To read a public key, use the TPM2_ReadPublic command. I have an open
source utility (tpm2pem) that converts that TPM format key to PEM.
If you need the private key, you will have to "duplicate" it to a key
you know and then use that key to decrypt it. It's possible. However,
it defeats the purpose of using the TPM as a hardware key store. It
would be better to use the TPM to do the private key operations.
For a TSS, I offer this, which has an ever expanding set of utilities
and sample programs. Let me know what you need for sample code.
https://sourceforge.net/projects/ibmtpm20tss/?source=navbar
I also suggest debugging with a SW TPM.
https://sourceforge.net/projects/ibmswtpm2/
The tpm2pem utility currently comes with the attestation client and server:
https://sourceforge.net/projects/ibmtpm20acs/
On 11/3/2016 12:02 PM, Zvi Vered wrote:
Hi Ken,
1. I mean: read from TPM
2. In order to create an SSL session with the server, should I need also
the private key ?
3. I want to use TPM 2.0
On 11/2/2016 11:06 PM, Zvi Vered wrote:
I want to use openssl in order to send\receive encrypted
messages to a
server.
My Target has TPM.
Can you please explain how to configure the openssl library to take
public+private keys from TPM ?
Should I use a specific TPM library ?
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
