[openssl-dev] [RFC 0/2] Proposal for seamless handling of TPM based RSA keys in openssl
David Woodhouse
dwmw2 at infradead.org
Tue Nov 22 13:12:14 UTC 2016
On Tue, 2016-11-22 at 14:06 +0100, Richard Levitte wrote:
>
> Not sure I follow... 'file=/foo/bar/key.pem' is just a path /
> parameter that the 'tpmkey' handler is free to interpret in whatever
> way it sees fit. For me as a user, it's just a string. For all I
> care, the URI could just as well be 'tpmkey:id=L2Zvby9iYXIva2V5LnBlbQ=='
> That doesn't say anything about the contents of /foo/bar/key.pem, not
> more than file:/foo/bar/key.pem does, or even if there actually is a
> file /foo/bar/key.pem. Maybe I misunderstand what you're after...
Where files are involved, I do not want the application to be told:
pkcs8:/foo/bar/key
pkcs1:/foo/bar/key
pkcs12:/foo/bar/key or
tpmkey:/foo/bar/key
I only want the application to be told "/foo/bar/key"
It should work out what the contents are for *itself*. Whether they be
PEM, DER, PKCS#n, TPM-wrapped blobs, or anything else.
And if the string it's given *isn't* a filename but is instead a
PKCS#11 URI or a TPM URI according to Nikos's spec, that should Just
Work too.
User pass string identifying key. Application Just Work™. dwmw2 happy.
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5760 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20161122/6e3d76f8/attachment.bin>
More information about the openssl-dev
mailing list