[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

*Subject*: **Re: [pkcs11-comment] Regarding CRT components of RSA private key,**

*From*:**Tim Hudson <tjh@cryptsoft.com>***To*: Brahmaji K <brahmaji.k@gmail.com>*Date*: Wed, 1 Sep 2021 16:18:16 +1000

In the context of PKCS#11 you are dealing with the individual attributes (items) and not with an ASN.1 structure - so the format and handling of the ASN.1 structure has **absolutely no relevance to this context**.

An RSA Private Key does not require the CRT components to exist to perform the underlying operations.

As also noted in my response to you atÂhttps://github.com/openssl/openssl/issues/16479#issuecomment-909649219 on the issue you opened with OpenSSL for this context:

Up to PKCS#1 v1.5 there was additional text included that made it clear what you were meant to do for portability if you did not have the CRT components. Unfortunately this text was omitted in later versions. It makes it exceedingly clear that you aren't expected to omit values or place in substitute values in the ASN.1 representation - if you don't have the CRT values you need to calculate them.ÂThe syntax explicitly and deliberately requires the CRT values.

An RSA private key logically consists of only the

modulus n and the private exponent d. The presence

of the values p, q, d mod (p-1), d mod (p-1), and

q-1 mod p is intended for efficiency, as

Quisquater and Couvreur have shown [QC82]. A

private-key syntax that does not include all the

extra values can be converted readily to the

syntax defined here, provided the public key is

known, according to a result by Miller [Mil76].

Thanks,

Tim.

On Wed, Sep 1, 2021 at 3:28 PM Brahmaji K <brahmaji.k@gmail.com> wrote:

Dear OASIS team,As per cryptoki specification v2.4 section 4.9.1 and v3.0 section 4.9.1, the attributesÂCKA_PRIME_1,ÂCKA_PRIME_2,ÂCKA_EXPONENT_1,ÂCKA_EXPONENT_2 andÂCKA_COEFFICIENT are optional for import private keys (while doing C_CreateObject). But as per rfc8017 A.1.2 (RSA Private Key Syntax), the private key should have all these components. Below is the representation of RSA private key as per rfc8017:RSAPrivateKey ::= SEQUENCE { version Version, modulus INTEGER, -- n publicExponent INTEGER, -- e privateExponent INTEGER, -- d prime1 INTEGER, -- p prime2 INTEGER, -- q exponent1 INTEGER, -- d mod (p-1) exponent2 INTEGER, -- d mod (q-1) coefficient INTEGER, -- (inverse of q) mod p otherPrimeInfos OtherPrimeInfos OPTIONAL }Why was PKCS11 made optional for p,q and CRT components for RSA Private key import (C_CreateObject)?Thanks and Regards,Brahmaji K

**Follow-Ups**:**Re: [pkcs11-comment] Regarding CRT components of RSA private key,***From:*Brahmaji K <brahmaji.k@gmail.com>

**References**:**Regarding CRT components of RSA private key,***From:*Brahmaji K <brahmaji.k@gmail.com>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]