RE: questions about RSASSA-PSS

Tue, 22 Jun 2010 22:04:02 -0700 

Dear Steve,
Thank you for your reply. Now, I know the support status of RSASSA-PSS in the 
openssl. Thank you so much.
Best Regards,Xiang Lu

> Date: Tue, 22 Jun 2010 13:24:52 +0200
> From: st...@openssl.org
> To: openssl-users@openssl.org
> Subject: Re: questions about RSASSA-PSS
> 
> On Tue, Jun 22, 2010, ???? wrote:
> 
> > 
> > Dear Mounir IDRASSI, I am sorry for the wrong title in the last email.  I
> > read your code. I am not sure about the lower-level encoding method. For
> > RSA_padding_add_PKCS1_PSS,what's the encoding method it use,
> > RSASSA-PKCS1-V1_5 or RSASSA-PSS? I found a email chain in the archive,
> > http://www.mail-archive.com/openssl-users@openssl.org/msg40229.html, which
> > said that RSASSA-PSS is not supported in the openssl at that time.  I really
> > appreciate your help. Before referring your code, I would like to make sure
> > the signature generation scheme. Thank you so much.
> 
> That message was from May 2005 and referred to OpenSSL 0.9.7c which indeed did
> not support PSS. The only PSS support included later required manually padding
> and verifying the signature via RSA primitives.
> 
> When OpenSSL was placed through the FIPS 140-2 validation PSS support was
> added to OpenSSL 0.9.8. Making incompatible changes to a stable branch is a
> no-no so the API was rather primitive. If you check the dgst code you'll see
> some of the parameters are included in a flag in the EVP_MD_CTX structure. 
> 
> OpenSSL 1.0.0 does things properly: you set the signature scheme
> and parameters using the new EVP_DigestSign*() APIs.
> 
> The latest development version (HEAD) has provisional support for PSS in
> certificates and certificate requests. It currently only supports PSS with RSA
> keys and not the PSS only restricted key type: I've not found any examples of
> that to test against yet.
> 
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@openssl.org
> Automated List Manager                           majord...@openssl.org
                                          
_________________________________________________________________
约会说不清地方?来试试微软地图最新msn互动功能!
http://ditu.live.com/?form=TL&swm=1

Reply via email to