<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hello</p>
<p>I need to create a key pair using a TPM (proprietary) and build a
CSR and sign it using it the TPM as well. Currently I dont have an
engine interface to talk to the TPM. I do the following:</p>
<p>1. generate key pair in the TPM. private key is kept private in
the TPM and public key can be obtained out of the TPM</p>
<p>2. use the public key to generate a CSR (X509_REQ_init(), etc)<br>
</p>
<p>3. Get the hash of the CSR (X509_REQ_digest())</p>
<p>4. Pass the digest to the TPM and get back signature</p>
<p>5. Add signature to the CSR - I dont see any way to do this. Is
there an openssl API to perform this step? I dont think I can use
X509_REQ_sign() since that will use the private key provided or if
I have an engine interface then it will call the engine to do the
signing. Is there a way to call sign() and make it call my
function that can do the step 4 above?</p>
<p>Thanks!<br>
</p>
<div class="moz-signature"><br>
-kaarthik-<br>
<br>
</div>
</body>
</html>