[openssl-dev] [RFC 0/2] Proposal for seamless handling of TPM based RSA keys in openssl
Richard Levitte
levitte at openssl.org
Tue Nov 22 16:21:42 UTC 2016
In message <1479830167.8937.43.camel at infradead.org> on Tue, 22 Nov 2016 15:56:07 +0000, David Woodhouse <dwmw2 at infradead.org> said:
dwmw2> On Tue, 2016-11-22 at 16:32 +0100, Richard Levitte wrote:
dwmw2> > In message <1479815862.8937.22.camel at infradead.org> on Tue, 22 Nov 2016 11:57:42 +0000, David Woodhouse <dwmw2 at infradead.org> said:
dwmw2> >
dwmw2> > dwmw2> Besides, it requires files in the form described by the Portable Data
dwmw2> > dwmw2> section of the TSS (1.2) spec. That's a SEQUENCE with a blob type
dwmw2> > dwmw2> (which is mostly redundant as in this case we're always talking about
dwmw2> > dwmw2> key blobs), the blob length (which is entirely redundant) and then the
dwmw2> > dwmw2> actual blob as an OCTET STRING. I don't know of any tool which actually
dwmw2> > dwmw2> creates such files.
dwmw2> >
dwmw2> > I'm just having a look at the spec (page 151 in
dwmw2> > http://www.trustedcomputinggroup.org/wp-content/uploads/TSS_1_2_Errata_A-final.pdf),
dwmw2> > and am a bit confused by the TssBlobType type. Which is it in
dwmw2> > practice, an ENUMERATED or an INTEGER?
dwmw2>
dwmw2> In practice, it doesn't get used at all. The object encoded with
dwmw2> -----BEGIN TSS KEY BLOB----- and used by both the OpenSSL TPM ENGINE
dwmw2> and by GnuTLS is not the TssBlob object that you're looking at.
dwmw2>
dwmw2> It is *only* the OCTET STRING of the blob itself. Everything else is
dwmw2> redundant anyway.
Oh! Ok, that makes things much simpler (at least in a way)
--
Richard Levitte levitte at openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
More information about the openssl-dev
mailing list