On Fri Nov 8, 2024 at 9:44 PM EET, Jarkko Sakkinen wrote:
> On Mon Sep 30, 2024 at 9:40 PM EEST, James Prestwood wrote:
> > Hi,
> >
> > Unless I'm missing something it does not seem possible to read back the 
> > public key portion of an asymmetric key to userspace once added to the 
> > kernel. I have a use case where two separate applications need to 
> > perform crypto operations using the same private/public key pair and for 
> > added security it would be convenient to add the key (or load from TPM) 
> > once and pass around a key ID rather than the keys themselves.
> >
> > One of the things I need is to create and sign a CSR. To create the CSR 
> > I need the public key contents which can't be obtained from the key ID.
> >
> > To solve this problem I would propose adding a "read" operation to the 
> > asymmetric key type, but limiting it to only reading the public key 
> > portion of the key (if it exists). Alternatively a entirely new 
> > "read_public" keyctl API could be added as well, but re-using the 
> > existing read seemed more straight forward. Adding this seems easy 
> > enough, but I wanted to get an idea if this is something that would be 
> > accepted upstream or if others had better suggestions.
> >
> > Thanks,
> >
> > James
>
> Missed earlier (CC to dhowells).

Right *obviously* to linux-crypto and Herbert! And people/lists relevant
(at least according to MAINTAINERS file).

BR, Jarkko

Reply via email to