RSA-PSS Param File

Hi All,

My ultimate goal is to generate an RSA-PSS key that will have the PSS parameters in the subjectPublicKey section of the TBSCertificate. In order to do that the first need is a paramfile. Here’s the command being used to to generate the parameter file:

OpenSSL> genpkey -genparam -paramfile .\pem\rsapssParams.pem -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_pss_keygen_md:sha256 -pkeyopt rsa_pss_keygen_mgf1_md:sha256 -pkeyopt rsa_pss_keygen_saltlen:120

But, it returns the error:

NB: options order may be important!  See the manual page.

error in genpkey

The genpkey man page says for the -genparam option, “If used this option must precede any -algorithm, -paramfile or -pkeyopt options.

With regard to the -paramfile option it says, “If used this option must precede any -pkeyopt options.

Thus, with -genparam first followed by the -paramfile option and capped off with the -pkeyopt options it looks to me that the order is correct.

If anyone has any enlightenment for me I’d be eternally grateful.

Thanks,

Steve