On Thu, May 08, 2014, MichaelM wrote: > We want to read the public key of certificates created with an RSA PSS key. > > Using 'openssl x509 -inform DER -in test.cer -text' returns > > ... > Subject Public Key Info: > Public Key Algorithm: rsassaPss > Unable to load Public Key > 3000:error:0609E09C:digital envelope routines:PKEY_SET_TYPE:unsupported > algorithm:.\crypto\evp\p_lib.c:239: > 3000:error:0B07706F:x509 certificate routines:X509_PUBKEY_get:unsupported > algorithm:.\crypto\asn1\x_pubkey.c:155: > ... > > The other parts of the certificate are shown correctly. Used openssl version > is 1.0.1g. Not sure if this is our mistake or not supported by openssl. But > it works with certificates created with standard RSA keys. > > Eventually we want to use libeay32.dll directly. We already did this > successfully in the past but found now X509_get_pubkey() returning NULL > using such certificates. - Maybe there exists an alternative way to read out > the public key to get a pointer to an EVP_PKEY structure? >
If you're just interested in this one certificate you can manually extract the key using asn1parse. It is possible to add an "alias" for this algorithm and then OpenSSL can handle the key directly. It wont however support the PSS semantics properly: i.e. the key can only be used for PSS and any parameter restrictions. For that reason this hasn't been done in the official sources. It would help if you could post the actual certificate or send it to me privately if you prefer. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
