[openssl-users] OpenSSL engine and TPM usage.
michael at stroeder.com
Thu Oct 26 07:33:49 UTC 2017
Michael Richardson wrote:
> Jakob Bohm <jb-openssl at wisemo.com> wrote:
> >> I wanted to know when we use engine instance for encyrption/decryption
> >> operation, can it be done selectively?
> > Please beware that many TPM chips were recently discovered to contain a
> > broken RSA key generation algorithm, so public/private key pairs keys
> > to be stored in the TPM should probably be generated off-chip (using
> > the OpenSSL software key generator) and imported into the chip,
> > contrary to what would have been best security practice without this
> > firmware bug.
> wow, further evidence that everything needs an upgrade path.
From the viewpoint of hardware vendors the upgrade path is selling new
hardware. It's simply like that. Not very sustainable...
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3829 bytes
Desc: S/MIME Cryptographic Signature
More information about the openssl-users