> On May 22, 2019, at 6:18 PM, Alberto Leiva <[email protected]> wrote:
>
> Hello
>
> Another question.
>
> RFC 7935 states the following:
>
> 3.1. Public Key Format
>
> (...)
>
> algorithm (which is an AlgorithmIdentifier type):
> The object identifier for RSA PKCS #1 v1.5 with SHA-256 MUST be
> used in the algorithm field, as specified in Section 5 of
> [RFC4055]. The value for the associated parameters from that
> clause MUST also be used for the parameters field.
>
> I've never seen a certificate that declares sha256WithRSAEncryption ({
> pkcs-1 11 }) as its public key algorithm. Every certificate I've come
> across labels its algorithm as rsaEncryption ({ pkcs-1 1 }).
>
> (Certificates always define the signature algorithm as
> sha256WithRSAEncryption, but that's a different field.)
>
> Is everyone doing it wrong, or am I missing something?
>
> I'm aware that this is likely a triviality--rsaEncryption and
> sha256WithRSAEncryption probably mean the same in this context.
> There's also a thread in this list in which people seem to have
> experienced headaches over this topic. But the thread is talking about
> CMS signed objects (which I believe is different from certificates),
> and happened before 7935 was released, so it feels like the RFC should
> mandate something consistent with reality by now.
>
> Thanks for any pointers.
You are right.
In the subjectPublicKeyInfo, the algorithm identifier should be rsaEncryption,
which is { 1, 2, 840, 113549, 1, 1, 1 }. This allow the public key to be used
with PKCS#1 v1.5, RSASSA-PSS, and RSAES-OAEP.
In the signature, the algorithm identifier should be sha256WithRSAEncryption,
which is { 1, 2, 840, 113549, 1, 1, 11 }. This identifies PKCS#1 v1.5 with
SHA-256 as the hash algorithm.
Russ
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
