<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title></title>
</head>
<body>
<font face="Arial,sans-serif"><font size="2"><br>
<br>
<span type="cite">Aleksey Sanin wrote:</span> </font></font>
<p><font face="Arial,sans-serif" size="2"> </font></p>
<blockquote type="cite"
style="border-left: thin solid blue; padding-left: 10px; margin-left: 0pt;"><font
face="Arial,sans-serif" size="2"> The truth is you that for RSA and DSA
you have to have <br>
both public ( RSA: "modulus", "exponent" and DSA: "p", "q", <br>
"g", "y") and private (RSA: "private exponent", DSA: "x") key <br>
components to perform "private" key operations. Thus NSS *does*<br>
have public key information when it has private key. The only<br>
required thing is "export public key from private one" function.<br>
I would be really surprised if there is no one already. AFAIK, the <br>
"<a
href="http://lxr.mozilla.org/mozilla/ident?i=SECKEY_ConvertToPublicKey">SECKEY_ConvertToPublicKey</a>"
does exactly this. The only thing <br>
that xmlsec-nss has to do specially is to always have pointers to both<a
href="http://lxr.mozilla.org/mozilla/ident?i=SECKEYPublicKey"><br>
SECKEYPublicKey</a> and <a
href="http://lxr.mozilla.org/mozilla/ident?i=SECKEYPrivateKey">SECKEYPrivateKey</a>.
The conversion from <br>
private to public key could be done "on-demand" or "by default"<br>
(I would expect this to be a "fast" operation).</font></blockquote>
<font size="2"><font face="Arial,sans-serif">The code I've written does
exactly this.... but I did not anticipate<br>
that I wouldn't have an NSS API that allows me to import<br>
an encrypted private key from a p8 file (the current API<br>
requires a public key as a "key id"). I tried to get around it<br>
by using an artificial "key id", importing the private key, and<br>
then extracting the public key and re-importing the private key...<br>
but that didn't work :(.<br>
<br>
</font></font>
<blockquote type="cite"
style="border-left: thin solid blue; padding-left: 10px; margin-left: 0pt;"><font
face="Arial,sans-serif" size="2"><br>
As you mentioned in option 3) implementing option 1) would mean<br>
changing core xmlsec internals. As I've explained above, I don't see<br>
reasons for this right now.</font></blockquote>
<br>
<blockquote type="cite"
style="border-left: thin solid blue; padding-left: 10px; margin-left: 0pt;"><font
face="Arial,sans-serif" size="2"><br>
<br>
Aleksey<br>
<br>
<br>
<br>
<br>
</font></blockquote>
</body>
</html>