Re: openssl-1.1.0b : Getting keys from TPM

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



To read a public key, use the TPM2_ReadPublic command. I have an open source utility (tpm2pem) that converts that TPM format key to PEM.

If you need the private key, you will have to "duplicate" it to a key you know and then use that key to decrypt it. It's possible. However, it defeats the purpose of using the TPM as a hardware key store. It would be better to use the TPM to do the private key operations.

For a TSS, I offer this, which has an ever expanding set of utilities and sample programs. Let me know what you need for sample code.

https://sourceforge.net/projects/ibmtpm20tss/?source=navbar

I also suggest debugging with a SW TPM.

https://sourceforge.net/projects/ibmswtpm2/

The tpm2pem utility currently comes with the attestation client and server:

https://sourceforge.net/projects/ibmtpm20acs/

On 11/3/2016 12:02 PM, Zvi Vered wrote:
Hi Ken,

1. I mean: read from TPM

2. In order to create an SSL session with the server, should I need also
the private key ?

3. I want to use TPM 2.0


    On 11/2/2016 11:06 PM, Zvi Vered wrote:


        I want to use openssl in order to send\receive encrypted
        messages to a
        server.

        My Target has TPM.

        Can you please explain how to configure the openssl library to take
        public+private keys from TPM ?

        Should I use a specific TPM library ?


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux