签名算法中rsa_pss_pss_*和rsa_pss_rsae_*的区别

rsa_pss_pss_* 和 rsa_pss_rsae_* 的区别

对于签名来说

首先,对于签名来说,没区别。都是使用PSS流程进行签名。

对于公钥来说有区别

首先,加签方需要判断自己私钥对应的公钥: public key是什么类型的,如果 public keyrsaEncryption类型,则用rsa_pss_rsae_表示对应私钥的签名算法OID;
如果自己的public keyid-RSASSA-PSS,则使用rsa_pss_pss_进行表示对应私钥的签名算法OID;

换句话说,对于签名操作,如果对应公钥是rsaEncryption,其签名算法的OID可以是rsa_pss_rsae_,也可以是rsa_pkcs1_或者是ecdsa_secp256r1等非PSS类型的签名;对于公钥是id-RSASSA-PSS类型的签名操作,其签名算法的OID必须是rsa_pss_pss_

rsaEncryption类型公钥和签名:
这里写图片描述

id-RSASSA-PSS类型公钥和签名:
这里写图片描述
回过头来看RFC的描述,就去清楚什么了:

   RSASSA-PSS RSAE algorithms  Indicates a signature algorithm using
      RSASSA-PSS [RFC8017] with mask generation function 1.  The digest
      used in the mask generation function and the digest being signed
      are both the corresponding hash algorithm as defined in [SHS].
      The length of the salt MUST be equal to the length of the output
      of the digest algorithm.  If the public key is carried in an X.509
      certificate, it MUST use the rsaEncryption OID [RFC5280].

   RSASSA-PSS PSS algorithms  Indicates a signature algorithm using
      RSASSA-PSS [RFC8017] with mask generation function 1.  The digest
      used in the mask generation function and the digest being signed
      are both the corresponding hash algorithm as defined in [SHS].
      The length of the salt MUST be equal to the length of the digest
      algorithm.  If the public key is carried in an X.509 certificate,
      it MUST use the RSASSA-PSS OID [RFC5756].  When used in
      certificate signatures, the algorithm parameters MUST be DER
      encoded.  If the corresponding public key's parameters are
      present, then the parameters in the signature MUST be identical to
      those in the public key.
已标记关键词 清除标记
©️2020 CSDN 皮肤主题: 大白 设计师:CSDN官方博客 返回首页