On Tue, Jul 24, 2018 at 4:18 AM, Kaarthik Sivakumar <kaarthik.sk@xxxxxxxxx> wrote: > Hello > > I need to create a key pair using a TPM (proprietary) and build a CSR and What TPM Version? If it's TPM 2.0, a new Engine project has emerged here: https://github.com/tpm2-software/tpm2-tss-engine This might be able to handle to just calling the create CSR routine. I know back-in- the-day the OpenSC engine with a PIV card could do it. You can try to get ahold of the maintainer of that project (Andraes) through a direct email or the project mailing list: - https://lists.01.org/mailman/listinfo/tpm2 > sign it using it the TPM as well. Currently I dont have an engine interface > to talk to the TPM. I do the following: > > 1. generate key pair in the TPM. private key is kept private in the TPM and > public key can be obtained out of the TPM > > 2. use the public key to generate a CSR (X509_REQ_init(), etc) > > 3. Get the hash of the CSR (X509_REQ_digest()) > > 4. Pass the digest to the TPM and get back signature > > 5. Add signature to the CSR - I dont see any way to do this. Is there an > openssl API to perform this step? I dont think I can use X509_REQ_sign() > since that will use the private key provided or if I have an engine > interface then it will call the engine to do the signing. Is there a way to > call sign() and make it call my function that can do the step 4 above? > > Thanks! > > > -kaarthik- > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
