Alon Bar-Lev wrote:
> The public key can be created in memory and not on token, this is also
> much faster.
> You can do whatever you like with the public key once in memory.
>
> The pkcs11-tool can always create the public key from the stored
> private key object
> whenever requested.
I think
Alon Bar-Lev wrote:
> This is not required, as one can get this from private key attributes
> or from the certificate.
> It just waste card storage...
I'm not sure this is the best argument, "640k is enough for any man" and
all that. I know some cards don't have much room on them, but certainly
n
> No, since the private key has the CKA_SENSITIVE set to true
> (by the gen_keypair function), which means that key material
> of the private key can not be extracted. And no public key
> can thus be created from the private key.
>
> I think that you should create a private and public key on
>
> The public key can be created in memory and not on token,
> this is also much faster.
> You can do whatever you like with the public key once in memory.
True, but it adds up extra work if you want to use the functionalities of the
HSM.
> The pkcs11-tool can always create the public key from t
