Has there been any interest in standardizing this? The Jose project[0] has some initial working code (not yet published). We are using the (new, standardized) "p11" attribute in JWKs to replace the absence of private key material. The value of this attribute is the URI to the key as defined by p11-kit[1].
Thus, when a JWK which lacks private key material but contains "p11" is used for a decryption or signing process, we forward this request to the PKCS#11 module. Does anyone have interest in working with me on a standard for this (or something similar)? Nathaniel [0]: https://github.com/latchset/jose [1]: https://github.com/p11-glue/p11-kit _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
