How to get public key from private key in PKCS #11
Valerie Peng
valerie.peng at oracle.com
Wed Jan 8 04:59:20 UTC 2025
Well, it's been a while since I looked at the PKCS11 KeyStore impl. I recall the private key and its public counterpart generally share some kind of attribute or label (CKA_ID?) to identify they are related. If this particular attribute is non-empty, maybe it can be used to search for the public key.
Valerie
-----Original Message-----
From: Wei-Jun Wang <weijun.wang at oracle.com>
Sent: Monday, December 9, 2024 5:07 AM
To: security-dev at openjdk.org
Cc: Valerie Peng <valerie.peng at oracle.com>; Martin Balao <mbalao at redhat.com>; Daniel Jeliński <djelinski1 at gmail.com>
Subject: How to get public key from private key in PKCS #11
Hi PKCS #11 gurus,
DHKEM [1] requires a function
Pk(skX): The KEM public key corresponding to the KEM private key skX.
"The notation pk(skX), depending on its use and the KEM and its implementation, is either the computation of the public key using the private key, or just syntax expressing the retrieval of the public key, assuming it is stored along with the private key object."
For the software side, I can calculate the public key [2] from the private key. How can I do this in PKCS #11?
Thanks,
Weijun
[1] https://www.rfc-editor.org/rfc/rfc9180.html#name-notation
[2] https://github.com/openjdk/jdk/blob/adca97b659d725b0dd320322297dcbd1b443a047/src/java.base/share/classes/sun/security/ec/ECPrivateKeyImpl.java#L209
More information about the security-dev
mailing list