
Hi All,
My ultimate goal is to generate an RSA-PSS key that will have the PSS parameters in the subjectPublicKey section of the TBSCertificate. In order to do that the first need is a paramfile. Here’s the command being used to to generate the parameter file:
OpenSSL> genpkey -genparam -paramfile .\pem\rsapssParams.pem -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_pss_keygen_md:sha256 -pkeyopt rsa_pss_keygen_mgf1_md:sha256 -pkeyopt rsa_pss_keygen_saltlen:120
But, it returns the error:
NB: options order may be important! See the manual page.
error in genpkey
The genpkey man page says for the -genparam option, “If used this option must precede any -algorithm, -paramfile or -pkeyopt options.
With regard to the -paramfile option it says, “If used this option must precede any -pkeyopt options.
Thus, with -genparam first followed by the -paramfile option and capped off with the -pkeyopt options it looks to me that the order is correct.
If anyone has any enlightenment for me I’d be eternally grateful.
Thanks,
Steve

| Steven Madwin Software QA Engineer Adobe Systems Incorporated 345 Park Avenue, MS-W15 San Jose, CA 95110-2704 USA Phone: 408.536.4343 Fax: 408.536.6024 [hidden email] |
--
openssl-users mailing list
To unsubscribe:
https://mta.openssl.org/mailman/listinfo/openssl-users