On Fri, 15 Jan 2021 01:45:07 GMT, Valerie Peng <valer...@openjdk.org> wrote:
>> Marked as reviewed by weijun (Reviewer). > >> >> >> _Mailing list message from [Michael StJohns](mailto:mstjo...@comcast.net) on >> [security-dev](mailto:security-dev@openjdk.java.net):_ >> >> Sorry - I'm coming to this a bit late. >> >> Any chance of adding the logic for generatePublic() from a PKCS8 RSA >> private key??? RFC3477 has the PKCS1 RSAPrivateKey ASN1 which includes >> the modulus and publicExponent - so it should be a pretty straight >> forward add to generate a public key. >> >> PKCS11 2.40 started requiring that the publicExponent be stored with the >> private key to allow for the public key to be regenerated from a private >> key object.?? Going forward,? it might be a good idea to modify the >> RSAPrivate(Crt)KeyImpl class to store the publicExponent if provided. >> >> Mike > > You are correct that for RSA private CRT keys the necessary values are there > for figuring out its corresponding public keys. > > This change is about adding support for PKCS#1 encoded RSA keys and be able > to translate them into PKCS#8 encoded keys and/or extract various key specs > out of them. If you already have PKCS#8 RSAPrivateCrtKey obj from SunRsaSign > provider, you can call its getPublicExponent() method and use that to create > a RSAPublicKeySpec and generate RSA public key with it. If you are using 3rd > party impl which does not return the public exponent value somehow, then you > can translate it using the RSA key factory impl from SunRsaSign provider and > then repeat the fore-mentioned step. Will this address your need? If not, > could you elaborate the usage that you have in mind? Not sure if you are > suggesting a new KeyFactory.generatePublic() method which take a PrivateKey > or else. Mike, We can continue your feedback with a separate RFE since this RFE is just about adding support for PKCS#1 encoding. I need to wrap this up before my upcoming trip this Wed, hope that's ok with you. Thanks! Valerie ------------- PR: https://git.openjdk.java.net/jdk/pull/1787
