[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pkcs11] CKA_PUBLIC_KEY_INFO
On 4/11/2013 4:35 AM, Gil Abel wrote:
Note that an implication of the above is that technically, returning the CKA_PUBLIC_KEY_INFO from a private key does Not necessarily require the CreateObject function to accept that attribute as a parameter (the data may be derived from the device no matter how the key was created). I agree though that it may make sense to allow to pass the CKA_PUBLIC_KEY_INFO in CreateObject as well as suggested though, both because object should be well-formed and also because this mechanism looks elegant, but these could be 2 different decisions.
[Don't have time to verify the following - but I'm pretty sure its correct]I believe that some forms of acceptable RSA private keys do not contain enough information to recover the public key. So if you're just pushing the private modulus and exponent to the token, a later call to get the public key will fail. AIRC there are three acceptable forms for an RSA private key listed in the NIST SP covering this - two of them have enough information to regen the public key (CRT being one of the forms, the two random prime form being another).
Mike
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]