Aleksey Sanin wrote:
The truth is you that for RSA and DSA you have to haveThe code I've written does exactly this.... but I did not anticipate
both public ( RSA: "modulus", "exponent" and DSA: "p", "q",
"g", "y") and private (RSA: "private exponent", DSA: "x") key
components to perform "private" key operations. Thus NSS *does*
have public key information when it has private key. The only
required thing is "export public key from private one" function.
I would be really surprised if there is no one already. AFAIK, the
"SECKEY_ConvertToPublicKey" does exactly this. The only thing
that xmlsec-nss has to do specially is to always have pointers to both
SECKEYPublicKey and SECKEYPrivateKey. The conversion from
private to public key could be done "on-demand" or "by default"
(I would expect this to be a "fast" operation).
that I wouldn't have an NSS API that allows me to import
an encrypted private key from a p8 file (the current API
requires a public key as a "key id"). I tried to get around it
by using an artificial "key id", importing the private key, and
then extracting the public key and re-importing the private key...
but that didn't work :(.
As you mentioned in option 3) implementing option 1) would mean
changing core xmlsec internals. As I've explained above, I don't see
reasons for this right now.
_______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
Aleksey
