"-----BEGIN COMPOSITE PRIVATE KEY-----" do we need the equiv PUBLIC KEY?

EntrustCorporation / draft-ounsworth-composite-sigs

DEPRECATED REPO - moved to https://github.com/lamps-wg/draft-composite-sigs

Other

5 stars 4 forks source link

"-----BEGIN COMPOSITE PRIVATE KEY-----" do we need the equiv PUBLIC KEY? #49

Closed ounsworth closed 5 years ago

ounsworth commented 5 years ago

Or should we go with `-----BEGIN PRIVATE KEY-----"

apparently this is the newer way?

ounsworth commented 5 years ago

@danvangeest Did you address this in pull request #51 ?

danvangeest commented 5 years ago

I didn't, my change added an "ENCRYPTED" to "PRIVATE KEY". We should probably actually determine whether we need an explicit "COMPOSITE PUBLIC/PRIVATE KEY" or whether we can just use the existing generic "PUBLIC/PRIVATE KEY"

csosto-pk commented 5 years ago

The private key has the Algorithm Identifier in the OID, so we can stick with the generic BEGIN PRIVATE KEY imo.

danvangeest commented 5 years ago

To add to this, since I was just working it out in my head myself, BEGIN PUBLIC/PRIVATE KEY is PKCS#8 and contains the base64 encoding of the following DER structures:

PublicKeyInfo ::= SEQUENCE {
  algorithm       AlgorithmIdentifier,
  PublicKey       BIT STRING
}

PrivateKeyInfo ::= SEQUENCE {
  version         Version,
  algorithm       AlgorithmIdentifier,
  PrivateKey      OCTET STRING
}

BEGIN COMPOSITE PUBLIC/PRIVATE KEY is similar to the non-generic PKCS#1 format, so we should probably avoid it.

So the draft should remove any BEGIN COMPOSITE stuff and maybe just reference the way of doing it in PKCS#8 instead.

ounsworth commented 5 years ago

Note that I think I've cleaned this up in pull request #57

@danvangeest Can you take a look and see if my edit agrees with your expectation?