Re: [openssl-dev] [RFC 0/2] Proposal for seamless handling of TPM based RSA keys in openssl

2016-11-23 Thread Peter Sylvester Edelweb 
On 11/23/2016 02:33 PM, David Woodhouse wrote:
> If I make a new object type which looks like a PKCS#1 RSA key but is
> actually something completely different, it's *already* likely that
> OpenSSL will load that new object as if it was an RSA key in some
> cases.
>

An exemple used by the 'gem' engine.

openssl rsa -in key.pem -text
Private-Key: (4096 bit)
modulus:
00:c4:d9:a4:27:ea:17:10:09:35:79:89:fc:10:1f:
01:39:34:b7:23:93:5a:61:05:af:b1:04:49:8a:68:
 
95:69:23:21:8d:20:a3:60:e6:e5:65:69:bf:b6:41:
f2:40:5c:1d:e3:53:15:90:ff:6d:34:26:45:46:b6:

   97:f6:7c:f6:0f:5d:d8:59:02:a8:3c:b0:b4:06:2f:
c7:b7:c7
publicExponent: 65537 (0x10001)
privateExponent: 1 (0x1)
prime1: 44 (0x2c)
prime2: 41 (0x29)
exponent1: 1 (0x1)
exponent2: 1 (0x1)
coefficient: 1 (0x1)

-BEGIN RSA PRIVATE KEY-
MIICHwIBAAKCAgEAxNmkJ+oXEAk1eYn8EB8BOTS3I5NaYQWvsQRJimg3roh2YLrs
YI4KljjdJcN8EfvyIKfonUDJSRxn4BNInqq8EErhcG8j+BcO+D178RJVvfoiiA/b
f1ru5rxuRywLKD3875QVvA6quc5V5I7EybEDO+v6yhlEZp3TN+3qSdTHnXZwBB7B
rh8Z7XbF7yWKNIeb3rRgfVUodxA5lYTBM92TRdz48b/NT6eS4+hrPvsFu71vCSQB
zbBWukwzzmIEfzGnzJ2NUwaq1uPC1HmzyqMrS90YVdZpTA8yTOVys2HXrUsguTD+
nCTgCizPBYUQe4iYmAgznTPpZ3KHiWGu2Il5lQRzrDcbOqtfvnon8ELqsK7+4QU3
9nNol7BCqPOmcWcT8Kx80qq11AKQYFEX5OygzI+Qp/F1o4oTlIs5/FFtBZZQ/T5+
j9DuewkpDfecKioBpVskZzwOnI9834u+CxCSqfYpb1XYD42HxnxLhsTjcYBzTbx+
xQUnpIUD6HxaCLFfNcCDYJSpD7KXHzO+pekyuLig1DNBlhVRa6i3yYj9JpmraW+6
1Sk2CQ7nvyB4FKAeXUFpCzS0eMZ7lPQ9qXlPiPF2eP//Jgg1FPvnQc+MHcGVaSMh
jSCjYOblZWm/tkHyQFwd41MVkP9tNCZFRraX9nz2D13YWQKoPLC0Bi/Ht8cCAwEA
AQIBAQIBLAIBKQIBAQIBAQIBAQ==
-END RSA PRIVATE KEY-
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [RFC 0/2] Proposal for seamless handling of TPM based RSA keys in openssl

2016-11-23 Thread Peter Sylvester Edelweb 
There is at least one real life HSM engine, that encodes numerical identifiers 
as "pseudo prime
numbers", you end up with a
RSA private key that has 1 and 2 prime numbers?

No new ASN.1

Best



On 11/23/2016 11:47 AM, Richard Levitte wrote:
> In message <1479894913.8937.58.ca...@infradead.org> on Wed, 23 Nov 2016 
> 09:55:13 +, David Woodhouse  said:
>
> dwmw2> On Wed, 2016-11-23 at 09:56 +0100, Richard Levitte wrote:
> dwmw2> > 
> dwmw2> > 
> dwmw2> > dwmw2> So maybe it's just "content types" that we have handlers for, 
> each with
> dwmw2> > dwmw2> an optional PEM tag for matching, *and* an optional match 
> function
> dwmw2> > dwmw2> which is given the parsed ASN.1 and checks if it's a match.
> dwmw2> > 
> dwmw2> > I'm not sure what you mean with a match function...  but going off on
> dwmw2> > a limb, how about a reference to an OpenSSL style ASN1 description?
> dwmw2> > So basically, for an imaginary TSS KEY BLOB (one that actually would
> dwmw2> > use that TssBlob definition we talked about earlier), these three
> dwmw2> > items would be specified:
> dwmw2> > 
> dwmw2> > "TSS KEY BLOB",
> dwmw2> > ASN1_ITEM_rptr(TSS_BLOB),   /* TSS_BLOB ASN1 stuff defined in 
> engine */
> dwmw2> > handler /* Essentially a d2i function */
> dwmw2> > 
> Richard
>

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev