Michael Richardson wrote: > > Jakob Bohm <jb-openssl@xxxxxxxxxx> wrote: > >> I wanted to know when we use engine instance for encyrption/decryption > >> operation, can it be done selectively? > > > Please beware that many TPM chips were recently discovered to contain a > > broken RSA key generation algorithm, so public/private key pairs keys > > to be stored in the TPM should probably be generated off-chip (using > > the OpenSSL software key generator) and imported into the chip, > > contrary to what would have been best security practice without this > > firmware bug. > > wow, further evidence that everything needs an upgrade path. From the viewpoint of hardware vendors the upgrade path is selling new hardware. It's simply like that. Not very sustainable... Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
