[openssl-users] openssl-1.1.0b : Getting keys from TPM
Ken Goldman
kgoldman at us.ibm.com
Mon Nov 28 20:13:15 UTC 2016
To read a public key, use the TPM2_ReadPublic command. I have an open
source utility (tpm2pem) that converts that TPM format key to PEM.
If you need the private key, you will have to "duplicate" it to a key
you know and then use that key to decrypt it. It's possible. However,
it defeats the purpose of using the TPM as a hardware key store. It
would be better to use the TPM to do the private key operations.
For a TSS, I offer this, which has an ever expanding set of utilities
and sample programs. Let me know what you need for sample code.
https://sourceforge.net/projects/ibmtpm20tss/?source=navbar
I also suggest debugging with a SW TPM.
https://sourceforge.net/projects/ibmswtpm2/
The tpm2pem utility currently comes with the attestation client and server:
https://sourceforge.net/projects/ibmtpm20acs/
On 11/3/2016 12:02 PM, Zvi Vered wrote:
> Hi Ken,
>
> 1. I mean: read from TPM
>
> 2. In order to create an SSL session with the server, should I need also
> the private key ?
>
> 3. I want to use TPM 2.0
>
>
> On 11/2/2016 11:06 PM, Zvi Vered wrote:
>
>
> I want to use openssl in order to send\receive encrypted
> messages to a
> server.
>
> My Target has TPM.
>
> Can you please explain how to configure the openssl library to take
> public+private keys from TPM ?
>
> Should I use a specific TPM library ?
More information about the openssl-users
mailing list