Re: [sidr] rsaEncryption vs sha256WithRSAEncryption in RPKI certificates

Thu, 23 May 2019 14:11:30 -0700 

> Routinator
> does indeed require that. It doesn’t insist on the presence of the NULL,
> though, and allows absent parameters.

Lol. So you struggled with absent vs NULL parameters too?
I wondered whether I should have included that too in this query.

On Thu, May 23, 2019 at 1:16 PM Alberto Leiva <ydah...@gmail.com> wrote:
>
> I see. Is this erratum-worthy?
>
> On Thu, May 23, 2019 at 11:23 AM Russ Housley <hous...@vigilsec.com> wrote:
> >
> >
> >
> > > On May 22, 2019, at 6:18 PM, Alberto Leiva <ydah...@gmail.com> wrote:
> > >
> > > Hello
> > >
> > > Another question.
> > >
> > > RFC 7935 states the following:
> > >
> > > 3.1.  Public Key Format
> > >
> > >   (...)
> > >
> > >   algorithm (which is an AlgorithmIdentifier type):
> > >      The object identifier for RSA PKCS #1 v1.5 with SHA-256 MUST be
> > >      used in the algorithm field, as specified in Section 5 of
> > >      [RFC4055].  The value for the associated parameters from that
> > >      clause MUST also be used for the parameters field.
> > >
> > > I've never seen a certificate that declares sha256WithRSAEncryption ({
> > > pkcs-1 11 }) as its public key algorithm. Every certificate I've come
> > > across labels its algorithm as rsaEncryption ({ pkcs-1 1 }).
> > >
> > > (Certificates always define the signature algorithm as
> > > sha256WithRSAEncryption, but that's a different field.)
> > >
> > > Is everyone doing it wrong, or am I missing something?
> > >
> > > I'm aware that this is likely a triviality--rsaEncryption and
> > > sha256WithRSAEncryption probably mean the same in this context.
> > > There's also a thread in this list in which people seem to have
> > > experienced headaches over this topic. But the thread is talking about
> > > CMS signed objects (which I believe is different from certificates),
> > > and happened before 7935 was released, so it feels like the RFC should
> > > mandate something consistent with reality by now.
> > >
> > > Thanks for any pointers.
> >
> > You are right.
> >
> > In the subjectPublicKeyInfo, the algorithm identifier should be 
> > rsaEncryption, which is { 1, 2, 840, 113549, 1, 1, 1 }.  This allow the 
> > public key to be used with PKCS#1 v1.5, RSASSA-PSS, and RSAES-OAEP.
> >
> > In the signature, the algorithm identifier should be 
> > sha256WithRSAEncryption, which is { 1, 2, 840, 113549, 1, 1, 11 }.  This 
> > identifies PKCS#1 v1.5 with SHA-256 as the hash algorithm.
> >
> > Russ
> >
> >

_______________________________________________
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr

Reply via email to