Support for RSAPSS according to PKCS #1 v2.2: RSA Cryptography Standard


As per knowledge base article, MbedTLS supports
RSAPSS signature verification according to PKCS#1 v2.1

I want to use RSAPSS as per PKCS #1 v2.2: RSA Cryptography Standard, RSA Laboratories, October 27,

more specifically RSAPSS with 2048bit sized key.

Is this supported in MbedTLS ? If not are there any functional differences between RSAPSS according to PKCS#1 v2.1 and PKCS#1 v2.2

Hi Qausain,
According to RFC 8017 Appendix D:

Version 2.2 updates the list of allowed hashing algorithms to
align them with FIPS 180-4 [SHS], therefore adding SHA-224,
SHA-512/224, and SHA-512/256. The following substantive changes
were made:
* Object identifiers for sha224WithRSAEncryption,
sha512-224WithRSAEncryption, and sha512-256WithRSAEncryption
were added.
* This version continues to support the schemes in version 2.1.

Mbed TLS does not support the additional hash algorithms(except sha224), so it doesn’t support PKCS #1 v2.2 per se, but if you use on eof the supported hash algorithms, it should be compatible.

Mbed TLS Team member

Hi Ron,
Thanks a lot for your help and the great library.
I am required to use RSAPSS 2048 signature verification with SHA256 as the hashing algorithm. So I hope that I am good to go with the MbedTLS implementation, right ?


Hi Qausain,
It should be ok for you