On Fri Nov 8, 2024 at 9:44 PM EET, Jarkko Sakkinen wrote: > On Mon Sep 30, 2024 at 9:40 PM EEST, James Prestwood wrote: > > Hi, > > > > Unless I'm missing something it does not seem possible to read back the > > public key portion of an asymmetric key to userspace once added to the > > kernel. I have a use case where two separate applications need to > > perform crypto operations using the same private/public key pair and for > > added security it would be convenient to add the key (or load from TPM) > > once and pass around a key ID rather than the keys themselves. > > > > One of the things I need is to create and sign a CSR. To create the CSR > > I need the public key contents which can't be obtained from the key ID. > > > > To solve this problem I would propose adding a "read" operation to the > > asymmetric key type, but limiting it to only reading the public key > > portion of the key (if it exists). Alternatively a entirely new > > "read_public" keyctl API could be added as well, but re-using the > > existing read seemed more straight forward. Adding this seems easy > > enough, but I wanted to get an idea if this is something that would be > > accepted upstream or if others had better suggestions. > > > > Thanks, > > > > James > > Missed earlier (CC to dhowells). Right *obviously* to linux-crypto and Herbert! And people/lists relevant (at least according to MAINTAINERS file). BR, Jarkko
