RSA-OAEP Certificate

Richard Levitte levitte at openssl.org
Thu Jan 21 10:27:21 UTC 2021 

On Wed, 20 Jan 2021 02:24:24 +0100,
Viktor Dukhovni wrote:
> 
> On Tue, Jan 19, 2021 at 06:26:23PM -0500, Russ Housley wrote:
> 
> > I am looking a test certificate that contains an RSA-OAEP subject
> > public key (OID = id-RSAES-OAEP from RFC 4055) and is signed with
> > RSA-PSS (OID = id-RSASSA-PSS also from RFC 4055).  I have not ben able
> > to find a way to generate such a certificate with OpenSSL.  If you
> > have a pointer to such a certificate or a recipe for generating one, I
> > would appreciate the pointer.
> 
> While RSA-PSS keys are supported by genpkey(1), I don't see any support
> for generating RSAES-OAEP keys in any of the command-line utilities.
> 
> It does not look like RSAES-OAEP SPKI are supported even at the API
> level.  Perhaps I did not look hard enough...

You are entirely correct.  I was surprised when I discovered this, but
there you go.  I suppose that the early implementation was "on demand", 
i.e. RSA-PSS keys were seen out in the wild, prompting us ("someone")
to add support for them.  RSA-OAEP keys haven't had the same demand,
so no one implemented support for them as such.

We do have support for RSA-OAEP, but only on an operational level,
i.e. encryption and decryption with a "normal" RSA key and additional
OAEP parameters for the operation.  On a command level, it means that
it's possible to have OAEP padding mode with 'openssl pkeyutl'.

A few of us in the team are keenly aware of the lack of RSA-OAEP key
support, and we have discussed internally whether we should add that
with OpenSSL 3.0...  I don't quite recall if we came to an actual "yay
or nay" decision, it's just not been a top priority item.  That being
said, I can't see that any of us will protest if someone chooses to
chip in and add such support, at least in our providers [*]

-----
[*] in other words, PR welcome...  I believe that the RSA-PSS work
    can be a good enough template that RSA-OAEP key support doesn't
    have to be too hard to do.

Cheers,
Richard

-- 
Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/

More information about the openssl-users mailing list