[openssl-dev] [RFC 0/2] Proposal for seamless handling of TPM based RSA keys in openssl
Richard Levitte
levitte at openssl.org
Tue Nov 22 15:14:15 UTC 2016
In message <1479823032.8937.37.camel at infradead.org> on Tue, 22 Nov 2016 13:57:12 +0000, David Woodhouse <dwmw2 at infradead.org> said:
dwmw2> On Tue, 2016-11-22 at 14:18 +0100, Richard Levitte wrote:
dwmw2> >
dwmw2> > Just let me shamelessly mention my STORE effort again ;-)
dwmw2> > Among others, it does attempt to solve that very problem (in the
dwmw2> > 'file' scheme handler).
dwmw2>
dwmw2> Neat. Note that I have a ready-made test suite for you in OpenConnect:
dwmw2> http://git.infradead.org/users/dwmw2/openconnect.git/blob/HEAD:/tests/Makefile.am
dwmw2>
dwmw2> For every one of the key files therein, does your current
dwmw2> implementation work? :)
dwmw2>
dwmw2> (Yeah, I need to sort out the tpm emulator in the test environment,
dwmw2> then add some -----BEGIN TSS KEY BLOB----- files too :)
All I can see is PEM files... For any PEM content that OpenSSL
supports, the STORE 'file' scheme loader does as well. That's just a
one liner, quite precisely this one:
https://github.com/openssl/openssl/pull/1962/files#diff-34958ca30387ac75fa5011f98c18b3baR69
The more interesting part is when it tries to load files it guesses
are raw DER. It's currently only trying a few chosen content types,
I'm happy to add more as time goes. However, I suspect that nothing
in your test suite will trigger that part.
TSS KEY BLOBs is a different thing. That needs added PEM support, and
the STORE 'file' scheme loader will not have to be changed at all.
Cheers,
Richard
--
Richard Levitte levitte at openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
More information about the openssl-dev
mailing list