Hello.
AFAIK, default (so-called legacydb) database manages private keys storage as
follows:
-- crypto-keys stored in dbm file "key3.db"
-- every (dbm_key,dbm_value) pair in "key3.db" is a pair of cryptographic
public/private keys:
( public key, encrypted PKCS#8 PrivateKeyInfo )
Given that, I am curious, why this code exists:
---- lg_GetPublicKey @ softoken/legacydb/lgattr.c ----
static NSSLOWKEYPublicKey *
lg_GetPublicKey(LGObjectCache *obj)
{
NSSLOWKEYPublicKey *pubKey;
NSSLOWKEYPrivateKey *privKey;
.......
privKey = lg_FindKeyByPublicKey( obj->sdb, &obj->dbKey );
if (privKey == NULL) {
return NULL;
}
pubKey = nsslowkey_ConvertToPublicKey(privKey);
.......
----------------------------------------------
It looks like public key (obj->dbKey) is used to find ... himself by extra
lookup for private key.
It couldn't be a problem, but this code implicitly assumes "there is a public key" inside
"private key". This is incorrect for GOST R 34.10-2001 private keys: PKCS#8
PrivateKeyInfo for GOST does *not* contain public part.
So, I am not sure, what is correct:
-- delete priv.key lookup from lg_GetPublicKey()
-- invent my own storage format for GOST keys, incompatible with PKCS#8
PrivateKeyInfo. This is much more patching of legacydb code.
Could you advice, please ?
Best regards,
--
Konstantin Andreev, software engineer.
Swemel JSC
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
