bits:2048 
-pkeyopt rsa_keygen_pubexp:65537 -pkeyopt rsa_pss_keygen_md:sha256 
-pkeyopt rsa_pss_keygen_mgf1_md:sha256 -pkeyopt 
rsa_pss_keygen_saltlen:16 -out rsa_pss_private_2048_restricted.pem

This works, but I am unsure how to produce the corresponding public key 
using the openssl CLI, it would be great if someone could give me some 

I also need to access the key restrictions (MD / MGF1 MD / salt length) 
given only a pointer to the EVP_PKEY structure. I understand that the 
information is stored in the RSA_PSS_PARAMS structure. How do I access 
the restrictions using the public API?

Thanks in advance!

More information about the openssl-users mailing list