Re: [sidr] rsaEncryption vs sha256WithRSAEncryption in RPKI certificates

Thu, 23 May 2019 11:17:37 -0700 

I see. Is this erratum-worthy?

On Thu, May 23, 2019 at 11:23 AM Russ Housley <hous...@vigilsec.com> wrote:
>
>
>
> > On May 22, 2019, at 6:18 PM, Alberto Leiva <ydah...@gmail.com> wrote:
> >
> > Hello
> >
> > Another question.
> >
> > RFC 7935 states the following:
> >
> > 3.1.  Public Key Format
> >
> >   (...)
> >
> >   algorithm (which is an AlgorithmIdentifier type):
> >      The object identifier for RSA PKCS #1 v1.5 with SHA-256 MUST be
> >      used in the algorithm field, as specified in Section 5 of
> >      [RFC4055].  The value for the associated parameters from that
> >      clause MUST also be used for the parameters field.
> >
> > I've never seen a certificate that declares sha256WithRSAEncryption ({
> > pkcs-1 11 }) as its public key algorithm. Every certificate I've come
> > across labels its algorithm as rsaEncryption ({ pkcs-1 1 }).
> >
> > (Certificates always define the signature algorithm as
> > sha256WithRSAEncryption, but that's a different field.)
> >
> > Is everyone doing it wrong, or am I missing something?
> >
> > I'm aware that this is likely a triviality--rsaEncryption and
> > sha256WithRSAEncryption probably mean the same in this context.
> > There's also a thread in this list in which people seem to have
> > experienced headaches over this topic. But the thread is talking about
> > CMS signed objects (which I believe is different from certificates),
> > and happened before 7935 was released, so it feels like the RFC should
> > mandate something consistent with reality by now.
> >
> > Thanks for any pointers.
>
> You are right.
>
> In the subjectPublicKeyInfo, the algorithm identifier should be 
> rsaEncryption, which is { 1, 2, 840, 113549, 1, 1, 1 }.  This allow the 
> public key to be used with PKCS#1 v1.5, RSASSA-PSS, and RSAES-OAEP.
>
> In the signature, the algorithm identifier should be sha256WithRSAEncryption, 
> which is { 1, 2, 840, 113549, 1, 1, 11 }.  This identifies PKCS#1 v1.5 with 
> SHA-256 as the hash algorithm.
>
> Russ
>
>

_______________________________________________
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr

Reply via email to