On Tue, Jun 22, 2010, ???? wrote: > > Dear Mounir IDRASSI, I am sorry for the wrong title in the last email. I > read your code. I am not sure about the lower-level encoding method. For > RSA_padding_add_PKCS1_PSS,what's the encoding method it use, > RSASSA-PKCS1-V1_5 or RSASSA-PSS? I found a email chain in the archive, > http://www.mail-archive.com/openssl-users@openssl.org/msg40229.html, which > said that RSASSA-PSS is not supported in the openssl at that time. I really > appreciate your help. Before referring your code, I would like to make sure > the signature generation scheme. Thank you so much.
That message was from May 2005 and referred to OpenSSL 0.9.7c which indeed did not support PSS. The only PSS support included later required manually padding and verifying the signature via RSA primitives. When OpenSSL was placed through the FIPS 140-2 validation PSS support was added to OpenSSL 0.9.8. Making incompatible changes to a stable branch is a no-no so the API was rather primitive. If you check the dgst code you'll see some of the parameters are included in a flag in the EVP_MD_CTX structure. OpenSSL 1.0.0 does things properly: you set the signature scheme and parameters using the new EVP_DigestSign*() APIs. The latest development version (HEAD) has provisional support for PSS in certificates and certificate requests. It currently only supports PSS with RSA keys and not the PSS only restricted key type: I've not found any examples of that to test against yet. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
