[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pkcs11] Groups - Proposal for Secure Key Import using an RSA key uploaded
These are the two sections I find somewhat strange within the proposal - raised on the call.
The recommended format
for an
asymmetric target key being wrapped is as a PKCS8
PrivateKeyInfoThe recommended
format for a symmetric target key being wrapped is also as a
PKCS8
PrivateKeyInfo, where the PrivateKey OCTET STRING is the secret
target key's
data. The use of Attributes in
the
PrivateKeyInfo structure is
OPTIONAL. The OBJECT IDENTIFIER
arc { oasis
pkcs11 attributes } is reserved to identify PKCS11 attributes
encoded as PKCS8
Attribute objects. The
last component of
such OID shall be the same as the value assigned to the
corresponding CKA_
enumeraton. I.e. the
OBJECT IDENTIFIER
for CKA_ENCRYPT is { oasis pkc11 attributes CKA_ENCRYPT (260) }. It is recommended that only
BOOLEAN
attributes be included in the Attributes field of
PrivateKeyInfo. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]