<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">

<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>

</head>

<body dir="ltr">

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">

Dear Dmitry,</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">

<br>

</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">

<br>

</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">

I just submitted a new issue, #16256.<br>

<br>

<br>

Thank you,</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">

<br>

</div>

<div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Nestor Melo</div>

<div id="Signature">

<div>

<div id="divtagdefaultwrapper" dir="ltr" style="font-size: 12pt; font-family: Calibri, Arial, Helvetica, sans-serif; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">

</div>

</div>

</div>

</div>

<div id="appendonsend"></div>

<hr style="display:inline-block;width:98%" tabindex="-1">

<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Dmitry Belyavsky <beldmit@gmail.com><br>

<b>Sent:</b> Friday, August 6, 2021 12:21 PM<br>

<b>To:</b> Nestor Melo <Nestor.Melo@zpesystems.com><br>

<b>Cc:</b> openssl-users@openssl.org <openssl-users@openssl.org><br>

<b>Subject:</b> Re: Public key from TSS2 private key with OpenSSL 3.0.0-beta2</font>

<div> </div>

</div>

<div>

<div dir="ltr">

<div>Dear Nestor,</div>

<div><br>

</div>

Could you please fill an issue on GitHub?

<div>It's much simpler for us to follow the issues there.</div>

</div>

<br>

<div class="x_gmail_quote">

<div dir="ltr" class="x_gmail_attr">On Fri, Aug 6, 2021 at 9:13 PM Nestor Melo <<a href="mailto:Nestor.Melo@zpesystems.com">Nestor.Melo@zpesystems.com</a>> wrote:<br>

</div>

<blockquote class="x_gmail_quote" style="margin:0px 0px 0px 0.8ex; border-left:1px solid rgb(204,204,204); padding-left:1ex">

<div dir="ltr">

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">

Greetings,</div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">

<br>

</div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">

<br>

We use a TPM2 device to generate private keys with tpm2-tss-engine:<br>

<a href="https://github.com/tpm2-software/tpm2-tss-engine" target="_blank" style="margin:0px">https://github.com/tpm2-software/tpm2-tss-engine</a><br>

</div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">

<br>

</div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">

While attempting to extract the public key from a TSS2 private key using OpenSSL 3.0.0-beta2 and tpm2-tss-engine, I received a message "PEM format not supported":<br>

<br>

openssl rsa -engine libtpm2tss -inform engine -in privkey.pem -pubout -outform PEM -out pubkey.pem

<div>Engine "tpm2tss" set.</div>

<div>writing RSA key</div>

PEM format not supported<br>

</div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">

<br>

</div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">

<span style="margin:0px; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">Although it is recommended to use providers instead of engines with OpenSSL 3.0.0, are engines still supported? Should the above operation be expected to work?</span><br>

<span style="margin:0px; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)"></span><br>

</div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">

Here is an example of a private key was generated with tpm2-tss-engine's tpm2tss-genkey:<br>

</div>

-----BEGIN TSS2 PRIVATE KEY-----

<div>MIIB8gYGZ4EFCgEDoAMBAQECBEAAAAEEggEYARYAAQALAAYEcgAAABAAEAgAAAEA</div>

<div>AQEAmT8O+ikRX5eTRUsDXrBAephW1YLEITkKxviFzIxF7R1K1jlDIXI8PKhc6tUE</div>

<div>sEDfgTNtldmc3nxPmJBxeAzIQrGAAUjGY74xtvbe6T6muU9FHGVpw1e3LelewFCQ</div>

<div>yR+t36GaOBY+S4Bc0DC0KhSoFakiwYt2vtQvm0W54cwxg7B4aSfcBUNHFPB5J90c</div>

<div>ere/o20QpNvb7mw/kwvoTSzsyQT5qMZALKZeRFZ42991dGWJpnfC30xieXCMoD7z</div>

<div>x5hhc5Uf5EbFtxeWaT2HTfs0h0OxigQSjXdmCJPeJVoMPOoF2FK+PbZwPn2UDKyo</div>

<div>SqhsmZ+9hvkUWylDYiXfm24TUwSBwAC+ACDJpk4p0h4Q3UEtwph3oNy5xR7hya4S</div>

<div>XHqabuThC+xX1AAQDTukmp9lruULdnZALN1Lyw1AMw+7F2BBx786jjOmg9rX+umB</div>

<div>ffGZSs187UAjmfe98XUk9oNsZkgB7HEsDRIOXoET+9R0KI48whV3Z/Kwag+UmErL</div>

<div>KRTOl5zEUenbQi8/CBDVpuxKMyKl6tYc38iNh2rA8Eju9tv+x6kPv/5/JxmXSpgQ</div>

<div>rCSHxBQFxnnITejU/RMqCHMZpCly2A==</div>

<span>-----END TSS2 PRIVATE KEY-----</span>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">

<br>

</div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">

If I use instead the TPM2 provider tpm2-openssl<br>

<a href="https://github.com/tpm2-software/tpm2-openssl" target="_blank" style="margin:0px">https://github.com/tpm2-software/tpm2-openssl</a><br>

<br>

</div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">

the command </div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">

openssl rsa -provider tpm2 -in privkey.pem -pubout -outform PEM -out pubkey.pem<br>

</div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">

<br>

</div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">

works, producing:<br>

-----BEGIN PUBLIC KEY-----

<div>MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmT8O+ikRX5eTRUsDXrBA</div>

<div>ephW1YLEITkKxviFzIxF7R1K1jlDIXI8PKhc6tUEsEDfgTNtldmc3nxPmJBxeAzI</div>

<div>QrGAAUjGY74xtvbe6T6muU9FHGVpw1e3LelewFCQyR+t36GaOBY+S4Bc0DC0KhSo</div>

<div>FakiwYt2vtQvm0W54cwxg7B4aSfcBUNHFPB5J90cere/o20QpNvb7mw/kwvoTSzs</div>

<div>yQT5qMZALKZeRFZ42991dGWJpnfC30xieXCMoD7zx5hhc5Uf5EbFtxeWaT2HTfs0</div>

<div>h0OxigQSjXdmCJPeJVoMPOoF2FK+PbZwPn2UDKyoSqhsmZ+9hvkUWylDYiXfm24T</div>

<div>UwIDAQAB</div>

<span>-----END PUBLIC KEY-----</span></div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">

<br>

</div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">

<div></div>

</div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">

<br>

</div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">

Thank you,<br>

<br>

Nestor Melo<br>

<br>

</div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">

<br>

</div>

<div>

<div id="x_gmail-m_-2490613836053365128Signature">

<div>

<div id="x_gmail-m_-2490613836053365128divtagdefaultwrapper" dir="ltr" style="font-size:12pt; font-family:Calibri,Arial,Helvetica,sans-serif; color:rgb(0,0,0); background-color:rgb(255,255,255)">

</div>

</div>

</div>

</div>

</div>

</blockquote>

</div>

<br clear="all">

<div><br>

</div>

-- <br>

<div dir="ltr" class="x_gmail_signature">SY, Dmitry Belyavsky</div>

</div>

</body>

</html>