<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;">
The KEM API has always been using only the private key on the decapsulator side:
<div><br>
</div>
<div><b style="font-size: 16px; color: rgb(32, 33, 34); font-family: sans-serif; font-variant-ligatures: normal; orphans: 2; widows: 2; background-color: rgb(255, 255, 255); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;">Decapsulation</b><span style="font-size: 16px; color: rgb(32, 33, 34); font-family: sans-serif; font-variant-ligatures: normal; orphans: 2; widows: 2; background-color: rgb(255, 255, 255); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;">, </span><span class="mwe-math-element" style="font-size: 16px; color: rgb(32, 33, 34); font-family: sans-serif; font-variant-ligatures: normal; orphans: 2; widows: 2; background-color: rgb(255, 255, 255); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;"><img src="https://wikimedia.org/api/rest_v1/media/math/render/svg/a52f9a280661946e980d640ad3546137b90b564c" class="mwe-math-fallback-image-inline mw-invert skin-invert" aria-hidden="true" alt="{\displaystyle k':=\operatorname {Decap} ({\mathit {sk}},c')}" style="border: 0px; vertical-align: -0.838ex; display: inline-block; --color-base: #202122; --color-base-fixed: #202122; --color-base--hover: #404244; --color-emphasized: #101418; --color-subtle: #54595d; --color-placeholder: #72777d; --color-disabled: #a2a9b1; --color-disabled-emphasized: #a2a9b1; --color-inverted: #fff; --color-inverted-fixed: #fff; --color-progressive: #36c; --color-progressive--hover: #3056a9; --color-progressive--active: #233566; --color-progressive--focus: #36c; --color-destructive: #bf3c2c; --color-destructive--hover: #9f3526; --color-destructive--active: #612419; --color-destructive--focus: #36c; --color-visited: #6a60b0; --color-visited--hover: #534fa3; --color-visited--active: #353262; --color-destructive--visited: #9f5555; --color-destructive--visited--hover: #854848; --color-destructive--visited--active: #512e2e; --color-error: #bf3c2c; --color-error--hover: #9f3526; --color-error--active: #612419; --color-warning: #886425; --color-success: #177860; --color-notice: #404244; --color-icon-error: #f54739; --color-icon-warning: #ab7f2a; --color-icon-success: #099979; --color-icon-notice: #72777d; --color-content-added: #006400; --color-content-removed: #8b0000; --filter-invert-icon: 0; --filter-invert-primary-button-icon: 1; --box-shadow-color-base: #000; --box-shadow-color-progressive--active: #233566; --box-shadow-color-progressive--focus: #36c; --box-shadow-color-progressive-selected: #36c; --box-shadow-color-progressive-selected--hover: #4b77d6; --box-shadow-color-progressive-selected--active: #233566; --box-shadow-color-destructive--focus: #36c; --box-shadow-color-inverted: #fff; --box-shadow-color-transparent: transparent; --background-color-base: #fff; --background-color-base-fixed: #fff; --background-color-neutral: #eaecf0; --background-color-neutral-subtle: #f8f9fa; --background-color-interactive: #eaecf0; --background-color-interactive-subtle: #f8f9fa; --background-color-interactive-subtle--hover: #eaecf0; --background-color-interactive-subtle--active: #dadde3; --background-color-disabled: #dadde3; --background-color-disabled-subtle: #eaecf0; --background-color-inverted: #101418; --background-color-progressive: #36c; --background-color-progressive--hover: #3056a9; --background-color-progressive--active: #233566; --background-color-progressive--focus: #36c; --background-color-progressive-subtle: #f1f4fd; --background-color-destructive: #bf3c2c; --background-color-destructive--hover: #9f3526; --background-color-destructive--active: #612419; --background-color-destructive--focus: #36c; --background-color-destructive-subtle: #ffe9e5; --background-color-error: #f54739; --background-color-error--hover: #d74032; --background-color-error--active: #bf3c2c; --background-color-error-subtle: #ffe9e5; --background-color-error-subtle--hover: #ffdad3; --background-color-error-subtle--active: #ffc8bd; --background-color-warning-subtle: #fdf2d5; --background-color-success-subtle: #dff2eb; --background-color-notice-subtle: #eaecf0; --background-color-content-added: #a3d3ff; --background-color-content-removed: #ffe49c; --background-color-transparent: transparent; --background-color-backdrop-light: rgba(255,255,255,0.65); --background-color-backdrop-dark: rgba(0,0,0,0.65); --background-color-button-quiet--hover: rgba(0,24,73,0.027); --background-color-button-quiet--active: rgba(0,24,73,0.082); --background-color-input-binary--checked: #36c; --background-color-tab-list-item-framed--hover: rgba(255,255,255,0.3); --background-color-tab-list-item-framed--active: rgba(255,255,255,0.65); --opacity-icon-base: 0.87; --opacity-icon-base--hover: 0.74; --opacity-icon-base--selected: 1; --opacity-icon-base--disabled: 0.51; --opacity-icon-placeholder: 0.51; --opacity-icon-subtle: 0.67; --border-color-base: #a2a9b1; --border-color-subtle: #c8ccd1; --border-color-muted: #dadde3; --border-color-interactive: #72777d; --border-color-interactive--hover: #27292d; --border-color-interactive--active: #202122; --border-color-disabled: #c8ccd1; --border-color-inverted: #fff; --border-color-progressive: #36c; --border-color-progressive--hover: #3056a9; --border-color-progressive--active: #233566; --border-color-progressive--focus: #36c; --border-color-destructive: #bf3c2c; --border-color-destructive--hover: #9f3526; --border-color-destructive--active: #612419; --border-color-destructive--focus: #36c; --border-color-error: #f54739; --border-color-error--hover: #9f3526; --border-color-error--active: #612419; --border-color-warning: #ab7f2a; --border-color-success: #099979; --border-color-notice: #72777d; --border-color-content-added: #a3d3ff; --border-color-content-removed: #ffe49c; --border-color-transparent: transparent; --border-color-divider: #a2a9b1; --outline-color-progressive--focus: #36c; --color-link-red: var(--color-destructive); --color-link-red--hover: var(--color-destructive--hover); --color-link-red--active: var(--color-destructive--active); --color-link-red--focus: var(--color-destructive--focus); --color-link-red--visited: var(--color-destructive--visited); --color-link-red--visited--hover: var(--color-destructive--visited--hover); --color-link-red--visited--active: var(--color-destructive--visited--active); --border-color-input--hover: var(--border-color-interactive); --border-color-input-binary: var(--border-color-interactive); --border-color-input-binary--hover: var(--border-color-progressive--hover); --border-color-input-binary--active: var(--border-color-progressive--active); --border-color-input-binary--focus: var(--border-color-progressive--focus); --border-color-input-binary--checked: var(--border-color-progressive); --color-base--subtle: #54595d; width: 18.492ex; height: 3.009ex;"></span><span style="font-size: 16px; color: rgb(32, 33, 34); font-family: sans-serif; font-variant-ligatures: normal; orphans: 2; widows: 2; background-color: rgb(255, 255, 255); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;">,</span></div>
<div>
<div style="orphans: 2; widows: 2;"><font color="#202122" face="sans-serif" size="3"><span style="caret-color: rgb(32, 33, 34); background-color: rgb(255, 255, 255);"><br>
</span></font></div>
<div style="orphans: 2; widows: 2;">OQS_STATUS (*decaps)(uint8_t *shared_secret, const uint8_t *ciphertext, const uint8_t *secret_key);</div>
<div style="orphans: 2; widows: 2;"><br>
</div>
<div style="orphans: 2; widows: 2;"><span style="color: rgb(34, 34, 34); font-family: "Roboto Mono", monospace; font-size: 13.3px; font-variant-ligatures: normal; background-color: rgb(248, 248, 248); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;">Decap(enc,
 skR)</span></div>
<div style="orphans: 2; widows: 2;"><span style="color: rgb(34, 34, 34); font-family: "Roboto Mono", monospace; font-size: 13.3px; font-variant-ligatures: normal; background-color: rgb(248, 248, 248); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;"><br>
</span></div>
<div style="orphans: 2; widows: 2;"><span style="color: rgb(34, 34, 34); font-family: "Roboto Mono", monospace; font-size: 13.3px; font-variant-ligatures: normal; background-color: rgb(248, 248, 248); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;">
<div>int crypto_kem_dec(</div>
<div>unsigned char *ss,</div>
<div>const unsigned char *ct,</div>
<div>const unsigned char *sk</div>
<div>)</div>
<div><br>
</div>
<div>
<div class="col-first odd-row-color method-summary-table method-summary-table-tab2 method-summary-table-tab4" style="vertical-align: top; padding: 8px 3px 3px 7px; font-size: 0.93em; overflow: auto hidden; color: rgb(40, 40, 40); font-family: "DejaVu Sans", Arial, Helvetica, sans-serif; font-variant-ligatures: normal; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;">
<code style="font-family: var(--code-font-family); font-size: var(--code-font-size); line-height: 1.4em;"><a href="https://download.java.net/java/early_access/jdk25/docs/api/java.base/javax/crypto/KEM.Decapsulator.html" title="class in javax.crypto" style="text-decoration: none; color: var(--link-color-active); font-weight: bold;">KEM.Decapsulator</a></code></div>
<div class="col-second odd-row-color method-summary-table method-summary-table-tab2 method-summary-table-tab4" style="vertical-align: top; padding: 8px 3px 3px 7px; font-size: 0.93em; overflow: auto hidden; color: rgb(40, 40, 40); font-family: "DejaVu Sans", Arial, Helvetica, sans-serif; font-variant-ligatures: normal; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;">
<code style="font-family: var(--code-font-family); font-size: var(--code-font-size); line-height: 1.4em;"><a href="https://download.java.net/java/early_access/jdk25/docs/api/java.base/javax/crypto/KEM.html#newDecapsulator(java.security.PrivateKey,java.security.spec.AlgorithmParameterSpec)" class="member-name-link" style="font-weight: bold; text-decoration: none; color: var(--link-color);">newDecapsulator</a><wbr>(<a href="https://download.java.net/java/early_access/jdk25/docs/api/java.base/java/security/PrivateKey.html" title="interface in java.security" style="text-decoration: none; color: var(--link-color); font-weight: bold;">PrivateKey</a> privateKey, <a href="https://download.java.net/java/early_access/jdk25/docs/api/java.base/java/security/spec/AlgorithmParameterSpec.html" title="interface in java.security.spec" style="text-decoration: none; color: var(--link-color); font-weight: bold;">AlgorithmParameterSpec</a> spec)</code></div>
</div>
<div><br>
</div>
</span></div>
<div>Thanks,</div>
<div>Weijun<br>
<br>
<br>
<blockquote type="cite">
<div>On Dec 12, 2024, at 02:14, Daniel Jeliński <djelinski1@gmail.com> wrote:</div>
<br class="Apple-interchange-newline">
<div><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;">Hi
 Weijun,</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">
<span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;">I
 didn't read the entire RFC, but it looks to me that the Decap</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">
<span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;">function
 is run on the receiver side, and needs the receiver's private</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">
<span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;">and
 public key, both of which are generated by the receiver. Couldn't</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">
<span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;">our
 implementation of Decap take the key pair instead of taking the</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">
<span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;">secret
 key alone?</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">
<span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;">Regards,</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">
<span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;">Daniel</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">
<br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">
<span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;">śr.,
 11 gru 2024 o 18:00 Wei-Jun Wang <</span><a href="mailto:weijun.wang@oracle.com" style="font-family: Helvetica; font-size: 14px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;">weijun.wang@oracle.com</a><span style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;">>
 napisał(a):</span><br style="caret-color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">
<blockquote type="cite" style="font-family: Helvetica; font-size: 14px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;">
<br>
Hi Martin,<br>
<br>
That’s how DH works. Unfortunately, DHKEM is not simply exposing DH in KEM API. Its decapsulation function is defined as [1]<br>
<br>
def Decap(enc, skR):<br>
 pkE = DeserializePublicKey(enc)<br>
 dh = DH(skR, pkE)<br>
<br>
 pkRm = SerializePublicKey(pk(skR))<br>
 kem_context = concat(enc, pkRm)<br>
<br>
 shared_secret = ExtractAndExpand(dh, kem_context)<br>
 return shared_secret<br>
<br>
<br>
Here, the DH output is fed as IKM into a HKDF and the HKDF-Expand info contains its own public key — pk(skR) — as a part.<br>
<br>
Thanks,<br>
Weijun<br>
<br>
[1]<span class="Apple-converted-space"> </span><a href="https://urldefense.com/v3/__https://www.rfc-editor.org/rfc/rfc9180.html*name-dh-based-kem-dhkem__;Iw!!ACWV5N9M2RV99hQ!ONHrzy7dpSw4Ujf0pe9SQL8j-4q8fdxhdC44yYG8DQHju9vHZxooTzBxX6lOWndgrVdDMOJoHi2ewqOJmAGC6Q$">https://urldefense.com/v3/__https://www.rfc-editor.org/rfc/rfc9180.html*name-dh-based-kem-dhkem__;Iw!!ACWV5N9M2RV99hQ!ONHrzy7dpSw4Ujf0pe9SQL8j-4q8fdxhdC44yYG8DQHju9vHZxooTzBxX6lOWndgrVdDMOJoHi2ewqOJmAGC6Q$</a><br>
<br>
<br>
On Dec 11, 2024, at 09:44, Martin Balao <mbalao@redhat.com> wrote:<br>
<br>
Hi Weijun,<br>
<br>
I am not familiar to this algorithm but the typical key-exchange APIs let you generate a key pair first and, when you invoke the secret encapsulation mechanism, you use your private key + your counter-part public key. Do you think this could be the case here?<br>
<br>
Regards,<br>
Martin.-<br>
<br>
<br>
On 12/10/24 00:07, Wei-Jun Wang wrote:<br>
<br>
So are you suggesting there is no such a way?<br>
I do notice that in NSS’s own HPKE implementation, the receiver needs to provide both keys [1]:<br>
SECStatus PK11_HPKE_SetupR(HpkeContext *cx, const SECKEYPublicKey *pkR, SECKEYPrivateKey *skR,<br>
                          const SECItem *enc, const SECItem *info);<br>
Maybe they also don’t have a simple way to get pkR from skR.<br>
Thanks,<br>
Weijun<br>
[1] https://urldefense.com/v3/__https://github.com/nss-dev/nss/blob/e2f270997ff9364aebb688f49b7c28698b70f24d/lib/pk11wrap/pk11pub.h*L788__;Iw!!ACWV5N9M2RV99hQ!N-hg_2MBY8A7Xq5uANI019wCfwrtROskrREyxtRKa8WKXwKZEgtWe1TNH0sMsIFnn9aIkIUBUqOIp7KE$  <https://urldefense.com/v3/__https://github.com/nss-dev/nss/blob/e2f270997ff9364aebb688f49b7c28698b70f24d/lib/pk11wrap/pk11pub.h*L788__;Iw!!ACWV5N9M2RV99hQ!N-hg_2MBY8A7Xq5uANI019wCfwrtROskrREyxtRKa8WKXwKZEgtWe1TNH0sMsIFnn9aIkIUBUqOIp7KE$
 ><br>
<br>
On Dec 9, 2024, at 21:27, Francisco Ferrari Bihurriet <fferrari@redhat.com> wrote:<br>
<br>
Hi Wei-Jun,<br>
<br>
As far as I know, public and private keys are different PKCS#11 objects,<br>
each one with a different CK_OBJECT_HANDLE. See for example how<br>
C_GenerateKeyPair [1] has two output parameters: CK_OBJECT_HANDLE_PTR<br>
phPublicKey amd CK_OBJECT_HANDLE_PTR phPrivateKey.<br>
<br>
NSS uses CKA_PUBLIC_KEY_INFO only when wrapping [2] / unwrapping [3]<br>
(C_WrapKey / C_UnwrapKey) RSA-PSS keys (where it stores an ASN1-encoded<br>
SubjectPublicKeyInfo with the algorithm OID and the DER encoding of the<br>
public key).<br>
<br>
Here [4] is how SunPKCS11 proceeds after calling C_GenerateKeyPair, by<br>
creating two P11Key objects for each handle (P11PublicKey and<br>
P11PrivateKey).<br>
<br>
[1]https://urldefense.com/v3/__https://docs.oasis-open.org/pkcs11/pkcs11-base/v3.0/pkcs11-base-v3.0.html*_Toc29976704__;Iw!!ACWV5N9M2RV99hQ!OmuwCcv-dJsqSgUuLEW8yqzvuB4Qwj5ay4afqgvAfvn3DiGx9lz31XjKDuAt_LABjdrwdCT8FmTTLO6ARjM$ <https://urldefense.com/v3/__https://docs.oasis-open.org/pkcs11/pkcs11-base/v3.0/pkcs11-base-v3.0.html*_Toc29976704__;Iw!!ACWV5N9M2RV99hQ!OmuwCcv-dJsqSgUuLEW8yqzvuB4Qwj5ay4afqgvAfvn3DiGx9lz31XjKDuAt_LABjdrwdCT8FmTTLO6ARjM$><br>
[2]https://urldefense.com/v3/__https://github.com/nss-dev/nss/blob/NSS_3_101_RTM/lib/softoken/pkcs11c.c*L6038-L6039__;Iw!!ACWV5N9M2RV99hQ!OmuwCcv-dJsqSgUuLEW8yqzvuB4Qwj5ay4afqgvAfvn3DiGx9lz31XjKDuAt_LABjdrwdCT8FmTT9ztKx9Y$ <https://urldefense.com/v3/__https://github.com/nss-dev/nss/blob/NSS_3_101_RTM/lib/softoken/pkcs11c.c*L6038-L6039__;Iw!!ACWV5N9M2RV99hQ!OmuwCcv-dJsqSgUuLEW8yqzvuB4Qwj5ay4afqgvAfvn3DiGx9lz31XjKDuAt_LABjdrwdCT8FmTT9ztKx9Y$><br>
[3]https://urldefense.com/v3/__https://github.com/nss-dev/nss/blob/NSS_3_101_RTM/lib/softoken/pkcs11c.c*L6604-L6605__;Iw!!ACWV5N9M2RV99hQ!OmuwCcv-dJsqSgUuLEW8yqzvuB4Qwj5ay4afqgvAfvn3DiGx9lz31XjKDuAt_LABjdrwdCT8FmTTdVw8oI8$ <https://urldefense.com/v3/__https://github.com/nss-dev/nss/blob/NSS_3_101_RTM/lib/softoken/pkcs11c.c*L6604-L6605__;Iw!!ACWV5N9M2RV99hQ!OmuwCcv-dJsqSgUuLEW8yqzvuB4Qwj5ay4afqgvAfvn3DiGx9lz31XjKDuAt_LABjdrwdCT8FmTTdVw8oI8$><br>
[4]https://urldefense.com/v3/__https://github.com/openjdk/jdk/blob/jdk-25*1/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java*L424-L431__;KyM!!ACWV5N9M2RV99hQ!OmuwCcv-dJsqSgUuLEW8yqzvuB4Qwj5ay4afqgvAfvn3DiGx9lz31XjKDuAt_LABjdrwdCT8FmTTozigB-E$
 <https://urldefense.com/v3/__https://github.com/openjdk/jdk/blob/jdk-25*1/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java*L424-L431__;KyM!!ACWV5N9M2RV99hQ!OmuwCcv-dJsqSgUuLEW8yqzvuB4Qwj5ay4afqgvAfvn3DiGx9lz31XjKDuAt_LABjdrwdCT8FmTTozigB-E$><br>
<br>
Regards,<br>
--<br>
Francisco<br>
<br>
On 12/10/24 01:43, Wei-Jun Wang wrote:<br>
<br>
Daniel suggested CKA_PUBLIC_KEY_INFO but it’s not available in NSS 3.101.<br>
<br>
On Dec 9, 2024, at 08:07, Wei-Jun Wang <weijun.wang@oracle.com> wrote:<br>
<br>
Hi PKCS #11 gurus,<br>
<br>
DHKEM [1] requires a function<br>
<br>
Pk(skX): The KEM public key corresponding to the KEM private key skX.<br>
<br>
"The notation pk(skX), depending on its use and the KEM and its<br>
implementation, is either the computation of the public key using the<br>
private key, or just syntax expressing the retrieval of the public<br>
key, assuming it is stored along with the private key object."<br>
<br>
For the software side, I can calculate the public key [2] from the<br>
private key. How can I do this in PKCS #11?<br>
<br>
Thanks,<br>
Weijun<br>
<br>
[1]https://urldefense.com/v3/__https://www.rfc-editor.org/rfc/rfc9180.html*name-notation__;Iw!!ACWV5N9M2RV99hQ!OmuwCcv-dJsqSgUuLEW8yqzvuB4Qwj5ay4afqgvAfvn3DiGx9lz31XjKDuAt_LABjdrwdCT8FmTT0-STk6s$ <https://urldefense.com/v3/__https://www.rfc-editor.org/rfc/rfc9180.html*name-notation__;Iw!!ACWV5N9M2RV99hQ!OmuwCcv-dJsqSgUuLEW8yqzvuB4Qwj5ay4afqgvAfvn3DiGx9lz31XjKDuAt_LABjdrwdCT8FmTT0-STk6s$><br>
[2]https://urldefense.com/v3/__https://github.com/openjdk/jdk/blob/__;!!ACWV5N9M2RV99hQ!OmuwCcv-dJsqSgUuLEW8yqzvuB4Qwj5ay4afqgvAfvn3DiGx9lz31XjKDuAt_LABjdrwdCT8FmTTH8KrINU$ <https://urldefense.com/v3/__https://github.com/openjdk/jdk/blob/__;!!ACWV5N9M2RV99hQ!OmuwCcv-dJsqSgUuLEW8yqzvuB4Qwj5ay4afqgvAfvn3DiGx9lz31XjKDuAt_LABjdrwdCT8FmTTH8KrINU$><br>
adca97b659d725b0dd320322297dcbd1b443a047/src/java.base/share/classes/<br>
sun/security/ec/ECPrivateKeyImpl.java#L209</blockquote>
</div>
</blockquote>
</div>
<br>
</div>
</body>
</html>