OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Fwd: [pkcs11-comment] Query about the support of wrapping/unwrapping public keys.

Comment from our comment list

Begin forwarded message:

From: Amine Najahi <anajahi@nvidia.com>
Subject: [pkcs11-comment] Query about the support of wrapping/unwrapping public keys.
Date: October 12, 2023 at 2:40:51âPM PDT
To: "pkcs11-comment@lists.oasis-open.org" <pkcs11-comment@lists.oasis-open.org>
Cc: Andy Guiver <aguiver@nvidia.com>, Nicola Di Miscio <ndimiscio@nvidia.com>

Dear PKCS#11 committee/group,
 
The current standardized mechanisms for C_WrapKey and C_UnwrapKey allow only for the wrapping and unwrapping of secret and private keys.
 
We see value in supporting the wrapping and unwrapping of public keys using for instance CKM_AES_GCM.
This provides an integrity and/or authenticity check when transferring between tokens.
It would enable a single hWrappingKey to be used for the wrapping of all the objects.
 
Obviously, the precise field to be wrapped remains to clarify and will be dependent on the key type.
For CKK_EC keys for instance, it could be the CKA_EC_POINT.
 
Any preliminary thoughts from the members of this list and/or the committee?
 
Best regards,
Amine Najahi

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]