On 8/9/2018 4:14 AM, Stephane van Hardeveld wrote:
Hi Ken,
I am trying to do two thing:
1: Generate X 509 certificates, with RSA-PSS signing, with different Hashing
and Masking (SHA1 and SHA256), including an RSA Public key as content. This
RSA 'content key' should specify it will be used for RSA-OAEP decryption.
2: Verify X 509 certificates, produced by other tools, which have the same
format
Do you really have to use a non-standard OID for the public key?
If you do, you will be creating a certificate that cannot be parsed by
openssl, Java's crypto library, and perhaps others. Your users will
have to write custom code to validate the certificate and to extract the
public key.
In addition, you'll need custom CA code to create the certificates.
I worry that custom crypto code can open attack surfaces compared
to using well tested standards. Parsing DER securely is known to be
hard.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
