Re: OpenSSL engine and TPM usage.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Jakob Bohm <jb-openssl@xxxxxxxxxx> wrote:
    >> I wanted to know when we use engine instance for encyrption/decryption
    >> operation, can it be done selectively?

    > Please beware that many TPM chips were recently discovered to contain a
    > broken RSA key generation algorithm, so public/private key pairs keys
    > to be stored in the TPM should probably be generated off-chip (using
    > the OpenSSL software key generator) and imported into the chip,
    > contrary to what would have been best security practice without this
    > firmware bug.

wow, further evidence that everything needs an upgrade path.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr@xxxxxxxxxxxx  http://www.sandelman.ca/        |   ruby on rails    [

Attachment: signature.asc
Description: PGP signature

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux