Re: Obtaining the raw RSA parameters from a PKCS11 private key

help-gnutls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Obtaining the raw RSA parameters from a PKCS11 private key

From:	Nikos Mavrogiannopoulos
Subject:	Re: Obtaining the raw RSA parameters from a PKCS11 private key
Date:	Wed, 25 Apr 2012 09:36:29 +0200
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:10.0.3) Gecko/20120329 Icedove/10.0.3

On 04/25/2012 02:37 AM, Jim Lloyd wrote:

> Question: Is there a way to obtain the raw RSA parameters from a PKCS11
> private key?

The typical use case of PKCS #11 is to store keys there so that no-one
is able to extract the keys (e.g. if someone breaks into your
web-server he will not extract the keys). May I ask your use case?

Some devices do not allow exporting keys at all, but on some
you can mark them as exportable during their installation or
generation. If your keys are marked as exportable you can use
gnutls_pkcs11_obj_export() and then import it as an x509 private key.

> What then is the way for packet sniffing applications to use gnutls with

> certs/keys stored on HSMs? Am I forced to use gnutls_pubkey_encrypt_data
> and gnutls_privkey_decrypt_data with keys loaded from HSMs? What happens
> under the hood with these APIs?

The idea is to use the pubkey_encrypt() and privkey_decrypt() and let
the hardware perform the operations for you.

regards,
Nikos

[Prev in Thread]

Current Thread

[Next in Thread]

Obtaining the raw RSA parameters from a PKCS11 private key, Jim Lloyd, 2012/04/25
- Re: Obtaining the raw RSA parameters from a PKCS11 private key, Nikos Mavrogiannopoulos <=

Prev by Date: Obtaining the raw RSA parameters from a PKCS11 private key
Next by Date: gnutls suite b interoperability with a mocana server
Previous by thread: Obtaining the raw RSA parameters from a PKCS11 private key
Next by thread: gnutls suite b interoperability with a mocana server
Index(es):
- Date
- Thread