[openssl-dev] [RFC 0/2] Proposal for seamless handling of TPM based RSA keys in openssl
Richard Levitte
levitte at openssl.org
Wed Nov 23 14:21:06 UTC 2016
In message <1479908025.8937.74.camel at infradead.org> on Wed, 23 Nov 2016 13:33:45 +0000, David Woodhouse <dwmw2 at infradead.org> said:
dwmw2> On Wed, 2016-11-23 at 13:13 +0000, Salz, Rich wrote:
dwmw2> > > But, what I get from you is "what if a octet stream matches two different
dwmw2> > > ASN.1 types? Is that it?
dwmw2> >
dwmw2> > Yes among others. How do you know it will *never* happen?
dwmw2>
dwmw2> Because if anyone tries to invent yet *another* ASN.1 form for storing
dwmw2> keys, I am going to personally visit them in the small hours and stick
dwmw2> a bat up their nightshirt?
(let's keep the heat down, shall we?)
dwmw2> Hopefully we don't need to add completely new ones; we can use the
dwmw2> existing PKCS#8 and PKCS#12 containers for new things.
dwmw2>
dwmw2> But even if a new form is invented which is ambiguous with existing
dwmw2> forms, that's OK too. We don't support 'detection' of that new format
dwmw2> by its ASN.1 structure. It'll be PEM-only like the TSS blobs are unless
dwmw2> the type is explicitly specified.
Errr... Now I'm confused. Wasn't that (explicit type spec) exactly
what you didn't want to see, no matter if the file was PEM or raw DER?
--
Richard Levitte levitte at openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
More information about the openssl-dev
mailing list