Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for RSA-PSS-only keys #489

Open
Jakuje opened this issue Dec 17, 2024 · 0 comments
Open

Support for RSA-PSS-only keys #489

Jakuje opened this issue Dec 17, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@Jakuje
Copy link
Contributor

Jakuje commented Dec 17, 2024

Describe the feature
The OpenSSL (mostly in the context of TLS 1.3) supports special RSA keys, that are designated only to the PSS operation. These could be distinguished on the PKCS#11 level as RSA keys with ALLOWED_MECHANISMS set to only RSA-PSS mechanisms or by having associated certificate with RSA-PSS usage (will have to go back to figure out the right name).

Expected behavior
Reading the PKCS#11 objects should try to derive the RSA/RSA-PSS and return different OpenSSL key types based on the allowed mechanisms (if supported by the token) or associated certificate.

Additional context
We already have a way to set the ALLOWED_MECHANISMS when we generate key, but it still results in generic RSA key instead of the RSA-PSS one.

https://docs.openssl.org/3.1/man7/RSA-PSS/
@Jakuje Jakuje added the enhancement New feature or request label Dec 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Jakuje