[openssl-users] Using a TPM to sign CSRs
bill.c.roberts at gmail.com
Sat Jul 28 21:10:09 UTC 2018
On Sat, Jul 28, 2018, 09:13 Devang Kubavat <digant.kubavat at gmail.com> wrote:
> Hi Kaarhik,
> Please refer https://github.com/ThomasHabets/openssl-tpm-engine. It is
> OpenSSL TPM Engine. It will help to offload all crypto operation to TPM.
Is this for tpm2.0?
> On Tue, Jul 24, 2018 at 4:48 PM, Kaarthik Sivakumar <kaarthik.sk at gmail.com
> > wrote:
>> I need to create a key pair using a TPM (proprietary) and build a CSR and
>> sign it using it the TPM as well. Currently I dont have an engine interface
>> to talk to the TPM. I do the following:
>> 1. generate key pair in the TPM. private key is kept private in the TPM
>> and public key can be obtained out of the TPM
>> 2. use the public key to generate a CSR (X509_REQ_init(), etc)
>> 3. Get the hash of the CSR (X509_REQ_digest())
>> 4. Pass the digest to the TPM and get back signature
>> 5. Add signature to the CSR - I dont see any way to do this. Is there an
>> openssl API to perform this step? I dont think I can use X509_REQ_sign()
>> since that will use the private key provided or if I have an engine
>> interface then it will call the engine to do the signing. Is there a way to
>> call sign() and make it call my function that can do the step 4 above?
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users