[Bug 26411] Caller can't force JWK to be distinguished as public or private key


--- Comment #5 from Ryan Sleevi <sleevi@google.com> ---
Note that I don't have any real or imagined use case for this. It was just
worth documenting as a limitation. I don't hear anyone screaming for support,

(In reply to Richard Barnes from comment #4)
> Another way you could go about this is to add a way to get the public key
> that corresponds to a given private key.  This is clearly possible for EC
> and DH keys, and should pretty much always be possible for RSA keys.  That
> way the API could default to private key import if the private parameters
> are present, then you could translate over to the public if you need it.  As
> a bonus, this seems like something that could be useful more generally.

I intentionally avoided this during early drafts, because in many cryptographic
libraries and implementation, this isn't possible/easy/reliable. This is,
admittedly, primarily a concern induced by how hardware tokens behave, but one
that has been reflected into the system APIs.

You are receiving this mail because:
You are on the CC list for the bug.

Received on Tuesday, 5 August 2014 19:17:17 UTC