OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Regarding CRT components of RSA private key,

Dear OASIS team,

As per cryptoki specification v2.4 section 4.9.1 and v3.0 section 4.9.1, the attributesÂCKA_PRIME_1,ÂCKA_PRIME_2,ÂCKA_EXPONENT_1,ÂCKA_EXPONENT_2 andÂCKA_COEFFICIENT are optional for import private keys (while doing C_CreateObject). But as per rfc8017 A.1.2 (RSA Private Key Syntax), the private key should have all these components. Below is the representation of RSA private key as per rfc8017:

     RSAPrivateKey ::= SEQUENCE {
             version           Version,
             modulus           INTEGER,  -- n
             publicExponent    INTEGER,  -- e
             privateExponent   INTEGER,  -- d
             prime1            INTEGER,  -- p
             prime2            INTEGER,  -- q
             exponent1         INTEGER,  -- d mod (p-1)
             exponent2         INTEGER,  -- d mod (q-1)
             coefficient       INTEGER,  -- (inverse of q) mod p
             otherPrimeInfos   OtherPrimeInfos OPTIONAL
Why was PKCS11 made optional for p,q and CRT components for RSA Private key import (C_CreateObject)?

Thanks and Regards,
Brahmaji K

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]