[gnutls-devel] PKCS 11, public key from a private key

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Mon Dec 7 09:24:23 CET 2015


On Sun, Dec 6, 2015 at 10:23 PM, Jan Včelák <jan.vcelak at nic.cz> wrote:
> On 6.12.2015 11:25, Nikos Mavrogiannopoulos wrote:
>> Interesting. As I understand you are referring to the CKA_EC_POINT
>> attribute which does not need to be included in private key objects.
>> For a fix to make gnutls_pubkey_import_privkey() available with all
>> keys, an alternative is for the import function to reconstruct the
>> public key from the private key. I'll check how feasible is that.
> I don't think this will be possible. The private key material is present
> in the token, so the token would have to do the reconstruction.

Indeed, so importing from the CKO_PUBLIC_KEY object seems the only
reasonable option. Typically when loading from a URL it should have
the same URL as the private key, but different object type.

regards,
Nikos



More information about the Gnutls-devel mailing list