版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/mrpre/article/details/81118423
rsa_pss_pss_* 和 rsa_pss_rsae_* 的区别
对于签名来说
首先,对于签名来说,没区别。都是使用PSS流程进行签名。
对于公钥来说有区别
首先,加签方需要判断自己私钥对应的公钥: public key是什么类型的,如果 public key是rsaEncryption类型,则用rsa_pss_rsae_表示对应私钥的签名算法OID;
如果自己的public key是 id-RSASSA-PSS,则使用rsa_pss_pss_进行表示对应私钥的签名算法OID;
换句话说,对于签名操作,如果对应公钥是rsaEncryption,其签名算法的OID可以是rsa_pss_rsae_,也可以是rsa_pkcs1_或者是ecdsa_secp256r1等非PSS类型的签名;对于公钥是id-RSASSA-PSS类型的签名操作,其签名算法的OID必须是rsa_pss_pss_。
rsaEncryption类型公钥和签名:
id-RSASSA-PSS类型公钥和签名:
回过头来看RFC的描述,就去清楚什么了:
RSASSA-PSS RSAE algorithms Indicates a signature algorithm using
RSASSA-PSS [RFC8017] with mask generation function 1. The digest
used in the mask generation function and the digest being signed
are both the corresponding hash algorithm as defined in [SHS].
The length of the salt MUST be equal to the length of the output
of the digest algorithm. If the public key is carried in an X.509
certificate, it MUST use the rsaEncryption OID [RFC5280].
RSASSA-PSS PSS algorithms Indicates a signature algorithm using
RSASSA-PSS [RFC8017] with mask generation function 1. The digest
used in the mask generation function and the digest being signed
are both the corresponding hash algorithm as defined in [SHS].
The length of the salt MUST be equal to the length of the digest
algorithm. If the public key is carried in an X.509 certificate,
it MUST use the RSASSA-PSS OID [RFC5756]. When used in
certificate signatures, the algorithm parameters MUST be DER
encoded. If the corresponding public key's parameters are
present, then the parameters in the signature MUST be identical to
those in the public key.