[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: CKA_PUBLIC_KEY_INFO - RSA public key from RSA private key
A private message made me go back and check my (crypto)math. To get an RSA Public Key from an RSA Private Key, you need to be able to extract the CKA_PUBLIC_EXPONENT and CKA_MODULUS attributes from the private key. In NIST SP800_56B, only the CRT format for the private key includes the "e" CKA_PUBLIC_EXPONENT value. From 2.30:
According to PKCS11, CKA_PUBLIC_EXPONENT is not a require attribute for C_CreateObject for a private key, and the documentation for the RSA private key object says that the public key MAY contribute CKA_PUBLIC_EXPONENT to the private key during a C_GenerateKeyPair operation. So going back to other discussions, if C_GenerateKeyPair does not copy CKA_PUBLIC_EXPONENT from the public key template to the generated private key, or if C_CreateObject does not have CKA_PUBLIC_EXPONENT in the template, you can't extract an RSA public key from an RSA private key PKCS11 object. I haven't done this exercise for any other key type. Mike |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]