Re: [openssl-users] rsaOAEP OID in X509 certificate

2018-08-16 Thread Stephane van Hardeveld
> > On Aug 14, 2018, at 4:55 PM, Stephane van Hardeveld > wrote: > > > > If I would try this endeavour, what would be the best interface to set this? > > For creation, use the EVP_PKEY type with the EVP_PKEY_CTX, and set > > attributes there? > > You'll need a new EVP_PKEY type that is mostly lik

Re: [openssl-users] rsaOAEP OID in X509 certificate

2018-08-14 Thread Viktor Dukhovni
> On Aug 14, 2018, at 4:55 PM, Stephane van Hardeveld > wrote: > > If I would try this endeavour, what would be the best interface to set this? > For creation, use the EVP_PKEY type with the EVP_PKEY_CTX, and set > attributes there? You'll need a new EVP_PKEY type that is mostly like RSA, bu

Re: [openssl-users] rsaOAEP OID in X509 certificate

2018-08-14 Thread Stephane van Hardeveld
> > > On Aug 9, 2018, at 3:21 PM, Stephane van Hardeveld > wrote: > > > > The certificate is signed with PSS. However, I try to indicate that the > > public key enclosed IN the certificate should be used with the OAEP > padding > > mode while decrypting a separate message > > Keys in X.509 certi

Re: [openssl-users] rsaOAEP OID in X509 certificate

2018-08-13 Thread Hubert Kario
On Thursday, 9 August 2018 22:01:25 CEST Viktor Dukhovni wrote: > > On Aug 9, 2018, at 3:21 PM, Stephane van Hardeveld > > wrote: > > > > The certificate is signed with PSS. However, I try to indicate that the > > public key enclosed IN the certificate should be used with the OAEP > > padding > >

Re: [openssl-users] rsaOAEP OID in X509 certificate

2018-08-09 Thread Stephane van Hardeveld
> > Keys in X.509 certiificates are mostly used for signing (e.g. TLS with > DHE or ECDHE key agreement). But I guess you could mint an encryption- > only > certificate that is not useful for signing, and use it exclusively for > key wrapping. That is exactly the use case ;-) I don't know whe

Re: [openssl-users] rsaOAEP OID in X509 certificate

2018-08-09 Thread Viktor Dukhovni
> On Aug 9, 2018, at 3:21 PM, Stephane van Hardeveld > wrote: > > The certificate is signed with PSS. However, I try to indicate that the > public key enclosed IN the certificate should be used with the OAEP padding > mode while decrypting a separate message Keys in X.509 certiificates are m

Re: [openssl-users] rsaOAEP OID in X509 certificate

2018-08-09 Thread Stephane van Hardeveld
> -Original Message- > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Viktor Dukhovni > Sent: donderdag 9 augustus 2018 21:05 > To: openssl-users@openssl.org > Subject: Re: [openssl-users] rsaOAEP OID in X509 certificate > > >

Re: [openssl-users] rsaOAEP OID in X509 certificate

2018-08-09 Thread Viktor Dukhovni
> On Aug 8, 2018, at 12:01 PM, Stephane van Hardeveld > wrote: > > By default, if I create an X 509 certificate with a public key in it, the > object identifier is rsaEncyption (1.2.840.113549.1.1.1). Is it possible to > specify a different object identifier, e.g. rsaOAEP (1.2.840.113549.1.1.

Re: [openssl-users] rsaOAEP OID in X509 certificate

2018-08-09 Thread Stephane van Hardeveld
> -Original Message- > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Ken Goldman > Sent: donderdag 9 augustus 2018 18:52 > To: openssl-users@openssl.org > Subject: Re: [openssl-users] rsaOAEP OID in X509 certificate > > On 8/9/201

Re: [openssl-users] rsaOAEP OID in X509 certificate

2018-08-09 Thread Ken Goldman
On 8/9/2018 10:51 AM, Stephane van Hardeveld wrote: I will discuss this, but as far as I understand, these OID are allowed by the X 509 standard: 4.1.2.7. Subject Public Key Info [snip] And in rfc4055, 4.1 Openssl is capable of parsing it, only retrieving it gives an error on unknown algo

Re: [openssl-users] rsaOAEP OID in X509 certificate

2018-08-09 Thread Stephane van Hardeveld
> -Original Message- > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Ken Goldman > Sent: donderdag 9 augustus 2018 14:56 > To: openssl-users@openssl.org > Subject: Re: [openssl-users] rsaOAEP OID in X509 certificate > > On 8/9/20

Re: [openssl-users] rsaOAEP OID in X509 certificate

2018-08-09 Thread Ken Goldman
On 8/9/2018 4:14 AM, Stephane van Hardeveld wrote: Hi Ken, I am trying to do two thing: 1: Generate X 509 certificates, with RSA-PSS signing, with different Hashing and Masking (SHA1 and SHA256), including an RSA Public key as content. This RSA 'content key' should specify it will be used for RS

Re: [openssl-users] rsaOAEP OID in X509 certificate

2018-08-09 Thread Stephane van Hardeveld
> To: openssl-users@openssl.org > Subject: Re: [openssl-users] rsaOAEP OID in X509 certificate > > 1 - If you are trying to extract the public key, X509_get_pubkey() won't > work. I have sample code to do it. Let me know if you want the > complete function. > >

Re: [openssl-users] rsaOAEP OID in X509 certificate

2018-08-08 Thread Ken Goldman
1 - If you are trying to extract the public key, X509_get_pubkey() won't work. I have sample code to do it. Let me know if you want the complete function. Basically: X509_get_X509_PUBKEY X509_PUBKEY_get0_param d2i_RSAPublicKey 2 - If you are trying to verify a certif

[openssl-users] rsaOAEP OID in X509 certificate

2018-08-08 Thread Stephane van Hardeveld
Hello all, By default, if I create an X 509 certificate with a public key in it, the object identifier is rsaEncyption (1.2.840.113549.1.1.1). Is it possible to specify a different object identifier, e.g. rsaOAEP (1.2.840.113549.1.1.7)? I looked into the various EVP_PKEY and EVP_PKEY_CTX functions