Vote proposal: Private keys can exist independently of public keys

SHANE LONTIS shane.lontis at oracle.com
Wed Oct 7 21:22:23 UTC 2020


I assume you are just talking about the ec key?

If the public key is not present then that could be seen as an error for operations that require the public key. 

Shane

> On 7 Oct 2020, at 9:54 pm, Dr Paul Dale <paul.dale at oracle.com> wrote:
> 
> Would it be feasible to change code that does ->pub_key to call a function that null checks the field and generates the public key if it is absent?
> 
> 
> Pauli
> -- 
> Dr Paul Dale | Distinguished Architect | Cryptographic Foundations 
> Phone +61 7 3031 7217
> Oracle Australia
> 
> 
> 
> 
>> On 7 Oct 2020, at 9:29 pm, Matt Caswell <matt at openssl.org <mailto:matt at openssl.org>> wrote:
>> 
>> Issue #12612 exposes a problem with how we handle keys that contain
>> private components but not public components.
>> 
>> There is a widespread assumption in the code that keys with private
>> components must have public components. There is text in our public
>> documentation that states this (and that text dates back to 2006).
>> 
>> OTOH, the code has not always enforced this. Issue #12612 describes a
>> scenario where this has not historically been enforced, and it now is in
>> the current 3.0 code causing a regression.
>> 
>> There are differences of opinion on how this should be handled. Some
>> have the opinion that we should change the model so that we explicitly
>> allow private keys to exists without the public components. Others feel
>> that we should continue with the old model.
>> 
>> It seems we need a vote to decide this. Here is my proposed vote text:
>> 
>> We should change the 3.0 code to explicitly allow private components to
>> exist in keys without the public components also being present.
>> 
>> Feedback please on the proposed vote text.
>> 
>> Matt
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-project/attachments/20201008/1c146cd7/attachment-0001.html>


More information about the openssl-project mailing list