<div dir="ltr"><div><div><div>Hi Kaarhik,<br><br></div>Please refer <a href="https://github.com/ThomasHabets/openssl-tpm-engine">https://github.com/ThomasHabets/openssl-tpm-engine</a>. It is OpenSSL TPM Engine. It will help to offload all crypto operation to TPM. <br><br></div>Regards,<br></div>Devang.<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jul 24, 2018 at 4:48 PM, Kaarthik Sivakumar <span dir="ltr"><<a href="mailto:kaarthik.sk@gmail.com" target="_blank">kaarthik.sk@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>Hello</p>
<p>I need to create a key pair using a TPM (proprietary) and build a
CSR and sign it using it the TPM as well. Currently I dont have an
engine interface to talk to the TPM. I do the following:</p>
<p>1. generate key pair in the TPM. private key is kept private in
the TPM and public key can be obtained out of the TPM</p>
<p>2. use the public key to generate a CSR (X509_REQ_init(), etc)<br>
</p>
<p>3. Get the hash of the CSR (X509_REQ_digest())</p>
<p>4. Pass the digest to the TPM and get back signature</p>
<p>5. Add signature to the CSR - I dont see any way to do this. Is
there an openssl API to perform this step? I dont think I can use
X509_REQ_sign() since that will use the private key provided or if
I have an engine interface then it will call the engine to do the
signing. Is there a way to call sign() and make it call my
function that can do the step 4 above?</p>
<p>Thanks!<span class="HOEnZb"><font color="#888888"><br>
</font></span></p><span class="HOEnZb"><font color="#888888">
<div class="m_8919110512760615863moz-signature"><br>
-kaarthik-<br>
<br>
</div>
</font></span></div>
<br>-- <br>
openssl-users mailing list<br>
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/<wbr>mailman/listinfo/openssl-users</a><br>
<br></blockquote></div><br></div>