Hi Tadeusz, >> as you can clearly see. There are two formats defined here. There is no >> single ASN.1 structure that can decode both of these. >> >> It is what it is, RSA Public Key and RSA Private Key formats are two >> different key formats. And OpenSSL also treats it like this. You can extract >> the public key from a private key (same way you can extract it from a >> certificate), but you can not create a private key structure that only >> contains the public key. >> >> For RSA we need to support the two formats as listed above. To make this >> really easy from an API point of view, I would have setkey and setpubkey >> function. And also expose them as ALG_SET_KEY and ALG_SET_PUBKEY socket >> options for AF_ALG. > > I'll have a look what will be the easiest way to get the openSSL generated & > unmodified private key working.
I already have patches for that actually. The question is just which approach to take? My current proposal is to separate the current crypto_akcipher_setkey into two functions. Use the crypto_akcipher_setkey for loading combined private and public key formats and crypto_akcipher_setpubkey for just loading the public key only format. One other option is actually for crypto_akcipher_setkey to use struct public_key from include/crypto/public_key.h. I mean we have this all defined. Why do we operate on binary blobs for the keys in the first place. For example if the key comes from a certificate in the keyring, lets just use that data. Most likely the asymmetric key type already decoded it nicely for us. No need to do this again. I mean there is more than RSA out there and this would allow us to express struct public_key_algorithm in addition to the allowed applications of said key as well. This would properly also allow us to combine the crypto/asymmetric_keys/rsa.c and crypto/rsa.c so that we only have a single RSA implementation. Not to mention that we also have lib/digsig.c in the kernel. Regards Marcel -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
