Re: [pkcs11] CKA_PUBLIC_KEY_INFO

[Stef Walter <stefw@redhat.com>]

On 11.04.2013 18:15, Michael StJohns wrote:
> On 4/11/2013 1:23 AM, Stef Walter wrote:
>> On 10.04.2013 01:35, Michael StJohns wrote:
>>> Attached is an edit of the appropriate sections of PKCS11 v2.30 to add
>>> support for CKA_PUBLIC_KEY_INFO.
>>>
>>> Additions are highlighted.  Assuming this is acceptable, I'll provide
>>> the appropriate edits for the public key sections to describe the
>>> encoding of the public key info field in SubjectPublicKeyInfo
>> Can we have this attribute on X.509 certificates as well? That would be
>> a good way of detecting whether a certificate and key match
>> cryptographically.
> 
> I would tend to gravitate towards no as the certificate already contains
> exactly that information.  On the other hand if you want to use it in
> the template for FindObject it may make sense.

Yes, that's exactly the use case.

Stef