CKA_PUBLIC_KEY_INFO - RSA public key from RSA private key

[Michael StJohns <msj@nthpermutation.com>]

A private message made me go back and check my (crypto)math.

To get an RSA Public Key from an RSA Private Key, you need to be able to extract the CKA_PUBLIC_EXPONENT and CKA_MODULUS attributes from the private key.  In NIST SP800_56B, only the CRT format for the private key includes the "e" CKA_PUBLIC_EXPONENT value.  From 2.30:

Tokens vary in what they actually store for RSA private keys.  Some tokens store all of the above attributes, which can assist in performing rapid RSA computations.  Other tokens might store only the CKA_MODULUS and CKA_PRIVATE_EXPONENT values.

According to PKCS11, CKA_PUBLIC_EXPONENT is not a require attribute for C_CreateObject for a private key, and the documentation for the RSA private key object says that the public key MAY contribute CKA_PUBLIC_EXPONENT to the private key during a C_GenerateKeyPair operation.

So going back to other discussions, if C_GenerateKeyPair does not copy CKA_PUBLIC_EXPONENT from the public key template to the generated private key, or if C_CreateObject does not have CKA_PUBLIC_EXPONENT in the template, you can't extract an RSA public key from an RSA private key PKCS11 object.

I haven't done this exercise for any other key type.

Mike