Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

RSASSA-PSS command

668 views

Skip to first unread message

shixin

unread,

Apr 17, 2014, 6:51:50 AM4/17/14

Hi all,

I want to sign with RSASSA-PSS, but I don't know how use openssl in command.

Best Wishes,
Thanks!

shixin

unread,

Apr 17, 2014, 7:20:49 AM4/17/14

Oh, my purpose is generate x509 certificate that the Subject Public Key Information is id-RSASA-PSS 2058.

Thanks

Hanno Böck

unread,

Apr 17, 2014, 7:29:34 AM4/17/14

On Thu, 17 Apr 2014 19:20:49 +0800 (CST)
shixin <shix...@163.com> wrote:

>
> Oh, my purpose is generate x509 certificate that the Subject Public
> Key Information is id-RSASA-PSS 2058.

I think openssl is not able to do that. At least it wasn't when I
wrote my thesis on RSA-PSS [1].

The only software out there capable of creating such "PSS-only"-keys
was the IAIK java library.

[1] http://rsapss.hboeck.de/
--
Hanno Böck
http://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: BBB51E42

signature.asc

shixin

unread,

Apr 17, 2014, 7:54:27 AM4/17/14

Oh, I see your blog, and thank you very much.

I implement X.509 certificates with RSASSA-PSS signatures by openssl function, is it possible?

Best Wishes

Hanno Böck

unread,

Apr 17, 2014, 7:57:43 AM4/17/14

On Thu, 17 Apr 2014 19:54:27 +0800 (CST)
shixin <shix...@163.com> wrote:

> I implement X.509 certificates with RSASSA-PSS signatures by openssl
> function, is it possible?

It is possible, however most browsers won't like it. (my code for nss is
unfortunately bitrotting in bugzilla)

But we have two things here:
a) you can create RSASSA-PSS signatures with normal RSA key type.
Openssl supports that.
b) You can have specific RSASSA-PSS-only-keys that are not allowed to do
anything else. No support in OpenSSL as far as I know.

signature.asc

0 new messages