Create private key and certificate using RSASSA PSS with openssl

Question

how, if its possible to create a self signed key and certifactes using openssl with RSASSA-PSS (RFC 4065)?

I managed to use a existing (non-RSASSA-PSS) certificate with this padding mode:

Signing

openssl dgst -sha256 -sign privateKey.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -out pss.sha256 test.txt

Verifying

openssl dgst -sha256 -verify pubkey.pem -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -signature pss.sha256 test.txt

But I think these mode and saltlen should be (RFC 4065 must be) in the certificate?

If its not possible with openssl, what can I use instead?

Thank you.

Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See [What topics can I ask about here](http://stackoverflow.com/help/on-topic) in the Help Center. Perhaps [Unix & Linux Stack Exchange](http://unix.stackexchange.com/) or [Information Security Stack Exchange](http://security.stackexchange.com/) would be a better place to ask. — jww, Mar 20 '17 at 13:25
Nice answer - why did you answer in https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl/27931596#27931596 ? It dosnt matter. — Buschhardt, Jul 23 '19 at 08:43
You meant RFC 4056 and/or 4055 (not 4065), and the PSS parameters _may_ be in the certificate SubjPubKeyInfo if and only if the OID is id-RSASSA-PSS, but neither of these is required; _if_ that OID is used _and_ parameters are present, then (and only then) the signature(s) created under that key must match the stated parameters. — dave_thompson_085, Dec 08 '21 at 21:41

score 2 · Answer 1 · answered Dec 08 '21 at 20:27

2

openssl genpkey, req and ca (and maybe other openssl commands) allow to set some metadata so as to restrict the use of or certificate to specific constraints depending on the algorithm : eg. for RSA-PSS, min length for salt, digest method for signature...

for openssl genpkey, the options are set with -pkeyopt, and they are transmitted to the CSR
for openssl req and ca, the options are set with -sigopt

For example

openssl genpkey -algorithm rsa-pss          \
    -pkeyopt rsa_keygen_bits:2048           \
    -pkeyopt rsa_pss_keygen_md:sha256       \
    -pkeyopt rsa_pss_keygen_mgf1_md:sha256  \
    -pkeyopt rsa_pss_keygen_saltlen:32      \
    -out privateKey.pem

answered Dec 08 '21 at 20:27

fxdeltombe

51
5

What version of openssl is required? Mine is LibreSSL 2.8.3 and reports `Algorithm rsa-pss not found` – chrisinmtown Jul 17 '22 at 12:23
@chrisinmtown OpenSSL 1.1.1f 31 Mar 2020 – fxdeltombe Jul 18 '22 at 16:25
That generates the private key with restrictions. Can a public key with similar restrictions be created using openssl? When I try piping that into `| openssl rsa -pubout | openssl asn1parse` I find that all the restrictions are lifted. – Christopher King Sep 24 '22 at 00:01
@ChristopherKing The `openssl rsa` comman will produce a pkcs1 wrapped public key which does not contain the RSASSA-PSS metadata. Try this instead `openssl pkey -in /tmp/privateKey.pem -pubout -out /tmp/pubkey.pem`. – Andreas Mikael Bank Dec 21 '22 at 09:59

Create private key and certificate using RSASSA PSS with openssl

1 Answers1