On Tue, 2016-11-22 at 12:54 +0000, Salz, Rich wrote: > > would much rather have seen a patch where OpenSSL's PEM module is > > tought to recognise 'BEGIN TSS KEY BLOB', pull out the blob from it, > > securing > > Yes, that would be much more consistent with the existing OpenSSL > code which -- like it or not -- works that way.
Yeah. Although I'd note that the OpenSSL code only works that way for PEM files. I really want to make it work the same way for DER files too. There's an *attempt* in d2i_AutoPrivateKey() but that doesn't handle encrypted PKCS#8 IIRC. Or PKCS#12. And the app still shouldn't have to call different functions for PEM vs. DER files anyway. > > My vote goes to a URI based spec rather than bastardising PEM files. > > Sure, if you can figure out which URI scheme to use; there are many > of them. :) For TPM I am not aware of any scheme other than the one set out in https://tools.ietf.org/html/draft-mavrogiannopoulos-tpmuri-01 -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev