From: "Jarkko Sakkinen" <jarkko@kernel.org>
To: "Jarkko Sakkinen" <jarkko@kernel.org>,
"James Prestwood" <prestwoj@gmail.com>,
<keyrings@vger.kernel.org>
Cc: <dhowells@redhat.com>, <herbert@gondor.apana.org.au>,
<linux-crypto@vger.kernel.org>, <linux-integrity@vger.kernel.org>,
<davem@davemloft.net>
Subject: Re: Reading public key portion of asymmetric keys
Date: Fri, 08 Nov 2024 22:12:47 +0200 [thread overview]
Message-ID: <D5H2L8I47L68.1GJPPIBLOD0LX@kernel.org> (raw)
In-Reply-To: <D5H1ZB95VC60.1XLLYFS3CLRIZ@kernel.org>
On Fri Nov 8, 2024 at 9:44 PM EET, Jarkko Sakkinen wrote:
> On Mon Sep 30, 2024 at 9:40 PM EEST, James Prestwood wrote:
> > Hi,
> >
> > Unless I'm missing something it does not seem possible to read back the
> > public key portion of an asymmetric key to userspace once added to the
> > kernel. I have a use case where two separate applications need to
> > perform crypto operations using the same private/public key pair and for
> > added security it would be convenient to add the key (or load from TPM)
> > once and pass around a key ID rather than the keys themselves.
> >
> > One of the things I need is to create and sign a CSR. To create the CSR
> > I need the public key contents which can't be obtained from the key ID.
> >
> > To solve this problem I would propose adding a "read" operation to the
> > asymmetric key type, but limiting it to only reading the public key
> > portion of the key (if it exists). Alternatively a entirely new
> > "read_public" keyctl API could be added as well, but re-using the
> > existing read seemed more straight forward. Adding this seems easy
> > enough, but I wanted to get an idea if this is something that would be
> > accepted upstream or if others had better suggestions.
> >
> > Thanks,
> >
> > James
>
> Missed earlier (CC to dhowells).
Right *obviously* to linux-crypto and Herbert! And people/lists relevant
(at least according to MAINTAINERS file).
BR, Jarkko
prev parent reply other threads:[~2024-11-08 20:12 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-30 18:40 Reading public key portion of asymmetric keys James Prestwood
2024-11-08 13:55 ` bauen1
2024-11-08 19:44 ` Jarkko Sakkinen
2024-11-08 20:12 ` Jarkko Sakkinen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D5H2L8I47L68.1GJPPIBLOD0LX@kernel.org \
--to=jarkko@kernel.org \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=herbert@gondor.apana.org.au \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=prestwoj@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.