OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [pkcs11-comment] Regarding CRT components of RSA private key,

In the context of PKCS#11 you are dealing with the individual attributes (items) and not with an ASN.1 structure - so the format and handling of the ASN.1 structure has absolutely no relevance to this context.
An RSA Private Key does not require the CRT components to exist to perform the underlying operations.

As also noted in my response to you atÂhttps://github.com/openssl/openssl/issues/16479#issuecomment-909649219 on the issue you opened with OpenSSL for this context:

Up to PKCS#1 v1.5 there was additional text included that made it clear what you were meant to do for portability if you did not have the CRT components. Unfortunately this text was omitted in later versions. It makes it exceedingly clear that you aren't expected to omit values or place in substitute values in the ASN.1 representation - if you don't have the CRT values you need to calculate them.ÂThe syntax explicitly and deliberately requires the CRT values.

An RSA private key logically consists of only the

modulus n and the private exponent d. The presence

of the values p, q, d mod (p-1), d mod (p-1), and

q-1 mod p is intended for efficiency, as

Quisquater and Couvreur have shown [QC82]. A

private-key syntax that does not include all the

extra values can be converted readily to the

syntax defined here, provided the public key is

known, according to a result by Miller [Mil76].


On Wed, Sep 1, 2021 at 3:28 PM Brahmaji K <brahmaji.k@gmail.com> wrote:
Dear OASIS team,

As per cryptoki specification v2.4 section 4.9.1 and v3.0 section 4.9.1, the attributesÂCKA_PRIME_1,ÂCKA_PRIME_2,ÂCKA_EXPONENT_1,ÂCKA_EXPONENT_2 andÂCKA_COEFFICIENT are optional for import private keys (while doing C_CreateObject). But as per rfc8017 A.1.2 (RSA Private Key Syntax), the private key should have all these components. Below is the representation of RSA private key as per rfc8017:

     RSAPrivateKey ::= SEQUENCE {
             version           Version,
             modulus           INTEGER,  -- n
             publicExponent    INTEGER,  -- e
             privateExponent   INTEGER,  -- d
             prime1            INTEGER,  -- p
             prime2            INTEGER,  -- q
             exponent1         INTEGER,  -- d mod (p-1)
             exponent2         INTEGER,  -- d mod (q-1)
             coefficient       INTEGER,  -- (inverse of q) mod p
             otherPrimeInfos   OtherPrimeInfos OPTIONAL
Why was PKCS11 made optional for p,q and CRT components for RSA Private key import (C_CreateObject)?

Thanks and Regards,
Brahmaji K

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]