Why does OpenSSL differentiate between PSS and non-PSS for private key generation?

RSA-PSS private keys

The following command will generate an RSA-PSS private key:

openssl genpkey -algorithm rsa-pss -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:65537 -out CA.priKey

Here's a sample one I just generated:

https://pastebin.com/AQk0gkkT

Here's the asn1parse output:

    0:d=0  hl=4 l=1213 cons: SEQUENCE
    4:d=1  hl=2 l=   1 prim:  INTEGER           :00
    7:d=1  hl=2 l=  11 cons:  SEQUENCE
    9:d=2  hl=2 l=   9 prim:   OBJECT            :rsassaPss
   20:d=1  hl=4 l=1193 prim:  OCTET STRING

Regular RSA private keys

This command, in contrast, will generate a regular RSA private key:

Here's a sample one I just generated:

https://pastebin.com/s6gES7hr

Here's the asn1parse output:

    0:d=0  hl=4 l=1213 cons: SEQUENCE
    4:d=1  hl=2 l=   1 prim:  INTEGER           :00
    7:d=1  hl=2 l=  13 cons:  SEQUENCE
    9:d=2  hl=2 l=   9 prim:   OBJECT            :rsaEncryption
   20:d=2  hl=2 l=   0 prim:   NULL
   22:d=1  hl=4 l=1191 prim:  OCTET STRING

My question

Why do RSA-PSS private keys have their own format? The probabilistic signature scheme (PSS) affects how the signatures are made. At least according to PKCS#1 v2.2. The keys are the same. They both make use of the same CRT parameters and what not. So why two different OIDs in this context? Is there a difference or is this just OpenSSL being dumb? And are there any other OIDs OpenSSL might be using to represent RSA private keys?

Asked by user4520 (1 )
May 09, 2019 at 01:50