[openssl-dev] [RFC v2 0/2] Proposal for seamless handling of TPM based RSA keys in openssl
James Bottomley
James.Bottomley at HansenPartnership.com
Wed Nov 30 15:24:30 UTC 2016
One of the principle problems of using TPM based keys is that there's
no easy way of integrating them with standard file based keys. This
proposal adds a generic method for handling file based engine keys that
can be loaded as PEM files. Integration into the PEM loader requires a
BIO based engine API callback which the first patch adds. The second
patch checks to see if the key can be loaded by any of the present
engines. Note that this requires that any engine which is to be used
must be present and initialised via openssl.cnf.
I'll also post to this list the patch to openssl_tpm_engine that makes
use if this infrastructure so the integration of the whole can be seen.
It should also be noted that gnutls has had this functionality since
2012.
The patch was done against 1.0.2h for easier testing and you can try it
and the openssl_tpm_engine out (if you run openSUSE) here:
https://build.opensuse.org/project/show/home:jejb1:Tumbleweed
James
---
v2: make bio callback explicit vi new method rather than overloading
keyid
---
James Bottomley (2):
engine: add new bio based method for loading engine keys
pem: load engine keys
crypto/engine/eng_int.h | 1 +
crypto/engine/eng_pkey.c | 38 ++++++++++++++++++++++++++++++++++++++
crypto/engine/engine.h | 17 +++++++++++++++++
crypto/pem/pem_pkey.c | 4 ++++
4 files changed, 60 insertions(+)
More information about the openssl-dev
mailing list