The truth is you that for RSA and DSA you have to have
both public ( RSA: "modulus", "exponent" and DSA: "p", "q",
"g", "y") and private (RSA: "private exponent", DSA: "x") key
components to perform "private" key operations. Thus NSS *does*
have public key information when it has private key. The only
required thing is "export public key from private one" function.
I would be really surprised if there is no one already. AFAIK, the
"SECKEY_ConvertToPublicKey"
does exactly this. The only thing
that xmlsec-nss has to do specially is to always have pointers to both
SECKEYPublicKey and SECKEYPrivateKey.
The conversion from
private to public key could be done "on-demand" or "by default"
(I would expect this to be a "fast" operation).
As you mentioned in option 3) implementing option 1) would mean
changing core xmlsec internals. As I've explained above, I don't see
reasons for this right now.
Aleksey
_______________________________________________
xmlsec mailing list
[EMAIL PROTECTED]
http://www.aleksey.com/mailman/listinfo/xmlsec
- [xmlsec] standalone private keys Tejkumar Arora
- Re: [xmlsec] standalone private keys Aleksey Sanin
- Re: [xmlsec] standalone private keys Tejkumar Arora
- Re: [xmlsec] standalone private keys Tejkumar Arora
- Re: [xmlsec] standalone private keys Aleksey Sanin
- Re: [xmlsec] standalone private keys Tejkumar Arora
- Re: [xmlsec] standalone private keys Aleksey Sanin
