[gnutls-devel] GnuTLS | Unable to use RSA key with OAEP metadata for signature (#1734)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Tue Sep 9 10:21:05 CEST 2025
Alexander Sosedkin commented: https://gitlab.com/gnutls/gnutls/-/issues/1734#note_2738341988
This is a known and, IMO, reasonable limitation. GnuTLS' mental model is to limit the purpose of the key to signing and encryption specifically after `gnutls_x509_spki_set_rsa_pss_params` or `gnutls_x509_spki_set_rsa_oaep_params` correspondingly, turning them "PSS signing keys" and "OAEP encryption keys" specifically. One should not be using the same RSA key for signing and encryption anyway, for key management hygiene reasons in general, and, IIRC, in RSA case specifically, since signing an message hashing to a attacker-controlled value opens an avenue to attack encryption and vice versa. So, the perceived improperness of exporting raw key parameters might be appropriate, and I'm not sure we want to lift that restriction.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1734#note_2738341988
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250909/53bcafd6/attachment.html>
More information about the Gnutls-devel
mailing list