[openssl-dev] [RFC v2 0/2] Proposal for seamless handling of TPM based RSA keys in openssl
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Wed Nov 30 21:18:40 UTC 2016
On 11/30/16, 10:24 AM, "openssl-dev on behalf of James Bottomley" <openssl-dev-bounces at openssl.org on behalf of James.Bottomley at HansenPartnership.com> wrote:
> One of the principle problems of using TPM based keys is that there's
> no easy way of integrating them with standard file based keys.
Why should token- and/or TPM-based keys be integrated with file-based keys? OpenSSL and its engines need/should accept URI pointing at the keys. Pointing them at files containing some proprietary reference to keys that are kept in hardware does not seem to make sense.
So why is it better to say “…engine –key /some/weird/path/weird-file.pem” than “…engine –key pkcs11:id=02” (or such)?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5211 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20161130/03bfa539/attachment.bin>
More information about the openssl-dev
mailing list