SPKI export needs additional parameter

There are going to be some interesting issues when dealing with SKPI that
have not yet been raised.

 

Some algorithms allow for multiple SPKI OID values to be specified and
therefore the OID of the key is not necessarily determinate for the single
algorithm that is to be used, it may in fact be a set of algorithms that can
be used for a single key OID value.  The opposite mapping is also not going
to be one-to-one.  That is a single algorithm may allow for multiple key OID
values to be used for it.

 

We have already seen this for DH, where there are two different key OIDs
that can be used for the DH key agreement algorithm, specifically the PKCS#3
one and the X9.42 one.

 

For RSA-PSS, one can use both the rsaEncryption OID for a key as well as the
id-RSASSA-PSS OID.

For RSA-OAEP, one can use both the rsaEncryption OID for a key as well as
the id-RSAES-OAEP OID.

 

On the import side, this is not an issue as multiple OID values can be
checked in the logic and permitted.  However for export this is an issue as
one needs to have the ability to specify which of the OID values should be
used during the export processing.  This is a missing functionality that we
needs to discuss adding.

 

Jim

 

Received on Tuesday, 25 February 2014 18:15:00 UTC