[David Woodhouse told me that openssl-dev is a closed list, so the original messages got trashed. This is a resend with apologies to David and Peter]
One of the principle problems of using TPM based keys is that there's no easy way of integrating them with standard file based keys. This proposal adds a generic method for handling file based engine keys that can be loaded as PEM files. Integration into the PEM loader requires a BIO based engine API callback which the first patch adds. The second patch checks to see if the key can be loaded by any of the present engines. Note that this requires that any engine which is to be used must be present and initialised via openssl.cnf. I'll also post to this list the patch to openssl_tpm_engine that makes use if this infrastructure so the integration of the whole can be seen. It should also be noted that gnutls has had this functionality since 2012. The patch was done against 1.0.2h for easier testing and you can try it and the openssl_tpm_engine out (if you run openSUSE) here: https://build.opensuse.org/project/show/home:jejb1:Tumbleweed James --- James Bottomley (2): engine: add new flag based method for loading engine keys pem: load engine keys crypto/engine/eng_int.h | 1 + crypto/engine/eng_pkey.c | 38 ++++++++++++++++++++++++++++++++++++++ crypto/engine/engine.h | 26 ++++++++++++++++++++++++++ crypto/pem/pem_pkey.c | 5 +++++ 4 files changed, 70 insertions(+) -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
