> -----Original Message----- > From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf > Of Viktor Dukhovni > Sent: donderdag 9 augustus 2018 21:05 > To: openssl-users@xxxxxxxxxxx > Subject: Re: rsaOAEP OID in X509 certificate > > > > > On Aug 8, 2018, at 12:01 PM, Stephane van Hardeveld > <stephane@xxxxxxxxxxxxxxx> wrote: > > > > By default, if I create an X 509 certificate with a public key in it, the > > object identifier is rsaEncyption (1.2.840.113549.1.1.1). Is it possible to > > specify a different object identifier, e.g. rsaOAEP (1.2.840.113549.1.1.7)? > > I looked into the various EVP_PKEY and EVP_PKEY_CTX functions, and > other > > places in code, but the only place this object ID is specified is in > > obj_dat.h, and not used anywhere else (as far as I can see...) > > This request is a bit puzzling, since OAEP is a padding mode for RSA > *encryption*, not RSA signatures. For the latter, once typically > goes with PSS if one wants a more modern signature scheme. > > OpenSSL supports OAEP for RSA encryption (e.g. in CMS), but in X.509, > where the task at hand is signing... So it is not clear that what > you're looking for makes sense. > > -- > Viktor. > Hi Victor, The certificate is signed with PSS. However, I try to indicate that the public key enclosed IN the certificate should be used with the OAEP padding mode while decrypting a separate message Regards, Stephane -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
