RSA-PSS Param File

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

RSA-PSS Param File

OpenSSL - User mailing list

Hi All,


My ultimate goal is to generate an RSA-PSS key that will have the PSS parameters in the subjectPublicKey section of the TBSCertificate. In order to do that the first need is a paramfile. Here’s the command being used to to generate the parameter file:


OpenSSL> genpkey -genparam -paramfile .\pem\rsapssParams.pem -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_pss_keygen_md:sha256 -pkeyopt rsa_pss_keygen_mgf1_md:sha256 -pkeyopt rsa_pss_keygen_saltlen:120


But, it returns the error:

NB: options order may be important!  See the manual page.

error in genpkey


The genpkey man page says for the -genparam option, “If used this option must precede any -algorithm, -paramfile or -pkeyopt options.

With regard to the -paramfile option it says, “If used this option must precede any -pkeyopt options.


Thus, with -genparam first followed by the -paramfile option and capped off with the -pkeyopt options it looks to me that the order is correct.


If anyone has any enlightenment for me I’d be eternally grateful.






Description: Description: cid:977323607@08042008-1EBD


Steven Madwin

Software QA Engineer

Adobe Systems Incorporated

345 Park Avenue, MS-W15

San Jose, CA 95110-2704 USA

Phone:   408.536.4343

Fax:         408.536.6024

[hidden email]



openssl-users mailing list
To unsubscribe:

smime.p7s (7K) Download Attachment