[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: CKA_PUBLIC_KEY_INFO
Given that how about:1) CKA_PUBLIC_KEY_INFO can't be used in C_CreateObject templates for public or private keys. It *may* be used for certificates, but is opaque there. This eliminates the need to parse the DER, and then do a consistency check between the public key info and private key info for the private key.
2) The data required to be stored for each private key shall be reviewed and changes made to ensure that the appropriate attributes sufficient to regenerate the public key shall be stored with the private key, and if needed provided with any call to C_CreateObject for that type of private key. For the RSA case, this means that CKA_PUBLIC_EXPONENT MUST be in a template for an RSA private key and stored with that private key.
3) CKA_PUBLIC_KEY_INFO can be used in a call to C_GetAttributeValues for all public and private keys. It will be encoded from the data available for those keys. (Which should mostly involve stuffing the public key data into a template). If an implementation doesn't wish to support this it will return the empty value.
Comments? (Ideally from others besides myself and Bob) Mike
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]