> No, since the private key has the CKA_SENSITIVE set to true
> (by the gen_keypair function), which means that key material
> of the private key can not be extracted. And no public key
> can thus be created from the private key.
>
> I think that you should create a private and public key on
> the token. One of the reasons to use a HSM is to securely
> store the private key, which means that no public key can be
> derived from the private key (once the public key is removed
> by the token).
>
> My conclusion: Keep the {CKA_TOKEN, &_true, sizeof(_true)}
> for the public key in the context of the pkcs11-tool.
Well ok, you can extract CKA_MODULUS and CKA_PUBLIC_EXPONENT from the private
key. Which is needed for the public key.
But pkcs11-tool does not do that. It segfaults during the test function:
Signatures (currently only RSA signatures)
testing key 0 (090310084749289287)
coudn't find the corresponding pubkey
Note: C_SignUpdate(), SignFinal() not supported
Segmentation fault
As mentionend in my first mail.
// Rickard
PGP.sig
Description: PGP signature
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
