On Thursday, 9 August 2018 22:01:25 CEST Viktor Dukhovni wrote: > > On Aug 9, 2018, at 3:21 PM, Stephane van Hardeveld > > <stephane@xxxxxxxxxxxxxxx> wrote: > > > > The certificate is signed with PSS. However, I try to indicate that the > > public key enclosed IN the certificate should be used with the OAEP > > padding > > mode while decrypting a separate message > > Keys in X.509 certiificates are mostly used for signing (e.g. TLS with > DHE or ECDHE key agreement). But I guess you could mint an encryption-only > certificate that is not useful for signing, and use it exclusively for > key wrapping. I don't know whether marking the key as an RSA-OAEP key > would then have the effect of restricting its usage by various libraries > to OAEP. it would, they would barf up just like they are barfing up while noticing rsa- pss OID in SPKI > More typically (e.g. IN CMS), the fact that OAEP was used to encrypt > the message is part of the message metadata, and so decryption will > automatically use OAEP when it is was explicitly selected at the time > the message was created. Thus OAEP is baked into the message, rather > than the certificate. the point is to have a certificate that can not be used for Bleichenbacher attacks, and for it it needs to be baked into certificate -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
Attachment:
signature.asc
Description: This is a digitally signed message part.
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
