OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: public exponent in RSA private key


All,

 

for the 2.40 standard a sentence was added to the mechanisms spec (section 2.1.3 RSA private key objects): Effective with version 2.40, tokens MUST also store CKA_PUBLIC_EXPONENT. On the other hand, footnote 1 is missing in table 3.

 

Digging through old mails it seems that there was an inconsistency between <2.40 base and mechanisms spec and, therefore, this sentence was added to 2.40 mech spec.

 

However, there is still room for interpretation now since the same spec also says: The only attributes from Table 3 for which a Cryptoki implementation is required to be able to return values are CKA_MODULUS and CKA_PRIVATE_EXPONENT.”

 

Thus, the omission of footnote 1 for CKA_PUBLIC_EXPONENT could have been a conscious decision and means that for C_GenerateKeyPair the public exponent must be stored, but for backwards compatibility C_CreateObject still accepts a private key without it.

 

Any opinion on that?

 

Thanks,

Daniel

 




Utimaco IS GmbH
Germanusstr. 4, D.52080 Aachen, Germany, Tel: +49-241-1696-0, www.utimaco.com
Seat: Aachen – Registergericht Aachen HRB 18922
VAT ID No.: DE 815 496 496
Managementboard: Stefan Auerbach (Chairman) CEO, Malte Pollmann CSO, Dr. Frank J. Nellissen CFO

This communication is confidential. We only send and receive email on the basis of the terms set out at https://www.utimaco.com/en/e-mail-disclaimer/


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]