[openssl-dev] [RFC 0/2] Proposal for seamless handling of TPM based RSA keys in openssl
Richard Levitte
levitte at openssl.org
Tue Nov 22 15:07:01 UTC 2016
In message <da958b9e865a4268b95fd3e0b07742ff at usma1ex-dag1mb1.msg.corp.akamai.com> on Tue, 22 Nov 2016 14:42:35 +0000, "Salz, Rich" <rsalz at akamai.com> said:
rsalz> > dwmw2> It should work out what the contents are for *itself*. Whether
rsalz> > dwmw2> they be PEM, DER, PKCS#n, TPM-wrapped blobs, or anything else.
rsalz>
rsalz> I disagree with this approach, but that's just my opinion. I am worried about "keep trying something until it works" because you'll get strange errors you can't decode, 'only allow N tries' devices will lock you out, and the order in which you try things could result in needless long delays.
rsalz>
rsalz> But don't let that stop you.
I *think* the guessing part is just about the step of loading the file
content and transparently understanding what type of content it is.
That's basically looking at a bunch of bytes and recognising it for
what it is. When that's done, the trial and error phase is over, and
for stuff that libcrypto has support for, libcrypto will be able to
act, deterministically.
>From the application point of view, this would be just one call, but
we are talking OpenSSL internals now, aren't we?
David, correct me if I got you wrong.
Cheers,
Richard
--
Richard Levitte levitte at openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
More information about the openssl-dev
mailing list