How can I generate an x509 RSA-PSS certificate with openssl whose trailer field contains the value 0xBC meet the RFC8017

Question

With the Windows version of openssl(3.2.1) we want to generate a certificate with these conditions:

Hash method: SHA-256
Mask Generation Function: MGF1 with SHA-256
Length of the salt: 32 bytes
Trailer Field: 0xBC

The specified parameters correspond to the specifications of the RSASSA-PSS signature scheme as described in RFC 8017

Unfortunately, a certificate is always generated that contains the value 0x01 in the trailer field.

Steps:

1. Generate Key openssl genpkey -algorithm rsa-pss -pkeyopt rsa_keygen_bits:4096 -pkeyopt rsa_pss_keygen_md:sha256 -pkeyopt rsa_pss_keygen_mgf1_md:sha256 -pkeyopt rsa_pss_keygen_saltlen:32 -out 20240314_privateKey.pem

2. Generate certifikat openssl req -new -nodes -x509 -days 3650 -pkeyopt rsa_keygen_bits:4096 -sigopt rsa_pss_saltlen:32 -key 20240314_privateKey.pem -out 20240314_certifcate.pem

3. Display certificate openssl x509 -in 20240314_certifcate.pem -text

Result ... Mask Algorithm: mgf1 with sha256 Salt Length: 0x20 Trailer Field: 0x01 (default) ...

Does anyone have any idea how to fix this problem?

Many thanks in advance

Answer 1

The encoded trailer field value of 01 corresponds to a trailer value of BC. As the only legal value (to my knowledge), everyone writes an 01 there, corresponding to everyone using BC in the EMSA-PSS steps.

From https://datatracker.ietf.org/doc/html/rfc8017#appendix-A.2.3:

trailerField

is the trailer field number, for compatibility with IEEE 1363a [IEEE1363A]. It SHALL be 1 for this version of the document, which represents the trailer field with hexadecimal value 0xbc. Other trailer fields (including the trailer field HashID || 0xcc in IEEE 1363a) are not supported in this document.

TrailerField ::= INTEGER { trailerFieldBC(1) }