Hi Tadeusz,
I have been working with the AF_ALG patches for akcipher lately and I find the
RSA set key function way too limited. Especially the fact that it uses a format
that I can not find a single reference / standard for worries me.
RsaKey ::= SEQUENCE {
n INTEGER ({ rsa_get_n }),
e INTEGER ({ rsa_get_e }),
d INTEGER ({ rsa_get_d })
}
So where is this format coming from? I can find the RSA Public Key format which
is a sequence of n and e. If you have a DER encoded RSA public key, then you
can use it to encrypt and verify. So that is okay.
However if you have a standard Public Key that OpenSSL would create by default,
then things do not work since that is actually a more complicated DER encoded
format. However in the end, I would expect that we could also load such a key
here. The RSA set key function should auto detect it and extract the right
information if it is marked as rsaEncryption type.
My biggest concern however is that this does not reassemble the RSA Private Key
at all. That key format is a sequence of 9 integers starting with a version. So
logically I would expect that I can just set a RSA Private Key and then utilize
the encrypt and decrypt features of the RSA cipher.
When it comes to exposing RSA via AF_ALG and akcipher, I really want standard
format for the set key operation. Asking userspace to construct this Linux
kernel only key format is not helpful. You want to be able to just load the RSA
Private Key in DER format and be done with it.
Any ideas on how we can fix this to allow a sensible userspace API?
Regards
Marcel
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
