using a hash other than sha1 for OAEP with OpenSSL / CLI
The rsautl OpenSSL utility does not appear to have a setting wherein the hash for OAEP can be changed. My testing suggests that it just defaults to sha1 and that's it.
My question is... is there a way to change the hash?
The command I used to test it out:
openssl rsautl -inkey publickey.txt -encrypt -oaep -in plaintext.txt -out ciphertext.txt
rsa openssl
asked Dec 21 '15 at 13:50
neubertneubert
1,828174688
migrated from crypto.stackexchange.com Dec 22 '15 at 10:38
This question came from our site for software developers, mathematicians and others interested in cryptography.
add a comment |
The rsautl OpenSSL utility does not appear to have a setting wherein the hash for OAEP can be changed. My testing suggests that it just defaults to sha1 and that's it.
My question is... is there a way to change the hash?
The command I used to test it out:
openssl rsautl -inkey publickey.txt -encrypt -oaep -in plaintext.txt -out ciphertext.txt
rsa openssl
asked Dec 21 '15 at 13:50
neubertneubert
1,828174688
migrated from crypto.stackexchange.com Dec 22 '15 at 10:38
This question came from our site for software developers, mathematicians and others interested in cryptography.
add a comment |
The rsautl OpenSSL utility does not appear to have a setting wherein the hash for OAEP can be changed. My testing suggests that it just defaults to sha1 and that's it.
My question is... is there a way to change the hash?
The command I used to test it out:
openssl rsautl -inkey publickey.txt -encrypt -oaep -in plaintext.txt -out ciphertext.txt
rsa openssl
asked Dec 21 '15 at 13:50
neubertneubert
1,828174688
The rsautl OpenSSL utility does not appear to have a setting wherein the hash for OAEP can be changed. My testing suggests that it just defaults to sha1 and that's it.
My question is... is there a way to change the hash?
The command I used to test it out:
openssl rsautl -inkey publickey.txt -encrypt -oaep -in plaintext.txt -out ciphertext.txt
rsa openssl
rsa openssl
asked Dec 21 '15 at 13:50
neubertneubert
1,828174688
asked Dec 21 '15 at 13:50
neubertneubert
1,828174688
asked Dec 21 '15 at 13:50
neubertneubert
1,828174688
asked Dec 21 '15 at 13:50
neubertneubert
1,828174688
asked Dec 21 '15 at 13:50
neubertneubert
1,828174688
1,828174688
migrated from crypto.stackexchange.com Dec 22 '15 at 10:38
This question came from our site for software developers, mathematicians and others interested in cryptography.
migrated from crypto.stackexchange.com Dec 22 '15 at 10:38
This question came from our site for software developers, mathematicians and others interested in cryptography.
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
rsautl which is ancient, no. pkeyutl which was supposed to supersede rsautl in 2010, yes. -pkeyopt rsa_oaep_md:name or rsa_mgf1_md:name where name is a hash as in your Q on PSS.
Note for pkeyutl (edit) before 1.1.0 the order of options matters; you must do -encrypt then -inkey rsaprivate then -pkeyopt (not currently documented AFAICS, though the analogous cases in genpkey are) and you need to do rsa_padding_mode:oaep before rsa_{oaep,mgf1}_md:hash .
Same possible issue with FIPS mode.
answered Dec 21 '15 at 16:05
dave_thompson_085dave_thompson_085
1,6821811
2
I was trying this just now (maybe I tried it earlier too idk) and I had to do-pkeyoptbefore each option. eg.openssl pkeyutl -in ciphertext.txt -decrypt -inkey test.pem -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha1. So in that case I needed to do it once for each option - not once globally.
– neubert
Sep 17 '16 at 5:06
1
@neubert: yes you need-pkeyoptfor each key-option; I thought that part was clear from the manpage and didn't repeat it. But the requirements on order were (and are) not all documented AFAICS, and such requirements are unusual foropenssl, so I called them out.
– dave_thompson_085
Sep 19 '16 at 6:16
1
The ordering doesn't appear to matter with OpenSSL 1.1.0f, but I couldn't find these options documented. Although-pkeyopt rsa_oaep_md:sha256works, it is not mentioned onman pkeyutl.
– starfry
Jun 23 '17 at 9:04
@starfry: (don't know why I wasn't notified at the time) yes, 1.1.0, released 8 months after I wrote this answer, completely reimplemented option handling for all commandline operations; edited for anyone else who comes along. It'srsa_mgf1_mdwhich applies to both OAEP and PSS -- and is documented in 1.1.1 which turnaboutly postdates your comment :-)
– dave_thompson_085
Feb 5 at 2:25
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1016696%2fusing-a-hash-other-than-sha1-for-oaep-with-openssl-cli%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
rsautl which is ancient, no. pkeyutl which was supposed to supersede rsautl in 2010, yes. -pkeyopt rsa_oaep_md:name or rsa_mgf1_md:name where name is a hash as in your Q on PSS.
Note for pkeyutl (edit) before 1.1.0 the order of options matters; you must do -encrypt then -inkey rsaprivate then -pkeyopt (not currently documented AFAICS, though the analogous cases in genpkey are) and you need to do rsa_padding_mode:oaep before rsa_{oaep,mgf1}_md:hash .
Same possible issue with FIPS mode.
answered Dec 21 '15 at 16:05
dave_thompson_085dave_thompson_085
1,6821811
2
I was trying this just now (maybe I tried it earlier too idk) and I had to do-pkeyoptbefore each option. eg.openssl pkeyutl -in ciphertext.txt -decrypt -inkey test.pem -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha1. So in that case I needed to do it once for each option - not once globally.
– neubert
Sep 17 '16 at 5:06
1
@neubert: yes you need-pkeyoptfor each key-option; I thought that part was clear from the manpage and didn't repeat it. But the requirements on order were (and are) not all documented AFAICS, and such requirements are unusual foropenssl, so I called them out.
– dave_thompson_085
Sep 19 '16 at 6:16
1
The ordering doesn't appear to matter with OpenSSL 1.1.0f, but I couldn't find these options documented. Although-pkeyopt rsa_oaep_md:sha256works, it is not mentioned onman pkeyutl.
– starfry
Jun 23 '17 at 9:04
@starfry: (don't know why I wasn't notified at the time) yes, 1.1.0, released 8 months after I wrote this answer, completely reimplemented option handling for all commandline operations; edited for anyone else who comes along. It'srsa_mgf1_mdwhich applies to both OAEP and PSS -- and is documented in 1.1.1 which turnaboutly postdates your comment :-)
– dave_thompson_085
Feb 5 at 2:25
add a comment |
rsautl which is ancient, no. pkeyutl which was supposed to supersede rsautl in 2010, yes. -pkeyopt rsa_oaep_md:name or rsa_mgf1_md:name where name is a hash as in your Q on PSS.
Note for pkeyutl (edit) before 1.1.0 the order of options matters; you must do -encrypt then -inkey rsaprivate then -pkeyopt (not currently documented AFAICS, though the analogous cases in genpkey are) and you need to do rsa_padding_mode:oaep before rsa_{oaep,mgf1}_md:hash .
Same possible issue with FIPS mode.
answered Dec 21 '15 at 16:05
dave_thompson_085dave_thompson_085
1,6821811
2
I was trying this just now (maybe I tried it earlier too idk) and I had to do-pkeyoptbefore each option. eg.openssl pkeyutl -in ciphertext.txt -decrypt -inkey test.pem -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha1. So in that case I needed to do it once for each option - not once globally.
– neubert
Sep 17 '16 at 5:06
1
@neubert: yes you need-pkeyoptfor each key-option; I thought that part was clear from the manpage and didn't repeat it. But the requirements on order were (and are) not all documented AFAICS, and such requirements are unusual foropenssl, so I called them out.
– dave_thompson_085
Sep 19 '16 at 6:16
1
The ordering doesn't appear to matter with OpenSSL 1.1.0f, but I couldn't find these options documented. Although-pkeyopt rsa_oaep_md:sha256works, it is not mentioned onman pkeyutl.
– starfry
Jun 23 '17 at 9:04
@starfry: (don't know why I wasn't notified at the time) yes, 1.1.0, released 8 months after I wrote this answer, completely reimplemented option handling for all commandline operations; edited for anyone else who comes along. It'srsa_mgf1_mdwhich applies to both OAEP and PSS -- and is documented in 1.1.1 which turnaboutly postdates your comment :-)
– dave_thompson_085
Feb 5 at 2:25
add a comment |
rsautl which is ancient, no. pkeyutl which was supposed to supersede rsautl in 2010, yes. -pkeyopt rsa_oaep_md:name or rsa_mgf1_md:name where name is a hash as in your Q on PSS.
Note for pkeyutl (edit) before 1.1.0 the order of options matters; you must do -encrypt then -inkey rsaprivate then -pkeyopt (not currently documented AFAICS, though the analogous cases in genpkey are) and you need to do rsa_padding_mode:oaep before rsa_{oaep,mgf1}_md:hash .
Same possible issue with FIPS mode.
answered Dec 21 '15 at 16:05
dave_thompson_085dave_thompson_085
1,6821811
rsautl which is ancient, no. pkeyutl which was supposed to supersede rsautl in 2010, yes. -pkeyopt rsa_oaep_md:name or rsa_mgf1_md:name where name is a hash as in your Q on PSS.
Note for pkeyutl (edit) before 1.1.0 the order of options matters; you must do -encrypt then -inkey rsaprivate then -pkeyopt (not currently documented AFAICS, though the analogous cases in genpkey are) and you need to do rsa_padding_mode:oaep before rsa_{oaep,mgf1}_md:hash .
Same possible issue with FIPS mode.
answered Dec 21 '15 at 16:05
dave_thompson_085dave_thompson_085
1,6821811
edited Feb 5 at 2:20
answered Dec 21 '15 at 16:05
dave_thompson_085dave_thompson_085
1,6821811
answered Dec 21 '15 at 16:05
dave_thompson_085dave_thompson_085
1,6821811
answered Dec 21 '15 at 16:05
dave_thompson_085dave_thompson_085
1,6821811
1,6821811
2
I was trying this just now (maybe I tried it earlier too idk) and I had to do-pkeyoptbefore each option. eg.openssl pkeyutl -in ciphertext.txt -decrypt -inkey test.pem -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha1. So in that case I needed to do it once for each option - not once globally.
– neubert
Sep 17 '16 at 5:06
1
@neubert: yes you need-pkeyoptfor each key-option; I thought that part was clear from the manpage and didn't repeat it. But the requirements on order were (and are) not all documented AFAICS, and such requirements are unusual foropenssl, so I called them out.
– dave_thompson_085
Sep 19 '16 at 6:16
1
The ordering doesn't appear to matter with OpenSSL 1.1.0f, but I couldn't find these options documented. Although-pkeyopt rsa_oaep_md:sha256works, it is not mentioned onman pkeyutl.
– starfry
Jun 23 '17 at 9:04
@starfry: (don't know why I wasn't notified at the time) yes, 1.1.0, released 8 months after I wrote this answer, completely reimplemented option handling for all commandline operations; edited for anyone else who comes along. It'srsa_mgf1_mdwhich applies to both OAEP and PSS -- and is documented in 1.1.1 which turnaboutly postdates your comment :-)
– dave_thompson_085
Feb 5 at 2:25
add a comment |
2
I was trying this just now (maybe I tried it earlier too idk) and I had to do-pkeyoptbefore each option. eg.openssl pkeyutl -in ciphertext.txt -decrypt -inkey test.pem -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha1. So in that case I needed to do it once for each option - not once globally.
– neubert
Sep 17 '16 at 5:06
1
@neubert: yes you need-pkeyoptfor each key-option; I thought that part was clear from the manpage and didn't repeat it. But the requirements on order were (and are) not all documented AFAICS, and such requirements are unusual foropenssl, so I called them out.
– dave_thompson_085
Sep 19 '16 at 6:16
1
The ordering doesn't appear to matter with OpenSSL 1.1.0f, but I couldn't find these options documented. Although-pkeyopt rsa_oaep_md:sha256works, it is not mentioned onman pkeyutl.
– starfry
Jun 23 '17 at 9:04
@starfry: (don't know why I wasn't notified at the time) yes, 1.1.0, released 8 months after I wrote this answer, completely reimplemented option handling for all commandline operations; edited for anyone else who comes along. It'srsa_mgf1_mdwhich applies to both OAEP and PSS -- and is documented in 1.1.1 which turnaboutly postdates your comment :-)
– dave_thompson_085
Feb 5 at 2:25
2
2
I was trying this just now (maybe I tried it earlier too idk) and I had to do
-pkeyopt before each option. eg. openssl pkeyutl -in ciphertext.txt -decrypt -inkey test.pem -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha1. So in that case I needed to do it once for each option - not once globally.– neubert
Sep 17 '16 at 5:06
I was trying this just now (maybe I tried it earlier too idk) and I had to do
-pkeyopt before each option. eg. openssl pkeyutl -in ciphertext.txt -decrypt -inkey test.pem -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha1. So in that case I needed to do it once for each option - not once globally.– neubert
Sep 17 '16 at 5:06
1
1
@neubert: yes you need
-pkeyopt for each key-option; I thought that part was clear from the manpage and didn't repeat it. But the requirements on order were (and are) not all documented AFAICS, and such requirements are unusual for openssl, so I called them out.– dave_thompson_085
Sep 19 '16 at 6:16
@neubert: yes you need
-pkeyopt for each key-option; I thought that part was clear from the manpage and didn't repeat it. But the requirements on order were (and are) not all documented AFAICS, and such requirements are unusual for openssl, so I called them out.– dave_thompson_085
Sep 19 '16 at 6:16
1
1
The ordering doesn't appear to matter with OpenSSL 1.1.0f, but I couldn't find these options documented. Although
-pkeyopt rsa_oaep_md:sha256 works, it is not mentioned on man pkeyutl.– starfry
Jun 23 '17 at 9:04
The ordering doesn't appear to matter with OpenSSL 1.1.0f, but I couldn't find these options documented. Although
-pkeyopt rsa_oaep_md:sha256 works, it is not mentioned on man pkeyutl.– starfry
Jun 23 '17 at 9:04
@starfry: (don't know why I wasn't notified at the time) yes, 1.1.0, released 8 months after I wrote this answer, completely reimplemented option handling for all commandline operations; edited for anyone else who comes along. It's
rsa_mgf1_md which applies to both OAEP and PSS -- and is documented in 1.1.1 which turnaboutly postdates your comment :-)– dave_thompson_085
Feb 5 at 2:25
@starfry: (don't know why I wasn't notified at the time) yes, 1.1.0, released 8 months after I wrote this answer, completely reimplemented option handling for all commandline operations; edited for anyone else who comes along. It's
rsa_mgf1_md which applies to both OAEP and PSS -- and is documented in 1.1.1 which turnaboutly postdates your comment :-)– dave_thompson_085
Feb 5 at 2:25
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1016696%2fusing-a-hash-other-than-sha1-for-oaep-with-openssl-cli%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
