pkcs11 : extract pubkey from x509 certificates
Laurent Barbe
laurent at ksperis.com
Fri Feb 18 07:08:42 EST 2011
Sorry, I had not seen your answer.
Yes, that is what I meant.
I just have a look to the sources, do you think it would be complex to
implement ?
Thank you.
Laurent
Le jeudi 17 février 2011 à 11:59 -0500, Steven Bade a écrit :
> Daniel Kahn Gillmor wrote:
> > On 02/17/2011 11:38 AM, Laurent Barbe wrote:
> >> About PKCS11, some provider allows only the use of X509
> >> certificate.
> >> Are there plans to add the ability to extract the public key from
> >> certificates when there is no public key?
> >
> > I'm not sure this question makes sense. All X.509 certificates have a
> > public key (the subject's public key) in them by definition.
> >
> > Do you mean something else? (apologies if this is a simple typo that i
> > should be able to guess what you mean -- this stuff is confusing enough
> > that being really clear and explicit is helpful, though)
> >
> > --dkg
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > openssh-unix-dev mailing list
> > openssh-unix-dev at mindrot.org
> > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
> I think that they are saying that the PKCS#11 token will not allow
> access to the public key object (it may not even exist), some tokens
> only allow access to the public key through the certificate object.. but
> its been a while since i've delved into P11 in great detail. I know the
> implementations I worked on allowed access to the public key object.
More information about the openssh-unix-dev
mailing list