OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Query about the support of wrapping/unwrapping public keys.

Dear PKCS#11 committee/group,

 

The current standardized mechanisms for C_WrapKey and C_UnwrapKey allow only for the wrapping and unwrapping of secret and private keys.

 

We see value in supporting the wrapping and unwrapping of public keys using for instance CKM_AES_GCM.

This provides an integrity and/or authenticity check when transferring between tokens.

It would enable a single hWrappingKey to be used for the wrapping of all the objects.

 

Obviously, the precise field to be wrapped remains to clarify and will be dependent on the key type.

For CKK_EC keys for instance, it could be the CKA_EC_POINT.

 

Any preliminary thoughts from the members of this list and/or the committee?

 

Best regards,

Amine Najahi

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]