maskGenAlgorithm for RSA signature with PKCS1-PSS padding





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}







3















I am generating RSA signature using RSA_PKCS1_PSS_PADDING. I am setting digest algorithm as SHA256 using EVP_get_digestbyname() and EVP_DigestSignInit(). And salt length parameter as -1 using EVP_PKEY_CTX_set_rsa_pss_saltlen().



I have EVP_MD_CTX, EVP_MD and EVP_PKEY_CTX structures used for signature generation.



How can I get the name of Mask generation algorithm name used by OpenSSL by default? Is there any API provided for getting it?



Edit: OpenSSL version used: 1.1.0g.






rsa signature openssl







share|improve this question













migrated from crypto.stackexchange.com Jan 3 at 11:33


This question came from our site for software developers, mathematicians and others interested in cryptography.



















  • EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md sets mgf1 digest. I need to get the digest name used by OpenSSL by default.

    – mk09
    Jan 3 at 10:36


















3















I am generating RSA signature using RSA_PKCS1_PSS_PADDING. I am setting digest algorithm as SHA256 using EVP_get_digestbyname() and EVP_DigestSignInit(). And salt length parameter as -1 using EVP_PKEY_CTX_set_rsa_pss_saltlen().



I have EVP_MD_CTX, EVP_MD and EVP_PKEY_CTX structures used for signature generation.



How can I get the name of Mask generation algorithm name used by OpenSSL by default? Is there any API provided for getting it?



Edit: OpenSSL version used: 1.1.0g.






rsa signature openssl







share|improve this question













migrated from crypto.stackexchange.com Jan 3 at 11:33


This question came from our site for software developers, mathematicians and others interested in cryptography.



















  • EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md sets mgf1 digest. I need to get the digest name used by OpenSSL by default.

    – mk09
    Jan 3 at 10:36














3












3








3








I am generating RSA signature using RSA_PKCS1_PSS_PADDING. I am setting digest algorithm as SHA256 using EVP_get_digestbyname() and EVP_DigestSignInit(). And salt length parameter as -1 using EVP_PKEY_CTX_set_rsa_pss_saltlen().



I have EVP_MD_CTX, EVP_MD and EVP_PKEY_CTX structures used for signature generation.



How can I get the name of Mask generation algorithm name used by OpenSSL by default? Is there any API provided for getting it?



Edit: OpenSSL version used: 1.1.0g.






rsa signature openssl







share|improve this question














I am generating RSA signature using RSA_PKCS1_PSS_PADDING. I am setting digest algorithm as SHA256 using EVP_get_digestbyname() and EVP_DigestSignInit(). And salt length parameter as -1 using EVP_PKEY_CTX_set_rsa_pss_saltlen().



I have EVP_MD_CTX, EVP_MD and EVP_PKEY_CTX structures used for signature generation.



How can I get the name of Mask generation algorithm name used by OpenSSL by default? Is there any API provided for getting it?



Edit: OpenSSL version used: 1.1.0g.






rsa signature openssl




rsa signature openssl






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Jan 3 at 5:49









mk09mk09

586




586




migrated from crypto.stackexchange.com Jan 3 at 11:33


This question came from our site for software developers, mathematicians and others interested in cryptography.









migrated from crypto.stackexchange.com Jan 3 at 11:33


This question came from our site for software developers, mathematicians and others interested in cryptography.















  • EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md sets mgf1 digest. I need to get the digest name used by OpenSSL by default.

    – mk09
    Jan 3 at 10:36



















  • EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md sets mgf1 digest. I need to get the digest name used by OpenSSL by default.

    – mk09
    Jan 3 at 10:36

















EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md sets mgf1 digest. I need to get the digest name used by OpenSSL by default.

– mk09
Jan 3 at 10:36





EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md sets mgf1 digest. I need to get the digest name used by OpenSSL by default.

– mk09
Jan 3 at 10:36












1 Answer
1






active

oldest

votes


















3














RSASSA-PSS is in practice always used with MGF1 as the Mask Generation Function. The only variation is which Message Digest is used internally by MGF1.



Sometime that's the same Message Digest as the one used for hashing the message and building the tag in PSS, because that makes the most sense. Other times it is SHA-1 because that used to be the default MD for early RSASSA-PSS APIs, thus for the associated MGF1.



In an ideal world, some attribute (in the signature, or/and in the public key certificate used to check the signature) would tell MGF1-with-such-MD, perhaps by way of some Object IDentifier like we have to specify PSS. But crypto APIs are hell.




In order to control what Message Digest is used by MGF1, we want something on the tune of what -sigopt rsa_mgf1_md:sha256 does in the openssl dgst command.



My best guess is to set the MGF1 digest using



assert(EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, EVP_sha256)>=0);


or get it using EVP_PKEY_CTX_get_rsa_mgf1_md() as documented:




The EVP_PKEY_CTX_get_rsa_mgf1_md() macro gets the MGF1 digest for ctx. If not explicitly set the signing digest is used. The padding mode must have been set to RSA_PKCS1_OAEP_PADDING or RSA_PKCS1_PSS_PADDING.







share|improve this answer





















  • 1





    A.2.3 in v2.2 defines an ASN.1 structure for PSS parameters, which OpenSSL does implement when used in CMS (and SMIME), but AFAICS does not expose otherwise.

    – dave_thompson_085
    Jan 4 at 5:25











  • EVP_PKEY_CTX_get_rsa_mgf1_md gives EVP_MD **md structure as output. But I'm unable to find a way to get digest name out of it. Can we get digest name from this structure?

    – mk09
    Jan 4 at 9:00












Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54021467%2fmaskgenalgorithm-for-rsa-signature-with-pkcs1-pss-padding%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









3














RSASSA-PSS is in practice always used with MGF1 as the Mask Generation Function. The only variation is which Message Digest is used internally by MGF1.



Sometime that's the same Message Digest as the one used for hashing the message and building the tag in PSS, because that makes the most sense. Other times it is SHA-1 because that used to be the default MD for early RSASSA-PSS APIs, thus for the associated MGF1.



In an ideal world, some attribute (in the signature, or/and in the public key certificate used to check the signature) would tell MGF1-with-such-MD, perhaps by way of some Object IDentifier like we have to specify PSS. But crypto APIs are hell.




In order to control what Message Digest is used by MGF1, we want something on the tune of what -sigopt rsa_mgf1_md:sha256 does in the openssl dgst command.



My best guess is to set the MGF1 digest using



assert(EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, EVP_sha256)>=0);


or get it using EVP_PKEY_CTX_get_rsa_mgf1_md() as documented:




The EVP_PKEY_CTX_get_rsa_mgf1_md() macro gets the MGF1 digest for ctx. If not explicitly set the signing digest is used. The padding mode must have been set to RSA_PKCS1_OAEP_PADDING or RSA_PKCS1_PSS_PADDING.







share|improve this answer





















  • 1





    A.2.3 in v2.2 defines an ASN.1 structure for PSS parameters, which OpenSSL does implement when used in CMS (and SMIME), but AFAICS does not expose otherwise.

    – dave_thompson_085
    Jan 4 at 5:25











  • EVP_PKEY_CTX_get_rsa_mgf1_md gives EVP_MD **md structure as output. But I'm unable to find a way to get digest name out of it. Can we get digest name from this structure?

    – mk09
    Jan 4 at 9:00
















3














RSASSA-PSS is in practice always used with MGF1 as the Mask Generation Function. The only variation is which Message Digest is used internally by MGF1.



Sometime that's the same Message Digest as the one used for hashing the message and building the tag in PSS, because that makes the most sense. Other times it is SHA-1 because that used to be the default MD for early RSASSA-PSS APIs, thus for the associated MGF1.



In an ideal world, some attribute (in the signature, or/and in the public key certificate used to check the signature) would tell MGF1-with-such-MD, perhaps by way of some Object IDentifier like we have to specify PSS. But crypto APIs are hell.




In order to control what Message Digest is used by MGF1, we want something on the tune of what -sigopt rsa_mgf1_md:sha256 does in the openssl dgst command.



My best guess is to set the MGF1 digest using



assert(EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, EVP_sha256)>=0);


or get it using EVP_PKEY_CTX_get_rsa_mgf1_md() as documented:




The EVP_PKEY_CTX_get_rsa_mgf1_md() macro gets the MGF1 digest for ctx. If not explicitly set the signing digest is used. The padding mode must have been set to RSA_PKCS1_OAEP_PADDING or RSA_PKCS1_PSS_PADDING.







share|improve this answer





















  • 1





    A.2.3 in v2.2 defines an ASN.1 structure for PSS parameters, which OpenSSL does implement when used in CMS (and SMIME), but AFAICS does not expose otherwise.

    – dave_thompson_085
    Jan 4 at 5:25











  • EVP_PKEY_CTX_get_rsa_mgf1_md gives EVP_MD **md structure as output. But I'm unable to find a way to get digest name out of it. Can we get digest name from this structure?

    – mk09
    Jan 4 at 9:00














3












3








3







RSASSA-PSS is in practice always used with MGF1 as the Mask Generation Function. The only variation is which Message Digest is used internally by MGF1.



Sometime that's the same Message Digest as the one used for hashing the message and building the tag in PSS, because that makes the most sense. Other times it is SHA-1 because that used to be the default MD for early RSASSA-PSS APIs, thus for the associated MGF1.



In an ideal world, some attribute (in the signature, or/and in the public key certificate used to check the signature) would tell MGF1-with-such-MD, perhaps by way of some Object IDentifier like we have to specify PSS. But crypto APIs are hell.




In order to control what Message Digest is used by MGF1, we want something on the tune of what -sigopt rsa_mgf1_md:sha256 does in the openssl dgst command.



My best guess is to set the MGF1 digest using



assert(EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, EVP_sha256)>=0);


or get it using EVP_PKEY_CTX_get_rsa_mgf1_md() as documented:




The EVP_PKEY_CTX_get_rsa_mgf1_md() macro gets the MGF1 digest for ctx. If not explicitly set the signing digest is used. The padding mode must have been set to RSA_PKCS1_OAEP_PADDING or RSA_PKCS1_PSS_PADDING.







share|improve this answer















RSASSA-PSS is in practice always used with MGF1 as the Mask Generation Function. The only variation is which Message Digest is used internally by MGF1.



Sometime that's the same Message Digest as the one used for hashing the message and building the tag in PSS, because that makes the most sense. Other times it is SHA-1 because that used to be the default MD for early RSASSA-PSS APIs, thus for the associated MGF1.



In an ideal world, some attribute (in the signature, or/and in the public key certificate used to check the signature) would tell MGF1-with-such-MD, perhaps by way of some Object IDentifier like we have to specify PSS. But crypto APIs are hell.




In order to control what Message Digest is used by MGF1, we want something on the tune of what -sigopt rsa_mgf1_md:sha256 does in the openssl dgst command.



My best guess is to set the MGF1 digest using



assert(EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, EVP_sha256)>=0);


or get it using EVP_PKEY_CTX_get_rsa_mgf1_md() as documented:




The EVP_PKEY_CTX_get_rsa_mgf1_md() macro gets the MGF1 digest for ctx. If not explicitly set the signing digest is used. The padding mode must have been set to RSA_PKCS1_OAEP_PADDING or RSA_PKCS1_PSS_PADDING.








share|improve this answer














share|improve this answer



share|improve this answer








edited Jan 4 at 8:24

























answered Jan 3 at 14:25









fgrieufgrieu

1,26211327




1,26211327








  • 1





    A.2.3 in v2.2 defines an ASN.1 structure for PSS parameters, which OpenSSL does implement when used in CMS (and SMIME), but AFAICS does not expose otherwise.

    – dave_thompson_085
    Jan 4 at 5:25











  • EVP_PKEY_CTX_get_rsa_mgf1_md gives EVP_MD **md structure as output. But I'm unable to find a way to get digest name out of it. Can we get digest name from this structure?

    – mk09
    Jan 4 at 9:00














  • 1





    A.2.3 in v2.2 defines an ASN.1 structure for PSS parameters, which OpenSSL does implement when used in CMS (and SMIME), but AFAICS does not expose otherwise.

    – dave_thompson_085
    Jan 4 at 5:25











  • EVP_PKEY_CTX_get_rsa_mgf1_md gives EVP_MD **md structure as output. But I'm unable to find a way to get digest name out of it. Can we get digest name from this structure?

    – mk09
    Jan 4 at 9:00








1




1





A.2.3 in v2.2 defines an ASN.1 structure for PSS parameters, which OpenSSL does implement when used in CMS (and SMIME), but AFAICS does not expose otherwise.

– dave_thompson_085
Jan 4 at 5:25





A.2.3 in v2.2 defines an ASN.1 structure for PSS parameters, which OpenSSL does implement when used in CMS (and SMIME), but AFAICS does not expose otherwise.

– dave_thompson_085
Jan 4 at 5:25













EVP_PKEY_CTX_get_rsa_mgf1_md gives EVP_MD **md structure as output. But I'm unable to find a way to get digest name out of it. Can we get digest name from this structure?

– mk09
Jan 4 at 9:00





EVP_PKEY_CTX_get_rsa_mgf1_md gives EVP_MD **md structure as output. But I'm unable to find a way to get digest name out of it. Can we get digest name from this structure?

– mk09
Jan 4 at 9:00




















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54021467%2fmaskgenalgorithm-for-rsa-signature-with-pkcs1-pss-padding%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

MongoDB - Not Authorized To Execute Command

Image
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 0 I have successfully enabled authorization on MongoDB and I have created an account on the admin database and then I created an account for my database called test. The following connection string to connect to my test database works successfully: mongo --host 192.168.17.52 --port 27017 -u user1 -p password --authenticationDatabase test Only problem I have now is, I cannot execute commands such as: show dbs. I get the following error when I try to do so: "errmsg" : "not authorized on admin to execute command { listDatabases: 1.0, lsid: { id: UUID("a1d5bc0d-bc58-485e-b232-270758a89455") }, $db: "admin...
Read more

in spring boot 2.1 many test slices are not allowed anymore due to multiple @BootstrapWith

Image
1 I tried to upgrade a yummy sandwich made of two test slices (@JsonTest and @JdbcTest in my case, crunchy test code in between) adding spring boot 2.1 flavour to it. But it seems it was not much of a success. I cannot annotate my tests with many @...Test since they are now each bringing their own XxxTestContextBootstrapper. It used to work when they all used same SpringBootTestContextBootstrapper. @RunWith(SpringRunner.class) @JdbcTest @JsonTest public class Test { @Test public void test() { System.out.printn("Hello, World !"); } } The error I get from BootstrapUtils is illegalStateException : Configuration error: found multiple declarations of @BootstrapWith for test class I understand I might be doing something wrong here but is there an easy way I could load both Json and Jdbc contex...
Read more

Npm cannot find a required file even through it is in the searched directory

Image
up vote 0 down vote favorite I got that error: users-Air:pdfuploader user$ npm run start client@0.1.0 start /Users/user/Documents/pdfuploader react-scripts start Could not find a required file. Name: index.html Searched in: /Users/user/Documents/pdfuploader/public npm ERR! code ELIFECYCLE npm ERR! errno 1 npm ERR! client@0.1.0 start: `react-scripts start` npm ERR! Exit status 1 npm ERR! npm ERR! Failed at the client@0.1.0 start script. npm ERR! This is probably not a problem with npm. There is likely additional logging output above. npm ERR! A complete log of this run can be found in: npm ERR! /Users/user/.npm/_logs/2018-11-19T10_19_14_555Z-debug.log users-Air:pdfuploader user$ And the file is in /Users/user/Documents/pdfuploader/public as you can see in my github repository: https://github.c...
Read more