X.509 certificates with an RSASSA-PSS signature

The PKCS #1 standard defines two signature algorithms based on RSA: PCKS#1 v1.5 and RSASSA-PSS.

This page has sample X.509 certificates that use an RSASSA-PSS signature.

The certificates use the default parameters for RSASSA-PSS. One set of certificates has an empty ASN.1 parameter field to indicate the default parameters. The second set has a complete ASN.1 encoding of all default parameters.

Each set consists of a root certificate and a client certificate that is signed by the root's private key.

Updates

2010-02-25 There was an error in the parameter encoding, this is fixed now.
2010-07-13 The certificates are now X509v3. They were accidentially X509v1 before. PSS is defined only for X509v3. Thanks to Hanno Böck for reporting this bug.

Download

sample certificates with empty parameter field (.zip)
sample certificates with explicit default parameters (.zip)

Questions, comments

Please send any questions or comments to www(at)kaiser(dot)cx

back to homepage

X.509 certificates with an RSASSA-PSS signature

Introduction

Updates

Download

Questions, comments