diff --git a/Cargo.lock b/Cargo.lock
index e7247c5d..ca91f142 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -800,9 +800,8 @@ dependencies = [
 
 [[package]]
 name = "rsa"
-version = "0.9.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6a3211b01eea83d80687da9eef70e39d65144a3894866a5153a2723e425a157f"
+version = "0.9.5"
+source = "git+https://github.com/baloo/RSA.git?branch=baloo/pkcs+pss/alg-id#17c1aa2bdc6a9d0d8dc65c684151b0b8c6b67a69"
 dependencies = [
  "const-oid",
  "digest",
diff --git a/Cargo.toml b/Cargo.toml
index e3af5bc1..bb0b49e4 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -4,3 +4,5 @@ members = ["cryptoki", "cryptoki-sys", "cryptoki-rustcrypto"]
 [patch.crates-io]
 # https://github.com/RustCrypto/formats/pull/1269
 spki = { git = "https://github.com/baloo/formats.git", branch = "baloo/spki/from_key" }
+# https://github.com/RustCrypto/RSA/pull/393
+rsa = { git = "https://github.com/baloo/RSA.git", branch = "baloo/pkcs+pss/alg-id" }
diff --git a/cryptoki-rustcrypto/Cargo.toml b/cryptoki-rustcrypto/Cargo.toml
index ba6c5855..3d37be4f 100644
--- a/cryptoki-rustcrypto/Cargo.toml
+++ b/cryptoki-rustcrypto/Cargo.toml
@@ -18,7 +18,7 @@ p224 = { version = "0.13.2", features = ["pkcs8"] }
 p256 = { version = "0.13.2", features = ["pkcs8"] }
 p384 = { version = "0.13.0", features = ["pkcs8"] }
 k256 = { version = "0.13.2", features = ["pkcs8"] }
-rsa = "0.9"
+rsa = "0.9.5"
 signature = { version = "2.2.0", features = ["digest"] }
 sha1 = { version = "0.10", features = ["oid"] }
 sha2 = { version = "0.10", features = ["oid"] }
diff --git a/cryptoki-rustcrypto/src/rsa/pss.rs b/cryptoki-rustcrypto/src/rsa/pss.rs
index 75cda70b..5c29a83c 100644
--- a/cryptoki-rustcrypto/src/rsa/pss.rs
+++ b/cryptoki-rustcrypto/src/rsa/pss.rs
@@ -6,7 +6,7 @@ use der::{asn1::ObjectIdentifier, oid::AssociatedOid, Any, AnyRef};
 use rsa::{
     pkcs1::{self, RsaPssParams},
     pkcs8::{self},
-    pss::{Signature, VerifyingKey},
+    pss::{get_default_pss_signature_algo_id, Signature, VerifyingKey},
 };
 use signature::digest::Digest;
 use spki::{
@@ -22,7 +22,6 @@ pub struct Signer<D: DigestSigning, S: SessionLike> {
     session: S,
     private_key: ObjectHandle,
     verifying_key: VerifyingKey<D>,
-    salt_len: usize,
 }
 
 impl<D: DigestSigning, S: SessionLike> Signer<D, S> {
@@ -64,13 +63,11 @@ impl<D: DigestSigning, S: SessionLike> Signer<D, S> {
         let public_key = read_key(&session, template)?;
 
         let verifying_key = VerifyingKey::new(public_key);
-        let salt_len = <D as Digest>::output_size();
 
         Ok(Self {
             session,
             private_key,
             verifying_key,
-            salt_len,
         })
     }
 
@@ -109,20 +106,6 @@ impl<D: DigestSigning, S: SessionLike> signature::Signer<Signature> for Signer<D
 
 impl<D: DigestSigning, S: SessionLike> DynSignatureAlgorithmIdentifier for Signer<D, S> {
     fn signature_algorithm_identifier(&self) -> pkcs8::spki::Result<AlgorithmIdentifierOwned> {
-        get_pss_signature_algo_id::<D>(self.salt_len as u8)
+        get_default_pss_signature_algo_id::<D>()
     }
 }
-
-fn get_pss_signature_algo_id<D>(salt_len: u8) -> pkcs8::spki::Result<AlgorithmIdentifierOwned>
-where
-    D: Digest + AssociatedOid,
-{
-    const ID_RSASSA_PSS: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.840.113549.1.1.10");
-
-    let pss_params = RsaPssParams::new::<D>(salt_len);
-
-    Ok(AlgorithmIdentifierOwned {
-        oid: ID_RSASSA_PSS,
-        parameters: Some(Any::encode_from(&pss_params)?),
-    })
-}