Starting with the definition of the subjectPublicKeyInfo from RFC 5280, Section 4.1 - Basic Certificate fields we see that the entry contains two items:
SubjectPublicKeyInfo ::= SEQUENCE {
algorithm AlgorithmIdentifier,
subjectPublicKey BIT STRING }
In RFC 4055 - Additional Algorithms and Identifiers for RSA Cryptography for
use in the Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile, Section 3 it states, "CAs that
use the RSASSA-PSS algorithm for signing certificates SHOULD include
RSASSA-PSS-params in the subjectPublicKeyInfo algorithm parameters in their
own certificates."
This all leads to me wondering if anyone is aware if there is a plan afoot
to add the option of including the RSA-PSS params as a third item in the
Subject Public Key Info entry in a future version of OpenSSL?
Thanks,
Steve
Steven Madwin
Software QA Engineer
Adobe Systems Incorporated
345 Park Avenue, MS-W15
San Jose, CA 95110-2704 USA
Phone: 408.536.4343
Fax: 408.536.6024
<mailto:steven.mad...@adobe.com> steven.mad...@adobe.com
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
