Re: [sidr] rsaEncryption vs sha256WithRSAEncryption in RPKI certificates
Russ Housley <housley@vigilsec.com> Thu, 23 May 2019 16:23 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB8A212012E for <sidr@ietfa.amsl.com>; Thu, 23 May 2019 09:23:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.89
X-Spam-Level:
X-Spam-Status: No, score=-1.89 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_SUBJ_BRKN_WORDNUMS=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fnEGiQWz-9S7 for <sidr@ietfa.amsl.com>; Thu, 23 May 2019 09:23:06 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 56B73120126 for <sidr@ietf.org>; Thu, 23 May 2019 09:23:06 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 7768B300AEC for <sidr@ietf.org>; Thu, 23 May 2019 12:03:47 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id RqA3T6Z_5oBg for <sidr@ietf.org>; Thu, 23 May 2019 12:03:46 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (unknown [138.88.156.37]) by mail.smeinc.net (Postfix) with ESMTPSA id 29F25300471; Thu, 23 May 2019 12:03:46 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <CAA0dE=VOCvxb_0-pEB8CO=JZ9FShVf=pQ43pCmAeYCf9LRTTcw@mail.gmail.com>
Date: Thu, 23 May 2019 12:23:03 -0400
Cc: IETF SIDR <sidr@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <ACD43E1A-5BBC-4710-A3D4-72EA7E1BC79F@vigilsec.com>
References: <CAA0dE=VOCvxb_0-pEB8CO=JZ9FShVf=pQ43pCmAeYCf9LRTTcw@mail.gmail.com>
To: Alberto Leiva <ydahhrk@gmail.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/MO85-zP9XBRZdw3BvEzlwurer70>
Subject: Re: [sidr] rsaEncryption vs sha256WithRSAEncryption in RPKI certificates
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 May 2019 16:23:08 -0000
> On May 22, 2019, at 6:18 PM, Alberto Leiva <ydahhrk@gmail.com> wrote: > > Hello > > Another question. > > RFC 7935 states the following: > > 3.1. Public Key Format > > (...) > > algorithm (which is an AlgorithmIdentifier type): > The object identifier for RSA PKCS #1 v1.5 with SHA-256 MUST be > used in the algorithm field, as specified in Section 5 of > [RFC4055]. The value for the associated parameters from that > clause MUST also be used for the parameters field. > > I've never seen a certificate that declares sha256WithRSAEncryption ({ > pkcs-1 11 }) as its public key algorithm. Every certificate I've come > across labels its algorithm as rsaEncryption ({ pkcs-1 1 }). > > (Certificates always define the signature algorithm as > sha256WithRSAEncryption, but that's a different field.) > > Is everyone doing it wrong, or am I missing something? > > I'm aware that this is likely a triviality--rsaEncryption and > sha256WithRSAEncryption probably mean the same in this context. > There's also a thread in this list in which people seem to have > experienced headaches over this topic. But the thread is talking about > CMS signed objects (which I believe is different from certificates), > and happened before 7935 was released, so it feels like the RFC should > mandate something consistent with reality by now. > > Thanks for any pointers. You are right. In the subjectPublicKeyInfo, the algorithm identifier should be rsaEncryption, which is { 1, 2, 840, 113549, 1, 1, 1 }. This allow the public key to be used with PKCS#1 v1.5, RSASSA-PSS, and RSAES-OAEP. In the signature, the algorithm identifier should be sha256WithRSAEncryption, which is { 1, 2, 840, 113549, 1, 1, 11 }. This identifies PKCS#1 v1.5 with SHA-256 as the hash algorithm. Russ
- [sidr] rsaEncryption vs sha256WithRSAEncryption i… Alberto Leiva
- Re: [sidr] rsaEncryption vs sha256WithRSAEncrypti… Martin Hoffmann
- Re: [sidr] rsaEncryption vs sha256WithRSAEncrypti… Russ Housley
- Re: [sidr] rsaEncryption vs sha256WithRSAEncrypti… Alberto Leiva
- Re: [sidr] rsaEncryption vs sha256WithRSAEncrypti… Alberto Leiva
- Re: [sidr] rsaEncryption vs sha256WithRSAEncrypti… Alvaro Retana
- Re: [sidr] rsaEncryption vs sha256WithRSAEncrypti… Alberto Leiva
- Re: [sidr] rsaEncryption vs sha256WithRSAEncrypti… Alberto Leiva
- Re: [sidr] [Sidrops] rsaEncryption vs sha256WithR… Russ Housley