Alon Bar-Lev wrote: > The public key can be created in memory and not on token, this is also > much faster. > You can do whatever you like with the public key once in memory. > > The pkcs11-tool can always create the public key from the stored > private key object > whenever requested.
I think that is too general a statement. It depends on the card. For example the PIV card can generate a key pair on the card, and as part of the operation the card returns the public key. This is the *only* time you can read the public key from the card. The pkcs15-piv.c will simulate a public key object by reading the certificate and extracting the public key. > > Alon. > > On Thu, Mar 12, 2009 at 11:42 PM, Rickard Bondesson > <rickard.bondes...@iis.se> wrote: >> And people expect to get a key pair on the token when using pkcs11-tool to >> generate a key pair. As of now they only get the private key since the >> public key is removed when the session closes. >> If they want to save space and remove the public key then use pkcs11-tool -b >> ... >> >> 12 mar 2009 kl. 22.23 skrev "Rickard Bondesson" <rickard.bondes...@iis.se>: >> >> True, the public key do take place. But you need the public to be able >> to verify signatures (private keys do not have the verify attribute). >> So you prefer that you create a temporary public key each time you >> want to verify anything? >> >> If you still do not want to create a public key token object, then you >> have to rewrite some of the functions in pkcs11-tool that requires the >> public key. >> >> 12 mar 2009 kl. 19.49 skrev "Alon Bar-Lev" <alon.bar...@gmail.com>: >> >>> This is not required, as one can get this from private key attributes >>> or from the certificate. >>> It just waste card storage... >>> I read the message in reference, and I think that there should be a >>> different solution for this >>> without storing the public >>>> >>>> >>>> >>>> >>>> > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel > > -- Douglas E. Engert <deeng...@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
