Dear Steve, Thank you for your reply. Now, I know the support status of RSASSA-PSS in the openssl. Thank you so much. Best Regards,Xiang Lu
> Date: Tue, 22 Jun 2010 13:24:52 +0200 > From: st...@openssl.org > To: openssl-users@openssl.org > Subject: Re: questions about RSASSA-PSS > > On Tue, Jun 22, 2010, ???? wrote: > > > > > Dear Mounir IDRASSI, I am sorry for the wrong title in the last email. I > > read your code. I am not sure about the lower-level encoding method. For > > RSA_padding_add_PKCS1_PSS,what's the encoding method it use, > > RSASSA-PKCS1-V1_5 or RSASSA-PSS? I found a email chain in the archive, > > http://www.mail-archive.com/openssl-users@openssl.org/msg40229.html, which > > said that RSASSA-PSS is not supported in the openssl at that time. I really > > appreciate your help. Before referring your code, I would like to make sure > > the signature generation scheme. Thank you so much. > > That message was from May 2005 and referred to OpenSSL 0.9.7c which indeed did > not support PSS. The only PSS support included later required manually padding > and verifying the signature via RSA primitives. > > When OpenSSL was placed through the FIPS 140-2 validation PSS support was > added to OpenSSL 0.9.8. Making incompatible changes to a stable branch is a > no-no so the API was rather primitive. If you check the dgst code you'll see > some of the parameters are included in a flag in the EVP_MD_CTX structure. > > OpenSSL 1.0.0 does things properly: you set the signature scheme > and parameters using the new EVP_DigestSign*() APIs. > > The latest development version (HEAD) has provisional support for PSS in > certificates and certificate requests. It currently only supports PSS with RSA > keys and not the PSS only restricted key type: I've not found any examples of > that to test against yet. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org _________________________________________________________________ 约会说不清地方?来试试微软地图最新msn互动功能! http://ditu.live.com/?form=TL&swm=1