[openssl-users] Using a TPM to sign CSRs
digant.kubavat at gmail.com
Sat Jul 28 16:13:00 UTC 2018
Please refer https://github.com/ThomasHabets/openssl-tpm-engine. It is
OpenSSL TPM Engine. It will help to offload all crypto operation to TPM.
On Tue, Jul 24, 2018 at 4:48 PM, Kaarthik Sivakumar <kaarthik.sk at gmail.com>
> I need to create a key pair using a TPM (proprietary) and build a CSR and
> sign it using it the TPM as well. Currently I dont have an engine interface
> to talk to the TPM. I do the following:
> 1. generate key pair in the TPM. private key is kept private in the TPM
> and public key can be obtained out of the TPM
> 2. use the public key to generate a CSR (X509_REQ_init(), etc)
> 3. Get the hash of the CSR (X509_REQ_digest())
> 4. Pass the digest to the TPM and get back signature
> 5. Add signature to the CSR - I dont see any way to do this. Is there an
> openssl API to perform this step? I dont think I can use X509_REQ_sign()
> since that will use the private key provided or if I have an engine
> interface then it will call the engine to do the signing. Is there a way to
> call sign() and make it call my function that can do the step 4 above?
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users