What format does tinkey give when requesting a public key? Is it pem or der?

tink-crypto / tink-tinkey

Utility that allows generating and manipulating Tink keysets

Apache License 2.0

14 stars 1 forks source link

What format does tinkey give when requesting a public key? Is it pem or der? #2

Closed ColtonIdle closed 3 months ago

ColtonIdle commented 7 months ago

I don't see a place for "Discussions" on this github repo, so please excuse my usage question here.

I am generating a HPKE private key, and then I request the public key via tinkey create-public-keyset --in-format=json --in=blah.json and it gives me json with a field called value. I'm assuming that's my private key, but I just need to know what form that value is. pem or der. I'm still new to crypto so maybe its a dumb question but I appreciate any pointers. thansk

juergw commented 3 months ago

The "value" field is a base64 encoded serialization of the "HpkePrivateKey" message, that is defined here: https://github.com/tink-crypto/tink-cc/blob/main/proto/hpke.proto. That proto contains both the private and the public key serialized as defined by the HPKE standard (see https://www.rfc-editor.org/rfc/rfc9180.html#name-cryptographic-dependencies), and some additional metadata, such as which KEM, KDF and AEAD is used.

juergw commented 3 months ago

Sorry, my answer was not correct, Since you're requesting the public keyset, the "value" field in the key should be the serialization of the "HpkePublicKey", and not "HpkePrivateKey".

ColtonIdle commented 3 months ago

Thanks for the response!