• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1This is the same as rsa-pss-sha256.pem, except the signature was generated
2with a salt length of 33 instead of 32, while the algorithm still reports
3the standard value of 32.
4
5The public key in SPKI form:
6$ openssl pkey -in key.pem -pubout
7-----BEGIN PUBLIC KEY-----
8MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn56hwS55y9JG5gXkTQLX
9m/Q4HSJdP/kECgztMMQtqgiv+QdL0J5M7bQNbUK7ZhZt5pES5T0HjJcIENBvhXFz
10UZ3rBOMp4yESFLWoSL0quL0DAaRX/ZuZqT+Ow6LPdkwlv1JpKh03ylqxCGbw1bIF
11IEsFrp6QDndSPVI1ifd2QfYe+fdRQuF8emaGu50OKRSgziQB50JHKD0zRsh1cgUc
12QTyGUiFj2ndFXw1APzylU2+ouYurmN3ZCrvcP2J/qgQdAzDYRQ/bq/v7LNYQc+Gu
13d+EIzE3+9spybnWRi2aLrnGwwBCZs/bqc66waK0pzH8z/mDwbB2ZSIal6ARF0iWU
14XQIDAQAB
15-----END PUBLIC KEY-----
16
17The signing algorithm:
18
19$ openssl asn1parse -i < [ALGORITHM]
20    0:d=0  hl=2 l=  65 cons: SEQUENCE
21    2:d=1  hl=2 l=   9 prim:  OBJECT            :rsassaPss
22   13:d=1  hl=2 l=  52 cons:  SEQUENCE
23   15:d=2  hl=2 l=  15 cons:   cont [ 0 ]
24   17:d=3  hl=2 l=  13 cons:    SEQUENCE
25   19:d=4  hl=2 l=   9 prim:     OBJECT            :sha256
26   30:d=4  hl=2 l=   0 prim:     NULL
27   32:d=2  hl=2 l=  28 cons:   cont [ 1 ]
28   34:d=3  hl=2 l=  26 cons:    SEQUENCE
29   36:d=4  hl=2 l=   9 prim:     OBJECT            :mgf1
30   47:d=4  hl=2 l=  13 cons:     SEQUENCE
31   49:d=5  hl=2 l=   9 prim:      OBJECT            :sha256
32   60:d=5  hl=2 l=   0 prim:      NULL
33   62:d=2  hl=2 l=   3 cons:   cont [ 2 ]
34   64:d=3  hl=2 l=   1 prim:    INTEGER           :20
35-----BEGIN ALGORITHM-----
36MEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkqhkiG9w0BAQgw
37DQYJYIZIAWUDBAIBBQCiAwIBIA==
38-----END ALGORITHM-----
39
40-----BEGIN DATA-----
41x/UnD8pyX5vRn1GajXzKPMXAeQJAKfO65RD5sCFA/iOJCOT2wY8HqJxofIaEZpsfHbK6+SUaPIK
42frMtJMIThbsnijViGgHSl1iIWZ91uUo0W/iyfPbTPr2xNzoyEOa84zqqqnOLsrnvI9KWlXjv5bf
43nNV1xPnLMnlRuM3+QIcWg=
44-----END DATA-----
45
46The signature was generated with:
47$ openssl dgst -sign key.pem -sha256 -sigopt rsa_padding_mode:pss \
48    -sigopt rsa_pss_saltlen:33 < [DATA] > [SIGNATURE]
49
50Then the signature was wrapped in a BIT STRING.
51
52$ openssl asn1parse -i < [SIGNATURE]
53    0:d=0  hl=4 l= 257 prim: BIT STRING
54-----BEGIN SIGNATURE-----
55A4IBAQB4R+AnrWUH+TvyBU3yR1GP1ghodbwUZdyJfG1rqzEqpY/MJtsd1YM9bC9q
56FqHao1+idLj+WSl91hbtZAEtNb0TDdXkO+iattPYsTBAeLm70A7DbqwM7s/1rTp0
57KJ4QFOJe05wYO+p/zHZ4Oiyhx2bCx+8J1FLlYEtwR0NhwRwPflVO7TNZC1l40iqk
58iyxsJrXsibuFnFnBe6BytBdlKF/CHFuve6z5aLauuuQtA17I6YRZ4cdKceD9I3Hs
59NVhe+V1V10YoMDx3AywQTnaM+Au+VoxHU6oh9KP5lrrzBhPZPDtzfF++4Ag2Vd2O
60GFvPoL8xTp3S8QG5iVs90BkW8GvL
61-----END SIGNATURE-----
62