PKCS#11
|
| Cryptographic Token Interface Standard |
PKCS#11 |
EC (also related to ECDSA) public key objects (object class CKO_PUBLIC_KEY, key type CKK_EC or CKK_ECDSA) hold EC public keys. See Section 12.3 for more information about EC. The following table defines the EC public key object attributes, in addition to the common attributes listed in Table 15 , Table 19 , Table 25 , and Table 26 :
Table 30, Elliptic Curve Public Key Object Attributes
| Attribute | Data type | Meaning |
| CKA_EC_PARAMS1,3 (CKA_ECDSA_PARAMS) | Byte array | DER-encoding of an ANSI X9.62 Parameters value |
| CKA_EC_POINT1,4 | Byte array | DER-encoding of ANSI X9.62 ECPoint value Q |
The CKA_EC_PARAMS or CKA_ECDSA_PARAMS attribute value is known as the "EC domain parameters" and is defined in ANSI X9.62 as a choice of three parameter representation methods with the following syntax:
Parameters ::= CHOICE {
ecParametersECParameters,
namedCurveCURVES.&id({CurveNames}),
implicitlyCANULL
}
This allows detailed specification of all required values using choice ecParameters, the use of a namedCurve as an object identifier substitute for a particular set of elliptic curve domain parameters, or implicitlyCA to indicate that the domain parameters are explicitly defined elsewhere. The use of a namedCurve is recommended over the choice ecParameters. The choice implicitlyCA must not be used in Cryptoki.
The following is a sample template for creating an EC (ECDSA) public key object:
CK_OBJECT_CLASS class = CKO_PUBLIC_KEY; CK_KEY_TYPE keyType = CKK_EC; CK_UTF8CHAR label[] = "An EC public key object"; CK_BYTE ecParams[] = {...}; CK_BYTE ecPoint[] = {...}; CK_BBOOL true = TRUE; CK_ATTRIBUTE template[] = { {CKA_CLASS, &class, sizeof(class)}, {CKA_KEY_TYPE, &keyType, sizeof(keyType)}, {CKA_TOKEN, &true, sizeof(true)}, {CKA_LABEL, label, sizeof(label)-1}, {CKA_EC_PARAMS, ecParams, sizeof(ecParams)}, {CKA_EC_POINT, ecPoint, sizeof(ecPoint)} };