[openssl-users] OpenSSL engine and TPM usage.
Michael Richardson
mcr at sandelman.ca
Thu Oct 26 00:37:26 UTC 2017
Jakob Bohm <jb-openssl at wisemo.com> wrote:
>> I wanted to know when we use engine instance for encyrption/decryption
>> operation, can it be done selectively?
> Please beware that many TPM chips were recently discovered to contain a
> broken RSA key generation algorithm, so public/private key pairs keys
> to be stored in the TPM should probably be generated off-chip (using
> the OpenSSL software key generator) and imported into the chip,
> contrary to what would have been best security practice without this
> firmware bug.
wow, further evidence that everything needs an upgrade path.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] mcr at sandelman.ca http://www.sandelman.ca/ | ruby on rails [
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171025/982c418d/attachment.sig>
More information about the openssl-users
mailing list