[kmf-discuss] Create and Store Key APIs

Massimiliano Pala pala at cs.dartmouth.edu
Mon Mar 19 07:57:42 PDT 2007 

Hi Wyllys,

I completely agree with you, this could be very handy for applications
that, for example, need to create a key but they do not want to save it
in a store but, for example, in a file.

One question, for storing/retrieving keys on file, is the pkcs12 the
only export format ?

Cheers,
Max


Wyllys Ingersoll wrote:
> I've had a look at the code and based on Max's suggestions, I think
> some fixes are needed.
> 
> #1 - It should be optional for CreateKeypair to actually store the
>      keys in the keystore as they are created.  The alternative is
>      to just create them in memory and let the caller store them
>      later.
> 
> #2 - #1 leads to another problem, we don't have separate APIs for
>      storing keys.  We have a KMF_StorePrivateKey() function, but
>      it is only for raw asymmetric Private keys, it won't work with
>      a standard KMF_KEY_HANDLE nor will it work with public keys.
>      I think we need a KMF_StoreKey() API that looks like this:
>      KMF_RETURN
> 	KMF_StoreKey(KMF_HANDLE_T kmfhandle,
> 		KMF_STOREKEY_PARAMS *params,
> 		KMF_KEY_HANDLE *kmfkey);
> 
>      This could be used to store public or private keys in any of the
>      supported keystores.
> 
> Fixing these 2 issues would allow a program to create keys in memory
> and store them later.
> 
> #3 - KMF_StorePrivateKey() should probably go away or perhaps
>      be renamed KMF_StoreRawPrivateKey to make it clear that it has
>      a very specific usage.
> 
> Thoughts ?
> 
> - Wyllys
> 
> _______________________________________________
> kmf-discuss mailing list
> kmf-discuss at opensolaris.org
> http://mail.opensolaris.org/mailman/listinfo/kmf-discuss
> 


-- 

Best Regards,

	Massimiliano Pala

--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager]            pala at cs.dartmouth.edu
                                                  project.manager at openca.org

Dartmouth Computer Science Dept               Home Phone: +1 (603) 397-3883
PKI/Trust - Office 063                        Work Phone: +1 (603) 646-9179
--o------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3088 bytes
Desc: S/MIME Cryptographic Signature
Url : http://oss-beta1.opensolaris.org/pipermail/kmf-discuss/attachments/20070319/6f3dca6e/attachment.bin

More information about the kmf-discuss mailing list