On 03/12/2019 16:29, Angus Robertson - Magenta Systems Ltd wrote: > Google has started using RSA-PSS private keys for Json Web Keys. > > I create an RSA JWK using EVP_PKEY_get1_RSA and RSA_get0_key, but this > does not work for RSA-PSS. In what way does this not work? Perhaps you are missing access to the PSS parameters? I notice that 3.0 recently had the accessor RSA_get0_pss_params() added. Probably that should also have been backported to 1.1.1. > Are there any other workarounds? Is RSA-PSS fully supported in 3.0? Aside from the possible missing accessor (which looks like a bug), its fully supported in 1.1.1. Matt