RE: questions about RSASSA-PSS
Dear Steve, Thank you for your reply. Now, I know the support status of RSASSA-PSS in the openssl. Thank you so much. Best Regards,Xiang Lu > Date: Tue, 22 Jun 2010 13:24:52 +0200 > From: st...@openssl.org > To: openssl-users@openssl.org > Subject: Re: questions about RSASSA-PSS > > On Tue, Jun 22, 2010, wrote: > > > > > Dear Mounir IDRASSI, I am sorry for the wrong title in the last email. I > > read your code. I am not sure about the lower-level encoding method. For > > RSA_padding_add_PKCS1_PSS,what's the encoding method it use, > > RSASSA-PKCS1-V1_5 or RSASSA-PSS? I found a email chain in the archive, > > http://www.mail-archive.com/openssl-users@openssl.org/msg40229.html, which > > said that RSASSA-PSS is not supported in the openssl at that time. I really > > appreciate your help. Before referring your code, I would like to make sure > > the signature generation scheme. Thank you so much. > > That message was from May 2005 and referred to OpenSSL 0.9.7c which indeed did > not support PSS. The only PSS support included later required manually padding > and verifying the signature via RSA primitives. > > When OpenSSL was placed through the FIPS 140-2 validation PSS support was > added to OpenSSL 0.9.8. Making incompatible changes to a stable branch is a > no-no so the API was rather primitive. If you check the dgst code you'll see > some of the parameters are included in a flag in the EVP_MD_CTX structure. > > OpenSSL 1.0.0 does things properly: you set the signature scheme > and parameters using the new EVP_DigestSign*() APIs. > > The latest development version (HEAD) has provisional support for PSS in > certificates and certificate requests. It currently only supports PSS with RSA > keys and not the PSS only restricted key type: I've not found any examples of > that to test against yet. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org _ 约会说不清地方?来试试微软地图最新msn互动功能! http://ditu.live.com/?form=TL&swm=1
Re: questions about RSASSA-PSS
On Tue, Jun 22, 2010, wrote: > > Dear Mounir IDRASSI, I am sorry for the wrong title in the last email. I > read your code. I am not sure about the lower-level encoding method. For > RSA_padding_add_PKCS1_PSS,what's the encoding method it use, > RSASSA-PKCS1-V1_5 or RSASSA-PSS? I found a email chain in the archive, > http://www.mail-archive.com/openssl-users@openssl.org/msg40229.html, which > said that RSASSA-PSS is not supported in the openssl at that time. I really > appreciate your help. Before referring your code, I would like to make sure > the signature generation scheme. Thank you so much. That message was from May 2005 and referred to OpenSSL 0.9.7c which indeed did not support PSS. The only PSS support included later required manually padding and verifying the signature via RSA primitives. When OpenSSL was placed through the FIPS 140-2 validation PSS support was added to OpenSSL 0.9.8. Making incompatible changes to a stable branch is a no-no so the API was rather primitive. If you check the dgst code you'll see some of the parameters are included in a flag in the EVP_MD_CTX structure. OpenSSL 1.0.0 does things properly: you set the signature scheme and parameters using the new EVP_DigestSign*() APIs. The latest development version (HEAD) has provisional support for PSS in certificates and certificate requests. It currently only supports PSS with RSA keys and not the PSS only restricted key type: I've not found any examples of that to test against yet. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: questions about RSASSA-PSS
1. As far as I can recall, the classic PKCS1 v1.x signing method wasn't called PSS. 2. openssl 0.9.8l is old and lacks some security updates included in later openssl 0.9.8 releases. Current 0.9.8 releases are 0.9.8o or (for new projects) 1.0.0a . On 22-06-2010 05:16, 芦翔 wrote: Dear Mounir IDRASSI, I am sorry for the wrong title in the last email. I read your code. I am not sure about the lower-level encoding method. For RSA_padding_add_PKCS1_PSS, what's the encoding method it use, RSASSA-PKCS1-V1_5 or RSASSA-PSS? I found a email chain in the archive, http://www.mail-archive.com/openssl-users@openssl.org/msg40229.html, which said that RSASSA-PSS is not supported in the openssl at that time. I really appreciate your help. Before referring your code, I would like to make sure the signature generation scheme. Thank you so much. Regards, Xiang From: luxiang...@hotmail.com To: openssl-users@openssl.org Subject: RE: questions about RSASSA-PSS Date: Tue, 22 Jun 2010 02:14:39 + Dear Cheers, Thank you for your help. I have downloaded your code. Thank you so much. Regards, Xiang > Date: Tue, 22 Jun 2010 03:46:51 +0200 > From: mounir.idra...@idrix.net > To: openssl-users@openssl.org > Subject: Re: questions about RSASSA-PSS > > Hi, > > The low-level functions RSA_padding_add_PKCS1_PSS and > RSA_verify_PKCS1_PSS will get the job done. > I have wrote last year a sample showing how they work. You can get it > here : http://www.idrix.fr/Root/Samples/openssl_pss_signature.c . > > For high-level function (maybe EVP interface), I will let other give > their hints. > > Cheers, > -- > Mounir IDRASSI > IDRIX > http://www.idrix.fr > > On 6/22/2010 3:26 AM, 芦翔 wrote: > > Hi all, > > Could anybody please tell me the support status of RSASSA-PSS in openss l with the version after 0.9.8l. If there is the implementation, could you please tell me which functions I can call directly for my project purpose. Thank you so much. > > Regards,Xiang > > _ > > MSN十年回馈,每位用户可免费获得价值25元的卡巴斯基反病毒软件2010激 活码,快来领取! > > http://kaba.msn.com.cn/?k=1 > > > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org 聊天+搜索+邮箱 想要轻松出游,手机MSN帮你搞定! 立刻下载! <http://3g.msn.cn/> 使用Messenger保护盾V2,支持多账号登录! 现在就下载! <http://www.windowslive.cn/safe/> __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: questions about RSASSA-PSS
Dear Mounir IDRASSI, I am sorry for the wrong title in the last email. I read your code. I am not sure about the lower-level encoding method. For RSA_padding_add_PKCS1_PSS,what's the encoding method it use, RSASSA-PKCS1-V1_5 or RSASSA-PSS? I found a email chain in the archive, http://www.mail-archive.com/openssl-users@openssl.org/msg40229.html, which said that RSASSA-PSS is not supported in the openssl at that time. I really appreciate your help. Before referring your code, I would like to make sure the signature generation scheme. Thank you so much. Regards,Xiang From: luxiang...@hotmail.com To: openssl-users@openssl.org Subject: RE: questions about RSASSA-PSS Date: Tue, 22 Jun 2010 02:14:39 + Dear Cheers, Thank you for your help. I have downloaded your code. Thank you so much. Regards,Xiang > Date: Tue, 22 Jun 2010 03:46:51 +0200 > From: mounir.idra...@idrix.net > To: openssl-users@openssl.org > Subject: Re: questions about RSASSA-PSS > > Hi, > > The low-level functions RSA_padding_add_PKCS1_PSS and > RSA_verify_PKCS1_PSS will get the job done. > I have wrote last year a sample showing how they work. You can get it > here : http://www.idrix.fr/Root/Samples/openssl_pss_signature.c . > > For high-level function (maybe EVP interface), I will let other give > their hints. > > Cheers, > -- > Mounir IDRASSI > IDRIX > http://www.idrix.fr > > On 6/22/2010 3:26 AM, 芦翔 wrote: > > Hi all, > > Could anybody please tell me the support status of RSASSA-PSS in openss l with the version after 0.9.8l. If there is the implementation, could you please tell me which functions I can call directly for my project purpose. Thank you so much. > > Regards,Xiang > > _ > > MSN十年回馈,每位用户可免费获得价值25元的卡巴斯基反病毒软件2010激活码,快来领取! > > http://kaba.msn.com.cn/?k=1 > > > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org 聊天+搜索+邮箱 想要轻松出游,手机MSN帮你搞定! 立刻下载! _ 一张照片的自白――Windows Live照片的可爱视频介绍 http://windowslivesky.spaces.live.com/blog/cns!5892B6048E2498BD!889.entry
RE: questions about RSASSA-PSS
Dear Cheers, Thank you for your help. I have downloaded your code. Thank you so much. Regards,Xiang > Date: Tue, 22 Jun 2010 03:46:51 +0200 > From: mounir.idra...@idrix.net > To: openssl-users@openssl.org > Subject: Re: questions about RSASSA-PSS > > Hi, > > The low-level functions RSA_padding_add_PKCS1_PSS and > RSA_verify_PKCS1_PSS will get the job done. > I have wrote last year a sample showing how they work. You can get it > here : http://www.idrix.fr/Root/Samples/openssl_pss_signature.c . > > For high-level function (maybe EVP interface), I will let other give > their hints. > > Cheers, > -- > Mounir IDRASSI > IDRIX > http://www.idrix.fr > > On 6/22/2010 3:26 AM, 芦翔 wrote: > > Hi all, > > Could anybody please tell me the support status of RSASSA-PSS in openssl > > with the version after 0.9.8l. If there is the implementation, could you > > please tell me which functions I can call directly for my project purpose. > > Thank you so much. > > Regards,Xiang > > _ > > MSN十年回馈,每位用户可免费获得价值25元的卡巴斯基反病毒软件2010激活码,快来领取! > > http://kaba.msn.com.cn/?k=1 > > > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager majord...@openssl.org _ SkyDrive电子画册,带你领略精彩照片,分享“美”时“美”刻! http://www.windowslive.cn/campaigns/e-magazine/ngmchina/?a=c
Re: questions about RSASSA-PSS
Hi, The low-level functions RSA_padding_add_PKCS1_PSS and RSA_verify_PKCS1_PSS will get the job done. I have wrote last year a sample showing how they work. You can get it here : http://www.idrix.fr/Root/Samples/openssl_pss_signature.c . For high-level function (maybe EVP interface), I will let other give their hints. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr On 6/22/2010 3:26 AM, 芦翔 wrote: > Hi all, > Could anybody please tell me the support status of RSASSA-PSS in openssl with > the version after 0.9.8l. If there is the implementation, could you please > tell me which functions I can call directly for my project purpose. Thank you > so much. > Regards,Xiang > _ > MSN十年回馈,每位用户可免费获得价值25元的卡巴斯基反病毒软件2010激活码,快来领取! > http://kaba.msn.com.cn/?k=1 > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
questions about RSASSA-PSS
Hi all, Could anybody please tell me the support status of RSASSA-PSS in openssl with the version after 0.9.8l. If there is the implementation, could you please tell me which functions I can call directly for my project purpose. Thank you so much. Regards,Xiang _ MSN十年回馈,每位用户可免费获得价值25元的卡巴斯基反病毒软件2010激活码,快来领取! http://kaba.msn.com.cn/?k=1
