Using RSA-PSS in OpenSSL 1.1.1b

Viktor Dukhovni openssl-users at dukhovni.org
Tue Mar 26 00:29:10 UTC 2019 

On Tue, Mar 26, 2019 at 12:25:21AM +0100, Tobias Nießen wrote:

> I am using OpenSSL 1.1.1b and I have two questions regarding RSA-PSS. I 
> am using the following command to generate the private key:
> 
>  $ openssl genpkey -algorithm RSA-PSS -pkeyopt rsa_keygen_bits:2048 \
>    -pkeyopt rsa_keygen_pubexp:65537 -pkeyopt rsa_pss_keygen_md:sha256 \
>    -pkeyopt rsa_pss_keygen_mgf1_md:sha256 -pkeyopt \
>    rsa_pss_keygen_saltlen:16 -out rsa_pss_private_2048_restricted.pem
> 
> This works, but I am unsure how to produce the corresponding public key 
> using the openssl CLI, it would be great if someone could give me some 
> pointers.

    $ openssl genpkey -algorithm RSA-PSS -pkeyopt rsa_keygen_bits:2048 \
        -pkeyopt rsa_keygen_pubexp:65537 -pkeyopt rsa_pss_keygen_md:sha256 \
        -pkeyopt rsa_pss_keygen_mgf1_md:sha256 -pkeyopt rsa_pss_keygen_saltlen:16 \
        -out rsa_pss_private_2048_restricted.pem
    ....................................................................+++++
    ...........................+++++
    $ openssl pkey -in rsa_pss_private_2048_restricted.pem -pubout |
      openssl pkey -pubin -text
    -----BEGIN PUBLIC KEY-----
    MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEB
    CDALBglghkgBZQMEAgGiAwIBEAOCAQ8AMIIBCgKCAQEAtfBYSSrOvPmuwVzRJeOP
    h5o9iZEM2L9CTY3mJRW5cJOdoOwjEp6ITge3QxPbgoFlKwg88U1ejIj7/uNwZKIV
    yO5WRYRBFxS+rdBv6gQNyBn6z4LcxQ1chE6PgpmO0ZsDj56aRumf7mmg5ewFHOAG
    txeSRyT4NO6XMFb57OGGqGwhYm/nUrbrtmErCc8Y/HKP0TVHCnrvoGf2hgAkmvYG
    FxqbXs12nQrgcecPZVtszcdD/RelTaE62TnNrsHOCEdqLoOXTJ/64LQXKFrbAd7H
    YiBKXYA+PkJf5a053LJ9gIJlkYKpCbXqkI9cLRS/uX5WDg5/rJilR8Ng77tQSJvq
    LwIDAQAB
    -----END PUBLIC KEY-----
    RSA-PSS Public-Key: (2048 bit)
    Modulus:
	00:b5:f0:58:49:2a:ce:bc:f9:ae:c1:5c:d1:25:e3:
	8f:87:9a:3d:89:91:0c:d8:bf:42:4d:8d:e6:25:15:
	b9:70:93:9d:a0:ec:23:12:9e:88:4e:07:b7:43:13:
	db:82:81:65:2b:08:3c:f1:4d:5e:8c:88:fb:fe:e3:
	70:64:a2:15:c8:ee:56:45:84:41:17:14:be:ad:d0:
	6f:ea:04:0d:c8:19:fa:cf:82:dc:c5:0d:5c:84:4e:
	8f:82:99:8e:d1:9b:03:8f:9e:9a:46:e9:9f:ee:69:
	a0:e5:ec:05:1c:e0:06:b7:17:92:47:24:f8:34:ee:
	97:30:56:f9:ec:e1:86:a8:6c:21:62:6f:e7:52:b6:
	eb:b6:61:2b:09:cf:18:fc:72:8f:d1:35:47:0a:7a:
	ef:a0:67:f6:86:00:24:9a:f6:06:17:1a:9b:5e:cd:
	76:9d:0a:e0:71:e7:0f:65:5b:6c:cd:c7:43:fd:17:
	a5:4d:a1:3a:d9:39:cd:ae:c1:ce:08:47:6a:2e:83:
	97:4c:9f:fa:e0:b4:17:28:5a:db:01:de:c7:62:20:
	4a:5d:80:3e:3e:42:5f:e5:ad:39:dc:b2:7d:80:82:
	65:91:82:a9:09:b5:ea:90:8f:5c:2d:14:bf:b9:7e:
	56:0e:0e:7f:ac:98:a5:47:c3:60:ef:bb:50:48:9b:
	ea:2f
    Exponent: 65537 (0x10001)
    PSS parameter restrictions:
      Hash Algorithm: sha256
      Mask Algorithm: mgf1 with sha256
      Minimum Salt Length: 0x10
      Trailer Field: 0xBC (default)

> I also need to access the key restrictions (MD / MGF1 MD / salt length) 
> given only a pointer to the EVP_PKEY structure. I understand that the 
> information is stored in the RSA_PSS_PARAMS structure. How do I access 
> the restrictions using the public API?

EVP_PKEY_get0_RSA() gets you the underlying algorithm-specific RSA
key.  But there don't appear to be any accessors that use the
internal rsa_pss_get_param() function to return these parameters
(I could not find any).  Perhaps open an issue on github, or if
you are up for it, a pull request (with documentationa and code).

-- 
	Viktor.

More information about the openssl-users mailing list