man-pages/man7/RSA-PSS.7ssl.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of RSA-PSS</TITLE>
</HEAD><BODY>
<H1>RSA-PSS</H1>
Section: OpenSSL (7SSL)<BR>Updated: 2021-03-22<BR><A HREF="#index">Index</A>
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>






<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>

RSA-PSS - EVP_PKEY RSA-PSS algorithm support
<A NAME="lbAC">&nbsp;</A>
<H2>DESCRIPTION</H2>



The <B>RSA-PSS</B> <FONT SIZE="-1">EVP_PKEY</FONT> implementation is a restricted version of the <FONT SIZE="-1">RSA</FONT>
algorithm which only supports signing, verification and key generation
using <FONT SIZE="-1">PSS</FONT> padding modes with optional parameter restrictions.
<P>

It has associated private key and public key formats.
<P>

This algorithm shares several control operations with the <B></B><FONT SIZE="-1"><B>RSA</B></FONT><B></B> algorithm
but with some restrictions described below.
<A NAME="lbAD">&nbsp;</A>
<H3>Signing and Verification</H3>



Signing and verification is similar to the <B></B><FONT SIZE="-1"><B>RSA</B></FONT><B></B> algorithm except the
padding mode is always <FONT SIZE="-1">PSS.</FONT> If the key in use has parameter restrictions then
the corresponding signature parameters are set to the restrictions:
for example, if the key can only be used with digest <FONT SIZE="-1">SHA256, MGF1 SHA256</FONT>
and minimum salt length 32 then the digest, <FONT SIZE="-1">MGF1</FONT> digest and salt length
will be set to <FONT SIZE="-1">SHA256, SHA256</FONT> and 32 respectively.
<A NAME="lbAE">&nbsp;</A>
<H3>Key Generation</H3>



By default no parameter restrictions are placed on the generated key.
<A NAME="lbAF">&nbsp;</A>
<H2>NOTES</H2>



The public key format is documented in <FONT SIZE="-1">RFC4055.</FONT>
<P>

The PKCS#8 private key format used for RSA-PSS keys is similar to the <FONT SIZE="-1">RSA</FONT>
format except it uses the <B>id-RSASSA-PSS</B> <FONT SIZE="-1">OID</FONT> and the parameters field, if
present, restricts the key parameters in the same way as the public key.
<A NAME="lbAG">&nbsp;</A>
<H2>CONFORMING TO</H2>



<FONT SIZE="-1">RFC 4055</FONT>
<A NAME="lbAH">&nbsp;</A>
<H2>SEE ALSO</H2>



<B><A HREF="/cgi-bin/man/man2html?3+EVP_PKEY_CTX_set_rsa_pss_keygen_md">EVP_PKEY_CTX_set_rsa_pss_keygen_md</A></B>(3),
<B><A HREF="/cgi-bin/man/man2html?3+EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md">EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md</A></B>(3),
<B><A HREF="/cgi-bin/man/man2html?3+EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen">EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen</A></B>(3),
<B><A HREF="/cgi-bin/man/man2html?3+EVP_PKEY_CTX_new">EVP_PKEY_CTX_new</A></B>(3),
<B><A HREF="/cgi-bin/man/man2html?3+EVP_PKEY_CTX_ctrl_str">EVP_PKEY_CTX_ctrl_str</A></B>(3),
<B><A HREF="/cgi-bin/man/man2html?3+EVP_PKEY_derive">EVP_PKEY_derive</A></B>(3)
<A NAME="lbAI">&nbsp;</A>
<H2>COPYRIGHT</H2>



Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
<P>

Licensed under the OpenSSL license (the ``License'').  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file <FONT SIZE="-1">LICENSE</FONT> in the source distribution or at
&lt;<A HREF="https://www.openssl.org/source/license.html">https://www.openssl.org/source/license.html</A>&gt;.
<P>

<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT id="1"><A HREF="#lbAB">NAME</A><DD>
<DT id="2"><A HREF="#lbAC">DESCRIPTION</A><DD>
<DL>
<DT id="3"><A HREF="#lbAD">Signing and Verification</A><DD>
<DT id="4"><A HREF="#lbAE">Key Generation</A><DD>
</DL>
<DT id="5"><A HREF="#lbAF">NOTES</A><DD>
<DT id="6"><A HREF="#lbAG">CONFORMING TO</A><DD>
<DT id="7"><A HREF="#lbAH">SEE ALSO</A><DD>
<DT id="8"><A HREF="#lbAI">COPYRIGHT</A><DD>
</DL>
<HR>
This document was created by
<A HREF="/cgi-bin/man/man2html">man2html</A>,
using the manual pages.<BR>
Time: 00:06:09 GMT, March 31, 2021
</BODY>
</HTML>