Well, it's been a while since I looked at the PKCS11 KeyStore impl. I recall the private key and its public counterpart generally share some kind of attribute or label (CKA_ID?) to identify they are related. If this particular attribute is non-empty, maybe it can be used to search for the public key.
Valerie -----Original Message----- From: Wei-Jun Wang <weijun.w...@oracle.com> Sent: Monday, December 9, 2024 5:07 AM To: security-dev@openjdk.org Cc: Valerie Peng <valerie.p...@oracle.com>; Martin Balao <mba...@redhat.com>; Daniel Jeliński <djelins...@gmail.com> Subject: How to get public key from private key in PKCS #11 Hi PKCS #11 gurus, DHKEM [1] requires a function Pk(skX): The KEM public key corresponding to the KEM private key skX. "The notation pk(skX), depending on its use and the KEM and its implementation, is either the computation of the public key using the private key, or just syntax expressing the retrieval of the public key, assuming it is stored along with the private key object." For the software side, I can calculate the public key [2] from the private key. How can I do this in PKCS #11? Thanks, Weijun [1] https://www.rfc-editor.org/rfc/rfc9180.html#name-notation [2] https://github.com/openjdk/jdk/blob/adca97b659d725b0dd320322297dcbd1b443a047/src/java.base/share/classes/sun/security/ec/ECPrivateKeyImpl.java#L209
