OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Fixes for CKA_PUBLIC_KEY_INFO

In the changes for CKA_PUBLIC_KEY_INFO there was a line that said that the format of the public key info would be specified under the key type definitions. BUT - those weren't added. Here are the proposed edits. Note there are a few other items (see ">>>>>") that require some consideration as well. 


Changes:

RSA  - Insert this section after 2.1.3 and adjust the numbering:

"2.1.4 RSA Encoding for CKA_PUBLIC_KEY_INFO
The format for the subjectPublicKey field of the SubjectPublicKeyInfo structure for an RSA key is specified in section 1.2 of [RFC4055]." 

>>> Is there a PKCS11 definition for an RSA-OAEP public key??

DSA - Insert section after 2.2.4 and adjust the numbering:

"2.2.5 DSA Key Encoding For CKA_PUBLIC_KEY_INFO
The format for the subjectPublicKey field of the SubjectPublicKeyInfo structure for a DSA key is specified in section 2.3.2 of [RFC3279]. The parameters field of the algorithm field of the structure SHOULD present and, if present, the components of that field must have values identical to those in the matching CKA_PRIME, CKA_SUBPRIME and CKA_BASE attributes. If the parameters field is not present, the parameters are taken from the CKA_PRIME, CKA_SUBPRIME and CKA_BASE attributes of the key. 

EC insert section after 2.3.4 and adjust:

"2.3.5 EC Key Encoding  for CKA_PUBLIC_KEY_INFO
The format for the subjectPublicKey field of the SubjectPublicKeyInfo structure for an Elliptic Curve (EC) key is specified in sections 2.1.1 and 2.2 of [RFC5480]. The parameters field of the algorithm field of the structure SHOULD be present, and if present MUST contain the same value as the CKA_EC_PARAMS attribute. If the field is absent, the parameters for the key are taken from CKA_EC_PARAMS." 

DH Insert section after 2.4.5 and adjust:

"2.4.6 DH Key Encoding for CKA_PUBLIC_KEY_INFO
The format for the subjectPublicKey field of the SubjectPublicKeyInfo structure for a Diffie-Hellman key or Fiffie-Hellman X9.42 key is specified in section 2.3.3. of [RFC3279]."
>>>>>>> One of the required fields for the above encoding is the Q or CKA_SUBPRIME value which isn't present in the plain DH public key (but is present in the plain DH private key. I think this should be added as a mandatory field similar to what we did with adding CKA_PUBLIC_EXPONENT to the RSA private key object. 


GOST R 34.10-2001  Insert section after 2.48.3 and adjust:

"2.48.4 GOST R 34.10-2011 Format for CKA_PUBLIC_KEY_INFO
The format for the subjectPublicKey field of the SubjectPublicKeyInfo structure for a GOST R 34.10-2001 key is specified in section 2.3.2 of [RFC4491]. The parameters field of the algorithm field of the structure SHOULD be present and, if present, MUST contain the same value as the CKA_GOSTR3410PARAMS attribute of the key. If parameters field is absent, the parameters for the key are taken from CKA_GOSTR3410PARAMS."

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]