Re: Reading public key portion of asymmetric keys

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Jarkko Sakkinen" <jarkko@kernel.org>
To: "James Prestwood" <prestwoj@gmail.com>, <keyrings@vger.kernel.org>
Cc: <dhowells@redhat.com>
Subject: Re: Reading public key portion of asymmetric keys
Date: Fri, 08 Nov 2024 21:44:09 +0200	[thread overview]
Message-ID: <D5H1ZB95VC60.1XLLYFS3CLRIZ@kernel.org> (raw)
In-Reply-To: <eb52cc47-0e42-4f1a-984d-27d3470da92e@gmail.com>

On Mon Sep 30, 2024 at 9:40 PM EEST, James Prestwood wrote:
> Hi,
>
> Unless I'm missing something it does not seem possible to read back the 
> public key portion of an asymmetric key to userspace once added to the 
> kernel. I have a use case where two separate applications need to 
> perform crypto operations using the same private/public key pair and for 
> added security it would be convenient to add the key (or load from TPM) 
> once and pass around a key ID rather than the keys themselves.
>
> One of the things I need is to create and sign a CSR. To create the CSR 
> I need the public key contents which can't be obtained from the key ID.
>
> To solve this problem I would propose adding a "read" operation to the 
> asymmetric key type, but limiting it to only reading the public key 
> portion of the key (if it exists). Alternatively a entirely new 
> "read_public" keyctl API could be added as well, but re-using the 
> existing read seemed more straight forward. Adding this seems easy 
> enough, but I wanted to get an idea if this is something that would be 
> accepted upstream or if others had better suggestions.
>
> Thanks,
>
> James

Missed earlier (CC to dhowells).

BR, Jarkko

next prev parent reply	other threads:[~2024-11-08 19:44 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-09-30 18:40 Reading public key portion of asymmetric keys James Prestwood
2024-11-08 13:55 ` bauen1
2024-11-08 19:44 ` Jarkko Sakkinen [this message]
2024-11-08 20:12   ` Jarkko Sakkinen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=D5H1ZB95VC60.1XLLYFS3CLRIZ@kernel.org \
    --to=jarkko@kernel.org \
    --cc=dhowells@redhat.com \
    --cc=keyrings@vger.kernel.org \
    --cc=prestwoj@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.