[openssl-users] OpenSSL engine and TPM usage.

Michael Richardson mcr at sandelman.ca
Thu Oct 26 00:37:26 UTC 2017

Jakob Bohm <jb-openssl at wisemo.com> wrote:
    >> I wanted to know when we use engine instance for encyrption/decryption
    >> operation, can it be done selectively?

    > Please beware that many TPM chips were recently discovered to contain a
    > broken RSA key generation algorithm, so public/private key pairs keys
    > to be stored in the TPM should probably be generated off-chip (using
    > the OpenSSL software key generator) and imported into the chip,
    > contrary to what would have been best security practice without this
    > firmware bug.

wow, further evidence that everything needs an upgrade path.

]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr at sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171025/982c418d/attachment.sig>

More information about the openssl-users mailing list