On 14/06/2019 13:28, Raja Ashok wrote: > Hi All, > > For using with TLS1.3, I am able to generate rsa_pss_pss cert (Both Public key > and Signature of RSA_PSS OID) with the below script. > > https://github.com/raja-ashok/sample_certificates/blob/master/RSA_PSS_PSS_Certs/gen_rsa_cert.sh > > Can some one help me to find out the command for generating rsa_pss_rsae cert > (Public key of rsaEncryption OID and Signature of RSA PSS OID) ? It's not entirely clear to me what you are asking for. In your script you generate a root certificate and a server certificate. Both the root and the server certificate use the RSA PSS OID. The signature in the server certificate will be PSS because the root is using the PSS OID. If you want to generate a server certificate that uses the rsaEncryption OID then just drop the "-sigopt rsa_padding_mode:pss" option from the command generating the serv_req.pem file. The rsaEncryption OID is the default. The signature in the certificate depends on the oid in the root certificate and how you sign using it. Since your root uses the RSA PSS OID then the signature in the server cert will still be PSS. But I'm not sure that is what you are actually asking for. There is no such thing as an "rsa_pss_rsae" certificate. I think you are confusing the sig algs from TLSv1.3 with the certificate type. In order to use the "rsa_pss_rsae" sig alg in TLSv1.3 all you need is an RSA certificate with the rsaEncryption OID. It makes no difference what the signature in the certificate is (that is only relevant for verifying the chain). As long as you use a cert with the rsaEncryption OID in it, and you negotiate TLSv1.3, then any signatures generated during the handshake will be PSS signatures using an rsa_pss_rsae sig alg. Matt
