On 25/10/2017 19:06, Jayalakshmi bhat wrote:
Hi All,
Our device uses TPM to protect certificate private keys. We have
written engine interface to integrate TPM functionality into OpenSSL.
Thus TPM gets loaded as an engine instance.
Also we have mapped RSA operations to TPM APIS as like
encryption/decryption etc.
Now we are into few issues. there are few applications that wants to
use application specific identity certificate. In such cases RSA APIs
should not get mapped to TPM APIs.
I wanted to know when we use engine instance for encyrption/decryption
operation, can it be done selectively?
Please beware that many TPM chips were recently discovered to contain a
broken
RSA key generation algorithm, so public/private key pairs keys to be
stored in the TPM should probably be generated off-chip (using the OpenSSL
software key generator) and imported into the chip, contrary to what would
have been best security practice without this firmware bug.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
