1

RFC4055 describes RSAES-OAEP keys and RSASSA-PSS keys.

OpenSSL's genpkey utility supports let's you generate RSASSA-PSS keys (you have to set the aglorithm parameter to RSA-PSS) but if it supports RSAES-OAEP keys the documentation certainly makes no indication of that.

My question is... are there any third party tools that'll generate RSAES-OAEP keys for you?

neubert
  • 1,605
  • 3
  • 18
  • 36
  • 1
    So, more accurately, how to serialize in ASN.1 the structure from the RFC? Because the RSA key itself is not any different, only the metadata / label that is different? Unfortunately I don't know of a nice way, but `openssl asn1parse -genconf ` should be able to do it. – Z.T. Jun 22 '19 at 16:50
  • @Z.T. - the key is different. Consider https://pastebin.com/6aRCbKQ5 (an RSASSA-PSS key that OpenSSL gave me). Run `openssl asn1parse` on it vs a regular RSA key (eg. https://pastebin.com/cDf2U66p). The privateKeyAlgorithm bit of the key for the RSASSA-PSS key has 1.2.840.113549.1.1.10 as the OID vs 1.2.840.113549.1.1.1. Further, the parameters bit of the privateKeyAlgorithm has optional parameters for RSASSA-PSS keys whereas "normal" RSA keys do not have any (or if they do they're NULL). Sure, the privateKey part of the key is different but the privateKeyAlgorithm part is very much different. – neubert Jun 22 '19 at 17:13
  • Well, re-reading your comment, I guess you're kinda saying the same thing as I am lol – neubert Jun 22 '19 at 17:15

1 Answers1

0

I think, it can be achieved by passing -sigopt rsa_padding_mode:oaep to the openssl req command.

Glorfindel
  • 2,235
  • 6
  • 18
  • 30
PRR
  • 1