> On Aug 9, 2018, at 3:21 PM, Stephane van Hardeveld <stephane@xxxxxxxxxxxxxxx> wrote: > > The certificate is signed with PSS. However, I try to indicate that the > public key enclosed IN the certificate should be used with the OAEP padding > mode while decrypting a separate message Keys in X.509 certiificates are mostly used for signing (e.g. TLS with DHE or ECDHE key agreement). But I guess you could mint an encryption-only certificate that is not useful for signing, and use it exclusively for key wrapping. I don't know whether marking the key as an RSA-OAEP key would then have the effect of restricting its usage by various libraries to OAEP. In the case of OpenSSL such an SPKI would simply not work at all. :-( If someone contributed a quality implementation of this key type, it would probably be a good candidate for inclusion in libcrypto. More typically (e.g. IN CMS), the fact that OAEP was used to encrypt the message is part of the message metadata, and so decryption will automatically use OAEP when it is was explicitly selected at the time the message was created. Thus OAEP is baked into the message, rather than the certificate. OpenSSL supports "oaep" in cms(1), pkeyutl(1) and rsautl(1) which can create RSA encrypted objects, but does not presently support X.509 certificates with RFC4055/RFC5756 OAEP SPKI. https://tools.ietf.org/html/rfc4055#section-4.1 https://tools.ietf.org/html/rfc5756#section-4 -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
