Starting with the definition of the subjectPublicKeyInfo from RFC 5280, Section 4.1 – Basic Certificate fields we see that the entry contains two items: SubjectPublicKeyInfo ::= SEQUENCE { algorithm AlgorithmIdentifier, subjectPublicKey BIT STRING } In RFC 4055 - Additional Algorithms and Identifiers for RSA Cryptography for use in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, Section 3 it states, “CAs that use the RSASSA-PSS algorithm for signing certificates SHOULD include RSASSA-PSS-params in the subjectPublicKeyInfo algorithm parameters in their own certificates.” This all leads to me wondering if anyone is aware if there is a plan afoot to add the option of including the RSA-PSS params as a third item in the Subject Public Key Info entry in a future version of OpenSSL? Thanks, Steve
|
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
