[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pkcs11] RE: [pkcs11-comment] Attributes of EC private key objects
On 12/25/2013 6:55 PM, Jaroslav Imrich
wrote:
In general, this attribute was added so that it was always possible to retrieve the public key associated with a particular private key, not to provide a mechanism for searching. For every asymmetric key type except RSA, the data already specified with the private key was sufficient to regenerate the public key (which is different from that data being publicly available). For RSA, we added CKA_PUBLIC_EXPONENT as that data was necessary to recover the public key and was not previously provided. We considered and rejected providing a per-key-type specific attribute (e.g. CKA_PUBLIC_POINT for EC, something different for DH, GOST etc) in favor of CKA_PUBLIC_KEY_INFO mainly because of how many additional CKA_ attribute types would need to be defined to cover all the asymmetric key types.
That's a definite oops. I'll bring it up with the TC.
I'm not sure what your use case is here. E.g. where did you get the public key you're trying to match to the private key? Mostly you should be using CKA_LABEL and CKA_ID to relate various objects.
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]