Hi Stephan, >> It does not. The RSA Private Key has a different format. >> >> RSAPrivateKey ::= SEQUENCE { >> version Version, >> modulus INTEGER, -- n >> publicExponent INTEGER, -- e >> privateExponent INTEGER, -- d >> prime1 INTEGER, -- p >> prime2 INTEGER, -- q >> exponent1 INTEGER, -- d mod (p-1) >> exponent2 INTEGER, -- d mod (q-1) >> coefficient INTEGER, -- (inverse of q) mod p >> } >> >> And honestly that the RSA Public Key magically matches seems more luck then >> clear intention. >> >> RSAPublicKey ::= SEQUENCE { >> modulus INTEGER, -- n >> publicExponent INTEGER -- e >> } > > I think here we may have the issue: the ASN.1 structure the kernel uses should > be changed to implement that commonly used ASN.1 structure. If this change > would allow a DER to be used, I think we have the solution. as you can clearly see. There are two formats defined here. There is no single ASN.1 structure that can decode both of these. It is what it is, RSA Public Key and RSA Private Key formats are two different key formats. And OpenSSL also treats it like this. You can extract the public key from a private key (same way you can extract it from a certificate), but you can not create a private key structure that only contains the public key. For RSA we need to support the two formats as listed above. To make this really easy from an API point of view, I would have setkey and setpubkey function. And also expose them as ALG_SET_KEY and ALG_SET_PUBKEY socket options for AF_ALG. Regards Marcel -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html