Re: [openpgp] RSA-PSS and RSA-OAEP for v5

Peter Gutmann <> Mon, 01 March 2021 13:29 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 189083A1C1D for <>; Mon, 1 Mar 2021 05:29:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id re8tnNBCZGn8 for <>; Mon, 1 Mar 2021 05:29:20 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 0A8EE3A1C1B for <>; Mon, 1 Mar 2021 05:29:19 -0800 (PST)
Received: from ( []) (Using TLS) by with ESMTP id au-mta-38-cSYBKw80PN-Z0fUdAYfZ9Q-1; Tue, 02 Mar 2021 00:29:15 +1100
X-MC-Unique: cSYBKw80PN-Z0fUdAYfZ9Q-1
Received: from (2603:1096:201:1f::23) by (2603:10c6:0:9::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3890.19; Mon, 1 Mar 2021 13:29:09 +0000
Received: from (2603:1096:201:1f:cafe::1e) by (2603:1096:201:1f::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3890.19 via Frontend Transport; Mon, 1 Mar 2021 13:29:08 +0000
X-MS-Exchange-Authentication-Results: spf=none (sender IP is;; dkim=none (message not signed) header.d=none;; dmarc=none action=none
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.3890.19 via Frontend Transport; Mon, 1 Mar 2021 13:29:08 +0000
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 2 Mar 2021 02:29:06 +1300
Received: from ([]) by ([]) with mapi id 15.00.1497.010; Tue, 2 Mar 2021 02:29:06 +1300
From: Peter Gutmann <>
To: "brian m. carlson" <>, "" <>
Thread-Topic: [openpgp] RSA-PSS and RSA-OAEP for v5
Thread-Index: AQHXDWPcH6D7hziraEeY3WgYIFAhT6pt6Q09//8xegCAAgew5Q==
Date: Mon, 1 Mar 2021 13:29:05 +0000
Message-ID: <>
References: <> <>, <>
In-Reply-To: <>
Accept-Language: en-NZ, en-GB, en-US
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: e2af2bcd-434c-4dcd-7547-08d8dcb5fe21
X-MS-TrafficTypeDiagnostic: SYXPR01MB0927:
X-Microsoft-Antispam-PRVS: <>
X-MS-Oob-TLC-OOBClassifiers: OLM:7219
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0
X-Microsoft-Antispam-Message-Info: Al8k5yFBN5WTTfp58/ae1oB0KzRXpeM3wEN+TDkohqm/RbztSdcy3XpaG7SMKdfbSSNbxHKo1qttm5niS+TrMcUQa+3Mv4THbUt8FhaWpHfKJplMHQ5BftjkQ8Duw3Y3E9cmQ9w7w/QiPQZ1aFOw1Ex35cqI7AS9+aMwNHhw/oCW88uG2P/Gojf0hUL3OM64lsYMXad1cSxTuE7pOgaFTqzub22XUZ6kGppRkY0URzN6+0aRpn/POjUw0j7uNNjNM3yQeTNDkE7ywJ/PjwIBAkpbRvlK+JkNwqkcNUWYBC6HQhJtKXpx89ZLP4JJgCo+dwLFFmFOmzxigzUDpP3yZTwZAC43vWoHVl6YBQqPvW3tnUjLZkes5wGB9fhoYfappz7pa8w2NpOCWK8PZT2QhiTNuw/cpHElU9fSAp0T/t1ppw8TUikLGZLhvkIohW0eWUOnh/5JeG0ROUvfjMz/U6M3OmPoGTHFY03HJptKMAZm3b8x3qNorw0FVLr4Hm7t0PoHEzjJoVEBUUG79dCqJ0zHw0sOhJaV6xJFtNKcx3biJns61oxDvckrJDA3kb4JFRKiMpfwK22XL8fUDgee4HDt0OJ76TIUFpYDHKiMdoWGBz6KDAcsbJqeD30yFY7P+VM9wLtpLcN4T5AY6Vx5Aw==
X-Forefront-Antispam-Report: CIP:; CTRY:NZ; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM;;; CAT:NONE; SFS:(4636009)(39860400002)(136003)(396003)(346002)(376002)(36840700001)(46966006)(786003)(316002)(336012)(186003)(110136005)(83380400001)(82310400003)(70586007)(36906005)(478600001)(47076005)(5660300002)(26005)(2616005)(70206006)(36860700001)(8676002)(8936002)(7636003)(82740400003)(86362001)(356005)(2906002); DIR:OUT; SFP:1101
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Mar 2021 13:29:08.0273 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: e2af2bcd-434c-4dcd-7547-08d8dcb5fe21
X-MS-Exchange-CrossTenant-Id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=d1b36e95-0d50-42e9-958f-b63fa906beaa; Ip=[]; Helo=[]
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SYXPR01MB0927
X-Mimecast-Spam-Score: 0
Content-Language: en-NZ
Content-Type: text/plain; charset=WINDOWS-1252
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
Subject: Re: [openpgp] RSA-PSS and RSA-OAEP for v5
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 01 Mar 2021 13:29:22 -0000

brian m. carlson <> writes:

>Most cryptographic libraries already support RSA-PSS and RSA-OAEP, so there's
>little code to add.

*Some* crypto libraries support OAEP and PSS, but they're virtually never
used.  When they are used, they often only support the single parameter set
that whoever decided to use PSS instead of PKCS #1 went for, and fail
mysteriously if you modify any one of the 8,000 parameters that PSS and OAEP
can work with.  Admittedly this is a miniscule sample size because virtually
nothing uses them, but from the few times I've run into them it's been an
interop nightmare trying to guess what the other side will do.  The best
approach seems to be to request sample messages from the other side and then
use exactly that parameter set and nothing else for anything you send them.

Although this would tend to suggest an approach of fixing all parameters at a
given set of values, all this is then doing is reinventing an incredibly
complex equivalent to PKCS #1, which seems excessive when a much simpler
solution is to say "use encode-then-memcmp() to verify the signature" in the