[openssl-dev] [PATCH 1/1] add TPM2 version of create_tpm2_key and libtpm2.so engine
Kurt Roeckx
kurt at roeckx.be
Mon Jan 2 16:38:40 UTC 2017
On Sat, Dec 31, 2016 at 02:52:43PM -0800, James Bottomley wrote:
> This patch adds RSA signing for TPM2 keys. There's a limitation to the
> way TPM2 does signing: it must recognise the OID for the signature.
> That fails for the MD5-SHA1 signatures of the TLS/SSL certificate
> verification protocol, so I'm using RSA_Decrypt for both signing
> (encryption) and decryption ... meaning that this only works with TPM
> decryption keys. It is possible to use the prior code, which preserved
> the distinction of signing and decryption keys, but only at the expense
> of not being able to support SSL or TLS lower than 1.2
Please submit patches via github.
Kurt
More information about the openssl-dev
mailing list