|
Hello I need to create a key pair using a TPM (proprietary) and build a CSR and sign it using it the TPM as well. Currently I dont have an engine interface to talk to the TPM. I do the following: 1. generate key pair in the TPM. private key is kept private in the TPM and public key can be obtained out of the TPM 2. use the public key to generate a CSR (X509_REQ_init(), etc) 3. Get the hash of the CSR (X509_REQ_digest()) 4. Pass the digest to the TPM and get back signature 5. Add signature to the CSR - I dont see any way to do this. Is there an openssl API to perform this step? I dont think I can use X509_REQ_sign() since that will use the private key provided or if I have an engine interface then it will call the engine to do the signing. Is there a way to call sign() and make it call my function that can do the step 4 above? Thanks! -kaarthik- |
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
