RSA-OAEP Certificate

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

RSA-OAEP Certificate

Russ Housley
I am looking a test certificate that contains an RSA-OAEP subject public key (OID = id-RSAES-OAEP from RFC 4055) and is signed with RSA-PSS (OID = id-RSASSA-PSS also from RFC 4055).  I have not ben able to find a way to generate such a certificate with OpenSSL.  If you have a pointer to such a certificate or a recipe for generating one, I would appreciate the pointer.

  Russ
Reply | Threaded
Open this post in threaded view
|

Re: RSA-OAEP Certificate

Viktor Dukhovni
On Tue, Jan 19, 2021 at 06:26:23PM -0500, Russ Housley wrote:

> I am looking a test certificate that contains an RSA-OAEP subject
> public key (OID = id-RSAES-OAEP from RFC 4055) and is signed with
> RSA-PSS (OID = id-RSASSA-PSS also from RFC 4055).  I have not ben able
> to find a way to generate such a certificate with OpenSSL.  If you
> have a pointer to such a certificate or a recipe for generating one, I
> would appreciate the pointer.

While RSA-PSS keys are supported by genpkey(1), I don't see any support
for generating RSAES-OAEP keys in any of the command-line utilities.

It does not look like RSAES-OAEP SPKI are supported even at the API
level.  Perhaps I did not look hard enough...

--
    Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: RSA-OAEP Certificate

Richard Levitte - VMS Whacker-2
On Wed, 20 Jan 2021 02:24:24 +0100,
Viktor Dukhovni wrote:

>
> On Tue, Jan 19, 2021 at 06:26:23PM -0500, Russ Housley wrote:
>
> > I am looking a test certificate that contains an RSA-OAEP subject
> > public key (OID = id-RSAES-OAEP from RFC 4055) and is signed with
> > RSA-PSS (OID = id-RSASSA-PSS also from RFC 4055).  I have not ben able
> > to find a way to generate such a certificate with OpenSSL.  If you
> > have a pointer to such a certificate or a recipe for generating one, I
> > would appreciate the pointer.
>
> While RSA-PSS keys are supported by genpkey(1), I don't see any support
> for generating RSAES-OAEP keys in any of the command-line utilities.
>
> It does not look like RSAES-OAEP SPKI are supported even at the API
> level.  Perhaps I did not look hard enough...

You are entirely correct.  I was surprised when I discovered this, but
there you go.  I suppose that the early implementation was "on demand",
i.e. RSA-PSS keys were seen out in the wild, prompting us ("someone")
to add support for them.  RSA-OAEP keys haven't had the same demand,
so no one implemented support for them as such.

We do have support for RSA-OAEP, but only on an operational level,
i.e. encryption and decryption with a "normal" RSA key and additional
OAEP parameters for the operation.  On a command level, it means that
it's possible to have OAEP padding mode with 'openssl pkeyutl'.

A few of us in the team are keenly aware of the lack of RSA-OAEP key
support, and we have discussed internally whether we should add that
with OpenSSL 3.0...  I don't quite recall if we came to an actual "yay
or nay" decision, it's just not been a top priority item.  That being
said, I can't see that any of us will protest if someone chooses to
chip in and add such support, at least in our providers [*]

-----
[*] in other words, PR welcome...  I believe that the RSA-PSS work
    can be a good enough template that RSA-OAEP key support doesn't
    have to be too hard to do.

Cheers,
Richard

--
Richard Levitte         [hidden email]
OpenSSL Project         http://www.openssl.org/~levitte/