pkcs11 : extract pubkey from x509 certificates

Steven Bade sbade at austin.ibm.com
Fri Feb 18 03:59:19 EST 2011


Daniel Kahn Gillmor wrote:
> On 02/17/2011 11:38 AM, Laurent Barbe wrote:
>> About PKCS11, some provider allows only the use of X509
>> certificate.
>> Are there plans to add the ability to extract the public key from
>> certificates when there is no public key?
> 
> I'm not sure this question makes sense.  All X.509 certificates have a
> public key (the subject's public key) in them by definition.
> 
> Do you mean something else?  (apologies if this is a simple typo that i
> should be able to guess what you mean -- this stuff is confusing enough
> that being really clear and explicit is helpful, though)
> 
> 	--dkg
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
I think that they are saying that the PKCS#11 token will not allow
access to the public key object (it may not even exist), some tokens
only allow access to the public key through the certificate object.. but
its been a while since i've delved into P11 in great detail. I know the
implementations I worked on allowed access to the public key object.


More information about the openssh-unix-dev mailing list