[openssl-dev] [PATCH 1/1] add TPM2 version of create_tpm2_key and libtpm2.so engine
James Bottomley
James.Bottomley at HansenPartnership.com
Mon Jan 2 16:50:24 UTC 2017
On Mon, 2017-01-02 at 17:38 +0100, Kurt Roeckx wrote:
> On Sat, Dec 31, 2016 at 02:52:43PM -0800, James Bottomley wrote:
> > This patch adds RSA signing for TPM2 keys. There's a limitation to
> > the way TPM2 does signing: it must recognise the OID for the
> > signature. That fails for the MD5-SHA1 signatures of the TLS/SSL
> > certificate verification protocol, so I'm using RSA_Decrypt for
> > both signing (encryption) and decryption ... meaning that this only
> > works with TPM decryption keys. It is possible to use the prior
> > code, which preserved the distinction of signing and decryption
> > keys, but only at the expense of not being able to support SSL or
> > TLS lower than 1.2
>
> Please submit patches via github.
Um, that's not really possible given that openssl_tpm_engine is a
sourceforge project.
James
More information about the openssl-dev
mailing list