Vote proposal: Private keys can exist independently of public keys

Dr Paul Dale paul.dale at
Wed Oct 7 11:54:15 UTC 2020

Would it be feasible to change code that does ->pub_key to call a function that null checks the field and generates the public key if it is absent?

Dr Paul Dale | Distinguished Architect | Cryptographic Foundations 
Phone +61 7 3031 7217
Oracle Australia

> On 7 Oct 2020, at 9:29 pm, Matt Caswell <matt at> wrote:
> Issue #12612 exposes a problem with how we handle keys that contain
> private components but not public components.
> There is a widespread assumption in the code that keys with private
> components must have public components. There is text in our public
> documentation that states this (and that text dates back to 2006).
> OTOH, the code has not always enforced this. Issue #12612 describes a
> scenario where this has not historically been enforced, and it now is in
> the current 3.0 code causing a regression.
> There are differences of opinion on how this should be handled. Some
> have the opinion that we should change the model so that we explicitly
> allow private keys to exists without the public components. Others feel
> that we should continue with the old model.
> It seems we need a vote to decide this. Here is my proposed vote text:
> We should change the 3.0 code to explicitly allow private components to
> exist in keys without the public components also being present.
> Feedback please on the proposed vote text.
> Matt

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-project mailing list