如何使用Openssl制作自签名RSA_PSS_RSAE证书

如何使用Openssl制作自签名RSA_PSS_RSAE证书,openssl,root-certificate,Openssl,Root Certificate,我想做如下证书。rsapss作为签名算法,rsaecryption作为公钥算法 Certificate: Data: Version: 3 (0x2) .... Signature Algorithm: rsassaPss Hash Algorithm: sha1 (default) Mask Algorithm: mgf1 with sha1 (default) Salt Length: 20

我想做如下证书。rsapss作为签名算法,rsaecryption作为公钥算法

Certificate:
    Data:
        Version: 3 (0x2)
        ....
    Signature Algorithm: rsassaPss
         Hash Algorithm: sha1 (default)
         Mask Algorithm: mgf1 with sha1 (default)
         Salt Length: 20 (default)
         Trailer Field: 0xbc (default)
        ....
        Subject: .....
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            .....
我尝试了以下几点,但结果都一样

1. 2.
有人能帮我吗?

要获得您显示的内容,请将密钥文件创建为v1.5,但使用PSS签署证书。对于自签名证书:

# in separate steps either of
openssl genrsa 2048 >keyfile 
openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 >keyfile
# in either case add encryption if desired; your Q is inconsistent about that

# then
openssl req -new -x509 -key keyfile -sigopt rsa_padding_mode:pss -sha1 -sigopt rsa_pss_saltlen:20 -out certfile
# add options for subject, days, extensions, or other config as desired
# for 1.0.0 & 1.0.1 -sha1 was default for hash and can be omitted;
# in all versions MGF1 hash defaults to data hash
# but saltlen defaults to 0xEA -- I'm not sure why -- and must be set

# in one step
openssl req -new -x509 -newkey rsa:2048 -keyout keyfile -sigopt rsa_padding_mode:pss -sha1 -sigopt rsa_pss_saltlen:20 -out certfile
尽管如此,我基本上同意马特的评论;如果TLS1.3 rsa_pss_rsae签名是您的实际目标,那么这并不一定是您所需要的。首先,自签名、根证书或其他锚证书上的签名对安全性根本没有帮助,通常甚至没有检查;RFC8446 4.2.3明确允许该签名不满足sigalgs。(尽管我认为这是一个错误;考虑到规范的其余部分,从sigalgs或sigalgs_cert(以适用者为准)中排除它更有意义。)


其次,如果这是一个重要的签名——在一个由(不同的)CA颁发的证书上,OpenSSL也可以这样做(如果您愿意的话),但不同的是——那么使用SHA-1将是非常糟糕的。RFC8446允许证书签名仅将SHA-1用作任何公钥算法(RSAv1.5、RSA-PSS、ECDSA、EdDSA)的最后手段,并且一些实现不信任使用SHA-1的证书,这些证书会出现“破碎”和现在的“混乱”(谷歌,或查看crypto.SX和security.SX了解详细信息)。

我甚至不确定这是否可能。你为什么要这样做?您在标题中提到的RSA_PSS_RSAE表明您希望将其用于TLSv1.3 RSA_PSS_RSAE签名方案,但这些方案只需要普通的RSAE加密证书
openssl req -new -newkey rsa-pss -pkeyopt rsa_keygen_bits:2048 -sigopt  rsa_mgf1_md:sha256 -passout pass:123456 -sha256
openssl x509 -req -in test3\rootreq.pem -passin pass:123456 -sha256 -days 14600 -extensions v3_cn -signkey test3\rootkey.pem -out test3\rootcert.pem 
# in separate steps either of
openssl genrsa 2048 >keyfile 
openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 >keyfile
# in either case add encryption if desired; your Q is inconsistent about that

# then
openssl req -new -x509 -key keyfile -sigopt rsa_padding_mode:pss -sha1 -sigopt rsa_pss_saltlen:20 -out certfile
# add options for subject, days, extensions, or other config as desired
# for 1.0.0 & 1.0.1 -sha1 was default for hash and can be omitted;
# in all versions MGF1 hash defaults to data hash
# but saltlen defaults to 0xEA -- I'm not sure why -- and must be set

# in one step
openssl req -new -x509 -newkey rsa:2048 -keyout keyfile -sigopt rsa_padding_mode:pss -sha1 -sigopt rsa_pss_saltlen:20 -out certfile