Hi All,


My ultimate goal is to generate an RSA-PSS key that will have the PSS
parameters in the subjectPublicKey section of the TBSCertificate. In order
to do that the first need is a paramfile. Here's the command being used to
to generate the parameter file:


OpenSSL> genpkey -genparam -paramfile .\pem\rsapssParams.pem -pkeyopt
rsa_keygen_bits:2048 -pkeyopt rsa_pss_keygen_md:sha256 -pkeyopt
rsa_pss_keygen_mgf1_md:sha256 -pkeyopt rsa_pss_keygen_saltlen:120


But, it returns the error:

NB: options order may be important!  See the manual page.

error in genpkey


The genpkey man page says for the -genparam option, "If used this option
must precede any -algorithm, -paramfile or -pkeyopt options.

With regard to the -paramfile option it says, "If used this option must
precede any -pkeyopt options.


Thus, with -genparam first followed by the -paramfile option and capped off
with the -pkeyopt options it looks to me that the order is correct.


If anyone has any enlightenment for me I'd be eternally grateful. 







Steven Madwin

Software QA Engineer

Adobe Systems Incorporated

345 Park Avenue, MS-W15

San Jose, CA 95110-2704 USA

Phone:   408.536.4343

Fax:         408.536.6024

 <mailto:steven.mad...@adobe.com> steven.mad...@adobe.com



Attachment: smime.p7s
Description: S/MIME cryptographic signature

openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to