[openssl-dev] [RFC 0/2] Proposal for seamless handling of TPM based RSA keys in openssl
Peter Sylvester Edelweb
peter.sylvester at edelweb.fr
Wed Nov 23 11:58:14 UTC 2016
There is at least one real life HSM engine, that encodes numerical identifiers as "pseudo prime
numbers", you end up with a
RSA private key that has 1 and 2 prime numbers?
No new ASN.1
Best
On 11/23/2016 11:47 AM, Richard Levitte wrote:
> In message <1479894913.8937.58.camel at infradead.org> on Wed, 23 Nov 2016 09:55:13 +0000, David Woodhouse <dwmw2 at infradead.org> said:
>
> dwmw2> On Wed, 2016-11-23 at 09:56 +0100, Richard Levitte wrote:
> dwmw2> >
> dwmw2> >
> dwmw2> > dwmw2> So maybe it's just "content types" that we have handlers for, each with
> dwmw2> > dwmw2> an optional PEM tag for matching, *and* an optional match function
> dwmw2> > dwmw2> which is given the parsed ASN.1 and checks if it's a match.
> dwmw2> >
> dwmw2> > I'm not sure what you mean with a match function... but going off on
> dwmw2> > a limb, how about a reference to an OpenSSL style ASN1 description?
> dwmw2> > So basically, for an imaginary TSS KEY BLOB (one that actually would
> dwmw2> > use that TssBlob definition we talked about earlier), these three
> dwmw2> > items would be specified:
> dwmw2> >
> dwmw2> > "TSS KEY BLOB",
> dwmw2> > ASN1_ITEM_rptr(TSS_BLOB), /* TSS_BLOB ASN1 stuff defined in engine */
> dwmw2> > handler /* Essentially a d2i function */
> dwmw2> >
> Richard
>
More information about the openssl-dev
mailing list