RE: What's different between RSASSA and RSAPSS padding mode?

"Dr. Matthias St. Pierre" <Matthias.St.Pierre@xxxxxxxxx> · Wed, 12 May 2021 06:06:21 +0000

It’s the same. The correct full name is RSASSA-PSS, where ‘SSA’
 stands for Secure Signature Algorithm (IIRC) and ‘PSS’ for Probabilistic Signature Scheme

Regards

https://en.wikipedia.org/wiki/PKCS_1#Schemes
https://datatracker.ietf.org/doc/html/rfc4056

From:
openssl-users <openssl-users-bounces@xxxxxxxxxxx> 
On Behalf Of Eddie Chang

Sent: Wednesday, May 12, 2021 2:46 AM

To: openssl-users@xxxxxxxxxxx

Subject: What's different between RSASSA and RSAPSS padding mode?

Hi:

  I'm new comer to openssl. Recently, I study SPDM document https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_0.99a.pdf and feel confused about ReqBaseAsymAlg
 structure in page 49.

In this spec, I saw it can support RSASSA_4096 and RSAPSS_4096. But I check opensl source code,  rsa_padding_mode option only support pss padding. Don't have any idea about RSASSA.

Anyonce can please help to comemnt what different between RSASSA and RSAPSS is?

For testting, I can specify PSS padding with SHA256 digest for sign and verfiifcation as below command.

openssl dgst -sha512 -binary  -out sha512_out.bin  test.bin

openssl pkeyutl -sign -in sha512_out.bin -inkey gv100_rsa_3072_pvt_dbg.pem -out sig1.bin -pkeyopt digest:sha512 -pkeyopt rsa_padding_mode:pss -pkeyopt rsa_pss_saltlen:-1

openssl pkeyutl -verify -in sha512_out.bin -sigfile sig1.bin  -pkeyopt digest:sha512  -pkeyopt rsa_padding_mode:pss -pkeyopt rsa_pss_saltlen:-1 -pubin -inkey gv100_rsa_3072_pub_dbg.pem

But don't know how to test RSASSA.

Thanks

Byte 0 Bit 5. TPM_ALG_RSASSA_4096

Byte 0 Bit 6. TPM_ALG_RSAPSS_4096

--- 本郵件來自HiNet WebMail ---

Attachment:
smime.p7s

Description: S/MIME cryptographic signature