Public key from TSS2 private key with OpenSSL 3.0.0-beta2

Dmitry Belyavsky beldmit at gmail.com
Fri Aug 6 19:21:23 UTC 2021


Dear Nestor,

Could you please fill an issue on GitHub?
It's much simpler for us to follow the issues there.

On Fri, Aug 6, 2021 at 9:13 PM Nestor Melo <Nestor.Melo at zpesystems.com>
wrote:

> Greetings,
>
>
> We use a TPM2 device to generate private keys with tpm2-tss-engine:
> https://github.com/tpm2-software/tpm2-tss-engine
>
> While attempting to extract the public key from a TSS2 private key using
> OpenSSL 3.0.0-beta2 and tpm2-tss-engine, I received a message "PEM format
> not supported":
>
> openssl rsa -engine libtpm2tss -inform engine -in privkey.pem -pubout
> -outform PEM -out pubkey.pem
> Engine "tpm2tss" set.
> writing RSA key
> PEM format not supported
>
> Although it is recommended to use providers instead of engines with
> OpenSSL 3.0.0, are engines still supported? Should the above operation be
> expected to work?
>
> Here is an example of a private key was generated with tpm2-tss-engine's
> tpm2tss-genkey:
> -----BEGIN TSS2 PRIVATE KEY-----
> MIIB8gYGZ4EFCgEDoAMBAQECBEAAAAEEggEYARYAAQALAAYEcgAAABAAEAgAAAEA
> AQEAmT8O+ikRX5eTRUsDXrBAephW1YLEITkKxviFzIxF7R1K1jlDIXI8PKhc6tUE
> sEDfgTNtldmc3nxPmJBxeAzIQrGAAUjGY74xtvbe6T6muU9FHGVpw1e3LelewFCQ
> yR+t36GaOBY+S4Bc0DC0KhSoFakiwYt2vtQvm0W54cwxg7B4aSfcBUNHFPB5J90c
> ere/o20QpNvb7mw/kwvoTSzsyQT5qMZALKZeRFZ42991dGWJpnfC30xieXCMoD7z
> x5hhc5Uf5EbFtxeWaT2HTfs0h0OxigQSjXdmCJPeJVoMPOoF2FK+PbZwPn2UDKyo
> SqhsmZ+9hvkUWylDYiXfm24TUwSBwAC+ACDJpk4p0h4Q3UEtwph3oNy5xR7hya4S
> XHqabuThC+xX1AAQDTukmp9lruULdnZALN1Lyw1AMw+7F2BBx786jjOmg9rX+umB
> ffGZSs187UAjmfe98XUk9oNsZkgB7HEsDRIOXoET+9R0KI48whV3Z/Kwag+UmErL
> KRTOl5zEUenbQi8/CBDVpuxKMyKl6tYc38iNh2rA8Eju9tv+x6kPv/5/JxmXSpgQ
> rCSHxBQFxnnITejU/RMqCHMZpCly2A==
> -----END TSS2 PRIVATE KEY-----
>
> If I use instead the TPM2 provider tpm2-openssl
> https://github.com/tpm2-software/tpm2-openssl
>
> the command
> openssl rsa -provider tpm2 -in privkey.pem -pubout -outform PEM -out
> pubkey.pem
>
> works, producing:
> -----BEGIN PUBLIC KEY-----
> MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmT8O+ikRX5eTRUsDXrBA
> ephW1YLEITkKxviFzIxF7R1K1jlDIXI8PKhc6tUEsEDfgTNtldmc3nxPmJBxeAzI
> QrGAAUjGY74xtvbe6T6muU9FHGVpw1e3LelewFCQyR+t36GaOBY+S4Bc0DC0KhSo
> FakiwYt2vtQvm0W54cwxg7B4aSfcBUNHFPB5J90cere/o20QpNvb7mw/kwvoTSzs
> yQT5qMZALKZeRFZ42991dGWJpnfC30xieXCMoD7zx5hhc5Uf5EbFtxeWaT2HTfs0
> h0OxigQSjXdmCJPeJVoMPOoF2FK+PbZwPn2UDKyoSqhsmZ+9hvkUWylDYiXfm24T
> UwIDAQAB
> -----END PUBLIC KEY-----
>
>
> Thank you,
>
> Nestor Melo
>
>
>

-- 
SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210806/bbc868a3/attachment-0001.html>


More information about the openssl-users mailing list