This is not currrently supported. The latest development releases
include support for PSS in certificates and certificate requests but
no OAEP/PSS support for CMS yet.
Do you know of any examples using these modes?
I don't know of any such examples. I thought about using OpenSSL's CMS
functionality as a ready solution for message exchange between two
servers that have the same software, instead of directly using
dgst -sign / rand -base64 (session key) / enc / pkeyutl -encrypt (upon
sending a message) and pkeyutl -decrypt / enc -d / dgst -verify (upon
receiving a message). CMS also has the benefit of failing if
certificates don't verify against a trusted root CA, whereas failure
needs to be simulated for openssl verify.
But thinking about it, am I right that for CMS, the padding mechanism
doesn't really matter (as long as one is used), because
asymmetric keys are only used for signing a digest, and encrypting a
random session key? Which padding mechanism is used in CMS, the one
defined in PKCS 1.5?
Although, even if that is true, having OAEP/PSS in CMS would still be
nice, from cryptographic standards compliance point of view.
Thanks,
Michael
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org