Re: [pkcs11] RE: [pkcs11-comment] Attributes of EC private key objects

[Michael StJohns <msj@nthpermutation.com>]

On 12/25/2013 6:55 PM, Jaroslav Imrich wrote:

Hello Mike,

CKA_PUBLIC_KEY_INFO looks like a step in the right direction when it comes to retrieval of public key information from the private key object. However I am not sure whether it is a good choice for searching operations because in the current wording its support is optional ("MAY be empty") and therefore I personally consider pair of CKA_MODULUS and CKA_PUBLIC_EXPONENT (mandatory since v2.40) a better choice for searching templates. I would expect the same from CKA_EC_POINT defined as a mandatory attribute of EC private key objects.

In general, this attribute was added so that it was always possible to retrieve the public key associated with a particular private key, not to provide a mechanism for searching. 

For every asymmetric key type except RSA, the data already specified with the private key was sufficient to regenerate the public key (which is different from that data being publicly available).  For RSA, we added CKA_PUBLIC_EXPONENT as that data was necessary to recover the public key and was not previously provided. 

We considered and rejected providing a per-key-type specific attribute (e.g. CKA_PUBLIC_POINT for EC, something different for DH, GOST etc) in favor of CKA_PUBLIC_KEY_INFO mainly because of how many additional CKA_ attribute types would need to be defined to cover all the asymmetric key types.

But there may be a few other issues with CKA_PUBLIC_KEY_INFO in the current draft:

1. Missing definitions of SubjectPublicKeyInfo for specific key types

Chapter 4.8 of [PKCS11-base] states: "The encodings for the subjectPublicKey field are specified in the description of the public key types in the appropriate [Mechanisms] document for the key types defined within this specification." I was unable to find anything like that in [PKCS11-base] or [PKCS11-curr]. Exact format of SubjectPublicKeyInfo for RSA keys is defined in RFC 3279, for EC keys in RFC 5480 etc. Maybe this information should be added to the text where appropriate.

That's a definite oops.  I'll bring it up with the TC.

2. SubjectPublicKeyInfo can have multiple correct values for the same key

I don't see any problem with SubjectPublicKeyInfo definition for RSA keys mostly because the "parameter" field of "algorithmidentifier" is required to be present and is also required to be NULL. However for the EC keys the "parameter" field of "algorithmidentifier" is defined as a choice of three different options. In chapter 2.3 of [PKCS11-curr] there is a statement that only two of the options (ecParameters and the namedCurve) are supported by Cryptoki, but this still leaves two possible values of SubjectPublicKeyInfo. I am not sure which one of them should Cryptoki app use as a value of CKA_PUBLIC_KEY_INFO in search templates.

I'm not sure what your use case is here.    E.g. where did you get the public key you're trying to match to the private key?

Mostly you should be using CKA_LABEL and CKA_ID to relate various objects.

Best regards,

Jaroslav

On Mon, Dec 23, 2013 at 6:07 PM, Michael StJohns <msj@nthpermutation.com> wrote:

Edited down.

With this new 2.40 version of the spec, the attribute CKA_PUBLIC_KEY_INFO was defined to provide this information in a non-key-type specific manner.  See section 4.9.  Any private key type should implement this as a way of providing the public key information.

Is that sufficient for your needs or is there something still missing?

Mike

On 12/23/2013 8:49 AM, Griffin, Robert wrote:

Hi –

 

Thanks!  I’ll add this to the agenda for our first PKCS 11 TC meeting after the holidays and will let you know the decision of the TC.

 

Regards,

Bob

 

From: pkcs11-comment@lists.oasis-open.org [mailto:pkcs11-comment@lists.oasis-open.org] On Behalf Of Jaroslav Imrich
Sent: Montag, 23. Dezember 2013 08:38
To: pkcs11-comment@lists.oasis-open.org
Subject: [pkcs11-comment] Attributes of EC private key objects

 

Hello all,

 

I would like to discuss attributes of EC private key objects. I will first try to explain what I like about RSA private key objects:

 

 

So my final question is: Would it be possible to define CKA_EC_POINT attribute as a mandatory attribute also for EC private key objects?

 

--
Kind Regards

Jaroslav Imrich
www.pkcs11interop.net