[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pkcs11-comment] Regarding CRT components of RSA private key,
Up to PKCS#1 v1.5 there was additional text included that made it clear what you were meant to do for portability if you did not have the CRT components. Unfortunately this text was omitted in later versions. It makes it exceedingly clear that you aren't expected to omit values or place in substitute values in the ASN.1 representation - if you don't have the CRT values you need to calculate them.ÂThe syntax explicitly and deliberately requires the CRT values.
An RSA private key logically consists of only the
modulus n and the private exponent d. The presence
of the values p, q, d mod (p-1), d mod (p-1), and
q-1 mod p is intended for efficiency, as
Quisquater and Couvreur have shown [QC82]. A
private-key syntax that does not include all the
extra values can be converted readily to the
syntax defined here, provided the public key is
known, according to a result by Miller [Mil76].
Dear OASIS team,As per cryptoki specification v2.4 section 4.9.1 and v3.0 section 4.9.1, the attributesÂCKA_PRIME_1,ÂCKA_PRIME_2,ÂCKA_EXPONENT_1,ÂCKA_EXPONENT_2 andÂCKA_COEFFICIENT are optional for import private keys (while doing C_CreateObject). But as per rfc8017 A.1.2 (RSA Private Key Syntax), the private key should have all these components. Below is the representation of RSA private key as per rfc8017:RSAPrivateKey ::= SEQUENCE { version Version, modulus INTEGER, -- n publicExponent INTEGER, -- e privateExponent INTEGER, -- d prime1 INTEGER, -- p prime2 INTEGER, -- q exponent1 INTEGER, -- d mod (p-1) exponent2 INTEGER, -- d mod (q-1) coefficient INTEGER, -- (inverse of q) mod p otherPrimeInfos OtherPrimeInfos OPTIONAL }Why was PKCS11 made optional for p,q and CRT components for RSA Private key import (C_CreateObject)?Thanks and Regards,Brahmaji K
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]