Re: Limited usefulness of RSA set key function

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Stephan,

>> It does not. The RSA Private Key has a different format.
>> 
>>      RSAPrivateKey ::= SEQUENCE {
>>          version           Version,
>>          modulus           INTEGER,  -- n
>>          publicExponent    INTEGER,  -- e
>>          privateExponent   INTEGER,  -- d
>>          prime1            INTEGER,  -- p
>>          prime2            INTEGER,  -- q
>>          exponent1         INTEGER,  -- d mod (p-1)
>>          exponent2         INTEGER,  -- d mod (q-1)
>>          coefficient       INTEGER,  -- (inverse of q) mod p
>>      }
>> 
>> And honestly that the RSA Public Key magically matches seems more luck then
>> clear intention.
>> 
>>      RSAPublicKey ::= SEQUENCE {
>>          modulus           INTEGER,  -- n
>>          publicExponent    INTEGER   -- e
>>      }
> 
> I think here we may have the issue: the ASN.1 structure the kernel uses should 
> be changed to implement that commonly used ASN.1 structure. If this change 
> would allow a DER to be used, I think we have the solution.

as you can clearly see. There are two formats defined here. There is no single ASN.1 structure that can decode both of these.

It is what it is, RSA Public Key and RSA Private Key formats are two different key formats. And OpenSSL also treats it like this. You can extract the public key from a private key (same way you can extract it from a certificate), but you can not create a private key structure that only contains the public key.

For RSA we need to support the two formats as listed above. To make this really easy from an API point of view, I would have setkey and setpubkey function. And also expose them as ALG_SET_KEY and ALG_SET_PUBKEY socket options for AF_ALG.

Regards

Marcel

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux