Using RSA-PSS in OpenSSL 1.1.1b

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Using RSA-PSS in OpenSSL 1.1.1b

Tobias Nießen
Hello,

I am using OpenSSL 1.1.1b and I have two questions regarding RSA-PSS. I
am using the following command to generate the private key:

     openssl genpkey -algorithm RSA-PSS -pkeyopt rsa_keygen_bits:2048
-pkeyopt rsa_keygen_pubexp:65537 -pkeyopt rsa_pss_keygen_md:sha256
-pkeyopt rsa_pss_keygen_mgf1_md:sha256 -pkeyopt
rsa_pss_keygen_saltlen:16 -out rsa_pss_private_2048_restricted.pem

This works, but I am unsure how to produce the corresponding public key
using the openssl CLI, it would be great if someone could give me some
pointers.

I also need to access the key restrictions (MD / MGF1 MD / salt length)
given only a pointer to the EVP_PKEY structure. I understand that the
information is stored in the RSA_PSS_PARAMS structure. How do I access
the restrictions using the public API?

Thanks in advance!
Tobias

Reply | Threaded
Open this post in threaded view
|

Re: Using RSA-PSS in OpenSSL 1.1.1b

Viktor Dukhovni
On Tue, Mar 26, 2019 at 12:25:21AM +0100, Tobias Nießen wrote:

> I am using OpenSSL 1.1.1b and I have two questions regarding RSA-PSS. I
> am using the following command to generate the private key:
>
>  $ openssl genpkey -algorithm RSA-PSS -pkeyopt rsa_keygen_bits:2048 \
>    -pkeyopt rsa_keygen_pubexp:65537 -pkeyopt rsa_pss_keygen_md:sha256 \
>    -pkeyopt rsa_pss_keygen_mgf1_md:sha256 -pkeyopt \
>    rsa_pss_keygen_saltlen:16 -out rsa_pss_private_2048_restricted.pem
>
> This works, but I am unsure how to produce the corresponding public key
> using the openssl CLI, it would be great if someone could give me some
> pointers.

    $ openssl genpkey -algorithm RSA-PSS -pkeyopt rsa_keygen_bits:2048 \
        -pkeyopt rsa_keygen_pubexp:65537 -pkeyopt rsa_pss_keygen_md:sha256 \
        -pkeyopt rsa_pss_keygen_mgf1_md:sha256 -pkeyopt rsa_pss_keygen_saltlen:16 \
        -out rsa_pss_private_2048_restricted.pem
    ....................................................................+++++
    ...........................+++++
    $ openssl pkey -in rsa_pss_private_2048_restricted.pem -pubout |
      openssl pkey -pubin -text
    -----BEGIN PUBLIC KEY-----
    MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAaEaMBgGCSqGSIb3DQEB
    CDALBglghkgBZQMEAgGiAwIBEAOCAQ8AMIIBCgKCAQEAtfBYSSrOvPmuwVzRJeOP
    h5o9iZEM2L9CTY3mJRW5cJOdoOwjEp6ITge3QxPbgoFlKwg88U1ejIj7/uNwZKIV
    yO5WRYRBFxS+rdBv6gQNyBn6z4LcxQ1chE6PgpmO0ZsDj56aRumf7mmg5ewFHOAG
    txeSRyT4NO6XMFb57OGGqGwhYm/nUrbrtmErCc8Y/HKP0TVHCnrvoGf2hgAkmvYG
    FxqbXs12nQrgcecPZVtszcdD/RelTaE62TnNrsHOCEdqLoOXTJ/64LQXKFrbAd7H
    YiBKXYA+PkJf5a053LJ9gIJlkYKpCbXqkI9cLRS/uX5WDg5/rJilR8Ng77tQSJvq
    LwIDAQAB
    -----END PUBLIC KEY-----
    RSA-PSS Public-Key: (2048 bit)
    Modulus:
        00:b5:f0:58:49:2a:ce:bc:f9:ae:c1:5c:d1:25:e3:
        8f:87:9a:3d:89:91:0c:d8:bf:42:4d:8d:e6:25:15:
        b9:70:93:9d:a0:ec:23:12:9e:88:4e:07:b7:43:13:
        db:82:81:65:2b:08:3c:f1:4d:5e:8c:88:fb:fe:e3:
        70:64:a2:15:c8:ee:56:45:84:41:17:14:be:ad:d0:
        6f:ea:04:0d:c8:19:fa:cf:82:dc:c5:0d:5c:84:4e:
        8f:82:99:8e:d1:9b:03:8f:9e:9a:46:e9:9f:ee:69:
        a0:e5:ec:05:1c:e0:06:b7:17:92:47:24:f8:34:ee:
        97:30:56:f9:ec:e1:86:a8:6c:21:62:6f:e7:52:b6:
        eb:b6:61:2b:09:cf:18:fc:72:8f:d1:35:47:0a:7a:
        ef:a0:67:f6:86:00:24:9a:f6:06:17:1a:9b:5e:cd:
        76:9d:0a:e0:71:e7:0f:65:5b:6c:cd:c7:43:fd:17:
        a5:4d:a1:3a:d9:39:cd:ae:c1:ce:08:47:6a:2e:83:
        97:4c:9f:fa:e0:b4:17:28:5a:db:01:de:c7:62:20:
        4a:5d:80:3e:3e:42:5f:e5:ad:39:dc:b2:7d:80:82:
        65:91:82:a9:09:b5:ea:90:8f:5c:2d:14:bf:b9:7e:
        56:0e:0e:7f:ac:98:a5:47:c3:60:ef:bb:50:48:9b:
        ea:2f
    Exponent: 65537 (0x10001)
    PSS parameter restrictions:
      Hash Algorithm: sha256
      Mask Algorithm: mgf1 with sha256
      Minimum Salt Length: 0x10
      Trailer Field: 0xBC (default)

> I also need to access the key restrictions (MD / MGF1 MD / salt length)
> given only a pointer to the EVP_PKEY structure. I understand that the
> information is stored in the RSA_PSS_PARAMS structure. How do I access
> the restrictions using the public API?

EVP_PKEY_get0_RSA() gets you the underlying algorithm-specific RSA
key.  But there don't appear to be any accessors that use the
internal rsa_pss_get_param() function to return these parameters
(I could not find any).  Perhaps open an issue on github, or if
you are up for it, a pull request (with documentationa and code).

--
        Viktor.