rsa_pss_pss_* 和 rsa_pss_rsae_* 的区别
对于签名来说
首先,对于签名来说,没区别。都是使用PSS流程进行签名。
对于公钥来说有区别
首先,加签方需要判断自己私钥对应的公钥: public key
是什么类型的,如果 public key
是rsaEncryption
类型,则用rsa_pss_rsae_
表示对应私钥的签名算法OID;
如果自己的public key
是 id-RSASSA-PSS
,则使用rsa_pss_pss_
进行表示对应私钥的签名算法OID;
换句话说,对于签名操作,如果对应公钥是rsaEncryption
,其签名算法的OID可以是rsa_pss_rsae_
,也可以是rsa_pkcs1_
或者是ecdsa_secp256r1
等非PSS类型的签名;对于公钥是id-RSASSA-PSS
类型的签名操作,其签名算法的OID必须是rsa_pss_pss_
。
rsaEncryption
类型公钥和签名:
id-RSASSA-PSS
类型公钥和签名:
回过头来看RFC的描述,就去清楚什么了:
RSASSA-PSS RSAE algorithms Indicates a signature algorithm using
RSASSA-PSS [RFC8017] with mask generation function 1. The digest
used in the mask generation function and the digest being signed
are both the corresponding hash algorithm as defined in [SHS].
The length of the salt MUST be equal to the length of the output
of the digest algorithm. If the public key is carried in an X.509
certificate, it MUST use the rsaEncryption OID [RFC5280].
RSASSA-PSS PSS algorithms Indicates a signature algorithm using
RSASSA-PSS [RFC8017] with mask generation function 1. The digest
used in the mask generation function and the digest being signed
are both the corresponding hash algorithm as defined in [SHS].
The length of the salt MUST be equal to the length of the digest
algorithm. If the public key is carried in an X.509 certificate,
it MUST use the RSASSA-PSS OID [RFC5756]. When used in
certificate signatures, the algorithm parameters MUST be DER
encoded. If the corresponding public key's parameters are
present, then the parameters in the signature MUST be identical to
those in the public key.