Re: PKCS#1 v2.1 support

[Antonio Ruiz Martínez]

Dr. Stephen Henson wrote: On Wed, Nov 09, 2005, Antonio Ruiz Martnez wrote: Hello! I would like to know if openssl is fully compliant with PKCS#1 v2.1 or if it is planned to support it in short. Could you help me, please? Depends on what you mean by "fully compliant"... I would like to know if it supports the signature functions: RSASP1, RSAVP1, RSASSA-PSS and RSASSA-PKCS1-V1_5. I know that openssl supports rsassa-pkcs1-v1_5 but I don't know if the other ones are supported. The question is that I have received a PKCS#1 that claims to be compliant with PKCS#1 v2.1. With the openssl, with rsautl, I'm getting an error telling me that the object is too long.... Then I have decrypted the information received and I have seen that its length it is 20 bytes, that is, a sha-1 digest. In PKCS#1 v1.5, it is not possible because we have to used the DigestInfo structure and that it is the reason because I'm getting the error with rsautl. Then, I have been reading the PKCS#1 v2.1 standard and the funtions RSASSA-PSS and RSASSA-PKCS1-V1_5 have and encoding function but RSASP1, RSAVP1 not. After reading it I'm not sure it is possible to put directly the hash and openssl is not fully compliant or I don't understand very well the standard. Regards, Antonio.