Hi, I have a school project to make use of a TPM to store the server's RSA private key for use with openssl. Specifically, that private key would be sealed to certain PCR values that are also encoded in the X509 certificate so that, when clients make a TLS connection to the server, clients trusting that particular X509 certificate know that a connection can only be established if the server's state corresponds to the what is on the certificate.
When a server needs to decrypt the client challenge in order to prepare the server-verify message, instead of loading its private key from disk and performing an RSA decryption, in this project the server would use the trousers library to pass the material to be decrypted to the TPM and get the results. Everything before and after this step should stay the same. I think the relevant code is in ssl3_get_client_key_exchange, because it calls RSA_private_decrypt. My question is - should I be writing a patch for the default engine to allow this option to keep the private key in the TPM? or should I be writing a new engine that is essentially a copy of the default engine except for this one change? What makes more sense if I'm going to contribute the code after my project is done? A related consideration is that the configuration would need to accommodate this option, either by allowing another format for the private key file option or by creating a new custom option. All opinions welcome... Thanks, Jonathan ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
