inconsistency: public exponent in RSA private key required for C

All,

I’ve asked this already in March 2019, but nobody has replied. So, another try.

Both the base and the current mechanisms specification contain a definition of the RSA private key objects (sections 4.9.1 and sections 2.1.3, respectively). However, both in the table and in the following text there is an inconsistency concerning CKA_PUBLIC_EXPONENT.

In the base spec, table 27 has footnotes 1,4,6 for attribute CKA_PUBLIC_EXPONENT, while in the mech spec, table 3 only contains footnotes 4,6. Footnote 1 is: “MUST be specified when object is created with C_CreateObject.”

The same discrepancy exists in the text.

Base spec lines 1644-1646 read: “The only attributes from Table 27 for which a Cryptoki implementation is required to be able to return values are CKA_MODULUS, CKA_PRIVATE_EXPONENT, and CKA_PUBLIC_EXPONENT.”

Mech spec lines 383-384 read: “The only attributes from Table 3 for which a Cryptoki implementation is required to be able to return values are CKA_MODULUS and CKA_PRIVATE_EXPONENT.”

Please also note that the last sentence of the definition in base spec (lines 1646-1647 “A token SHOULD also be able to return CKA_PUBLIC_KEY_INFO for an RSA private key. See the general guidance for Private Keys above.) is missing completely in the mech spec.

Searching in the mail archive (https://markmail.org/message/wkbpbn7ugdzoukd4) it seems that this was a change back in 2.40 and the intention is better reflected in the base spec. This should be copied to the mech spec.

In fact, I think the RSA private key definition should be removed completely from the base spec.

Regards,

Daniel

pkcs11 message