> On Aug 8, 2018, at 12:01 PM, Stephane van Hardeveld <stephane@xxxxxxxxxxxxxxx> wrote: > > By default, if I create an X 509 certificate with a public key in it, the > object identifier is rsaEncyption (1.2.840.113549.1.1.1). Is it possible to > specify a different object identifier, e.g. rsaOAEP (1.2.840.113549.1.1.7)? > I looked into the various EVP_PKEY and EVP_PKEY_CTX functions, and other > places in code, but the only place this object ID is specified is in > obj_dat.h, and not used anywhere else (as far as I can see...) This request is a bit puzzling, since OAEP is a padding mode for RSA *encryption*, not RSA signatures. For the latter, once typically goes with PSS if one wants a more modern signature scheme. OpenSSL supports OAEP for RSA encryption (e.g. in CMS), but in X.509, where the task at hand is signing... So it is not clear that what you're looking for makes sense. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
