[gnutls-devel] GnuTLS | Support reading and writing private keys in PKCS#8 v2 format (#1474)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Wed Feb 14 08:01:55 CET 2024

n3rdy commented: https://gitlab.com/gnutls/gnutls/-/issues/1474#note_1772301567

@dueno after going through the source code, these are the changes I've identified:
- Modify `lib/pkix.asn` to include the publicKey field, with RFC 5958 as a reference
- Encoding: Modify `encode_to_private_key_info` as mentioned before, and add a function `gnutls_x509_privkey_export_pkcs8v2` (exposing it to the public API) with the same parameters as gnutls_x509_privkey_export_pkcs8, and an additional public_key datum, which may be set to NULL.
- Decoding: Modify `_decode_pkcs8_dsa_key` in `/lib/x509/privkey_pkcs8.c` to read the "publicKey" field if it exists.

Are these changes fine? Also, I didn't quite understand where the public key would be stored in the gnutls_x509_privkey_t data structure if they would be stored at all. Additionally, the decode functions for other algorithms could be changed, to retrieve the public key from the publicKey field if it exists, instead of computing it (as in the case of edDSA and ed25519). So can I modify those as well?

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1474#note_1772301567
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240214/7d38cde6/attachment-0001.html>

More information about the Gnutls-devel mailing list