I am facing the following issue. I am currently working on integrating Single Sign-On (SSO) functionality into an existing application using the SAML Java toolkit. The Identity Provider (IdP) I am working with requires me to have an encryption certificate that uses the RSA-encryption schema RSA-OAEP (Rivest–Shamir–Adleman - Optimal asymmetric encryption padding). For testing purposes, It is allowed to use self signed certificates. Since I have already generated a signature certificate with the cryptographic signature scheme PSS, so I have tried to use RSA_PADDING_MODE:OAEP (by analogy to RSA_PADDING_MODE:PSS) but it did not work. I used the following command to create a private key.
openssl genpkey -algorithm RSA -out privateKey.pem -pkeyopt rsa_keygen_bits:4096 -pkeyopt rsa_padding_mode:oaep
I get the following error
I have the last version of openssl (OpenSSL 1.1.1s) installed on my computer. Since I did not find any explanation for this error. I tried to read the documentation of openSSL and I found out that RSA-OAEP is only used for the encryption and decryption:
Based on the documentation of OpenSSL, It seems that I should generate a private key and a self signed certificate using RSA without padding. The IdP will pad the message using OAEP padding schema. Then it will encrypt the SAML-message with my public certificate that I have provided. On my side, I will decrypt the SAML-message using my private key. Finally, I should unpad the message using a Java library. Am I correct ?
